2026-04-21
2026-04-21 23:16Z
HIGH

CVE-2026-41056 — Wwbn Avideo: In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in `objects/functions.php` reflects any arbitrary `Origin`

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41056

WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in `objects/functions.php` reflects any arbitrary `Origin` header back in `Access-Control-Allow-Origin` along with `Access-Control-Allow-Credentials: true`. This function is called by both `plugin/API/get.json.php` and `plugin/API/set.json.php` — the primary API endpoints that handle user data retrieval, authentication, livestream credentials, and state-changin CVSSv3.1 8.1 (HIGH)

CWECWE 942VNDWwbnTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-21
2026-04-21 23:16Z
HIGH

CVE-2026-41055 — Wwbn Avideo: In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41055

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal endpoints. Commit 8d8fc0cadb425835b4861036d589abcea4d78ee8 contains an updated fix. CVSSv3.1 8.6 (HIGH)

CWECWE 918VNDWwbnTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-04-21
2026-04-21 22:39Z
HIGH

Hooking Windows Named Pipes

Synacktiv·synacktiv.com

Synacktiv published a detailed technical writeup on hooking Windows Named Pipes for interception and manipulation of inter-process communication (IPC) between privileged and unprivileged processes. The research covers attack vectors including permissive ACLs, race conditions on pipe creation, and introduces 'Thats No Pipe'—a Frida-based injection tool that hooks syscalls (NtReadFile, NtWriteFile, NtWaitForSingleObject, NtRemoveIoCompletion) to intercept, modify, and inject named pipe traffic across synchronous IO, asynchronous IO, completion ports, and completion routine scenarios.

SRFOsTACTA0007TACTA0009TYPResearchTYPTechniqueTYPToolSTGDiscoverySTGLat Movement
78
Edit Score
2026-04-21
2026-04-21 22:39Z
INFO

Kubernetes forensics 1/3: what the container ?

Synacktiv·synacktiv.com

Synacktiv publishes the first article in a three-part Kubernetes forensics series, focusing on container fundamentals. The article covers container architecture, OCI specifications, Docker vs. Podman implementations, OverlayFS storage mechanics, and practical artifact acquisition locations for forensic investigation of containerized environments.

SRFOsTACTA0007TYPResearchTYPWriteupSTGDiscoverySTGCollection
62
Edit Score
2026-04-21
2026-04-21 22:39Z
HIGH

Exploring cross-domain & cross-forest RBCD

Synacktiv·synacktiv.com

Synacktiv published detailed research on Resource-Based Constrained Delegation (RBCD) attacks across Active Directory domains and forests, including the Kerberos workflow mechanics and practical Impacket implementation. The authors documented cross-domain RBCD as fully functional and provided a modified getST.py script to perform S4U2Self and S4U2Proxy operations from Linux; cross-forest RBCD was found to be restricted by Microsoft policy to specific trust configurations and remains partially unexploited in current tooling.

SRFOsTACTA0004SRFIdentityTACTA0008TYPResearchTYPTechniqueTYPWriteupSTGCred Access
78
Edit Score
2026-04-21
2026-04-21 22:39Z
HIGH

mitmproxy for fun and profit: Interception and Analysis of Application Traffic

Synacktiv·synacktiv.com

Synacktiv published a comprehensive technical guide on using mitmproxy for intercepting and modifying application traffic across Linux, Android, and iOS platforms. The article covers explicit and transparent proxy modes, certificate installation techniques, and includes practical proof-of-concept demonstrations including Git repository hijacking via HTTP interception and gRPC payload manipulation on Android to spoof geolocation data.

SRFApplicationSRFOsSRFMobileTACTA0001SRFNetworkTACTA0043TYPTechniqueTYPTool
72
Edit Score
2026-04-21
2026-04-21 22:39Z
HIGH

Beyond ACLs: Mapping Windows Privilege Escalation Paths with BloodHound

Synacktiv·synacktiv.com

Synacktiv published a comprehensive technical guide on enumerating and exploiting Windows privileges and logon rights using BloodHound, SharpHound, and SharpHoundCommon. The research details how to map privilege escalation paths across Active Directory domains by parsing GPOs and querying LSA remotely, with practical examples of abusing SeBackupPrivilege, SeDebugPrivilege, and SeImpersonatePrivilege for privilege escalation.

SRFOsTACTA0004TACTA0007VNDMicrosoftVNDBloodhoundTYPResearchTYPToolTYPWriteup
78
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-21
2026-04-21 22:39Z
CRIT

On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025

Synacktiv·synacktiv.comCVE-2025-41238

Synacktiv researchers disclosed a complete VM escape exploit chain against VMware Workstation demonstrated at Pwn2Own Berlin 2025, leveraging a heap-overflow vulnerability (CVE-2025-41238) in the PVSCSI controller. The exploit defeats Windows 11 LFH mitigations through LFH state manipulation, heap shaping with shader and URB objects, and a novel side-channel technique to break LFH randomization, achieving arbitrary read/write and code execution with first-attempt reliability.

SRFApplicationTACTA0004TACTA0002VNDVmwareTYPResearchTYPWriteupTYPExploitSTGPrivesc
95
Edit Score
2026-04-21
2026-04-21 22:39Z
HIGH

Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025

Synacktiv·synacktiv.com

Synacktiv's comprehensive Wi-Fi penetration testing guide covers attack vectors from open networks through WEP and WPA2 PSK, detailing real-world exploitation techniques including LLMNR/mDNS poisoning, deauthentication attacks, evil-twin MitM, and cryptographic weaknesses. The article demonstrates practical attacks against legacy and modern Wi-Fi protocols, with case studies from actual penetration tests showing how credential harvesting and network compromise remain viable despite protocol maturity.

TACTA0001SRFNetworkTACTA0006TYPResearchTYPWriteupSTGDiscoverySTGInitial AccessSTGCred Access
68
Edit Score
2026-04-21
2026-04-21 22:39Z
CRIT

Livewire: remote command execution through unmarshaling

Synacktiv·synacktiv.com

Synacktiv disclosed a critical pre-authenticated remote code execution vulnerability in Livewire, a popular Laravel full-stack framework used in 130K+ public instances. The vulnerability exploits Livewire's hydration mechanism through malicious synthesizers injected via the updates field, bypassing checksum validation through PHP's loose typing and recursive array handling. Attackers can instantiate arbitrary objects and chain gadgets (GuzzleHttp\Psr7\FnStream, League\Flysystem utilities) to achieve stealthy command execution without knowledge of the application's APP_KEY.

SRFApplicationTACTA0002SRFWebTACTA0003VNDLaravelVNDLivewireTYPResearchTYPWriteup
92
Edit Score
2026-04-21
2026-04-21 22:16Z
HIGH

CVE-2026-6832 — Get-hermes Hermes_web_ui: Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6832

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the session_id parameter. Attackers can exploit unvalidated session identifiers to construct paths that bypass the SESSION_DIR boundary and delete writable JSON files on the host system. CVSSv3.1 8.1 (HIGH) · EPSS 31th percentile

CWECWE 22VNDGet HermesVNDHermesTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-21
2026-04-21 22:16Z
CRIT

CVE-2026-40933 — Flowiseai Flowise: Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40933

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerability lies in a bug in the input sanitization from the “Custom MCP” configuration in http://localhost:3000/canvas - where any user can add a new MCP, when doing so - adding a new MCP usin CVSSv3.1 9.9 (CRITICAL)

CWECWE 78VNDFlowiseaiVNDFlowiseTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-04-21
2026-04-21 22:16Z
HIGH

CVE-2026-40931 — Node-modules Compressing: Physical" divergence, an attacker can bypass the security check using a Directory Poisoning technique

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40931

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but fails to account for the actual filesystem state. By exploiting this "Logical vs. Physical" divergence, an attacker can bypass the security check using a Directory Poisoning technique CVSSv3.1 8.4 (HIGH)

CWECWE 59VNDNode ModulesVNDCompressingTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-21
2026-04-21 21:16Z
HIGH

CVE-2026-6823 — Hkuds Openharness: Attackers who can reach the configured channel can bypass access controls and reach host-backed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6823

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow_from = ["*"] permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach host-backed agent runtimes, potentially leading to unauthorized file disclosure and read access through default-enabled read-only tools. CVSSv3.1 8.2 (HIGH) · EPSS 26th percentile

CWECWE 276VNDHkudsTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-21
2026-04-21 21:16Z
HIGH

CVE-2026-40925 — Wwbn Avideo: In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40925

WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from `$_POST` but protects the endpoint only with `User::isAdmin()`. It does not call `forbidIfIsUntrustedRequest()`, does not verify a `globalToken`, and does not validate the Origin/Referer header. Because AVideo intentionally sets `session.cookie_samesite=None` to support cross-origin ifra CVSSv3.1 8.3 (HIGH) · EPSS 4th percentile

CWECWE 352VNDWwbnTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-40911 — Wwbn Avideo: In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40911

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the `msg` or `callback` fields. On the client side, `plugin/YPTSocket/script.js` contains two `eval()` sinks fed directly by those relayed fields (`json.msg.autoEvalCodeOnHTML` at line 568 and `json.callback` at line 95). Because tokens are minted for anonymous visitors and n CVSSv3.1 10.0 (CRITICAL) · EPSS 37th percentile

CWECWE 94VNDWwbnTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-40906 — Electric Sync-service: From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40906

Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted ORDER BY expressions. This vulnerability is fixed in 1.5.0. CVSSv3.1 9.9 (CRITICAL) · EPSS 10th percentile

CWECWE 89VNDElectricTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-40892 — Pjsip Pjsip: In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40892

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length. CVSSv3.1 9.8 (CRITICAL)

CWECWE 121VNDPjsipTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-21
2026-04-21 21:16Z
HIGH

CVE-2026-34309 — Oracle Peoplesoft_enterprise_peopletools: Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34309

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessib CVSSv3.1 8.1 (HIGH)

CWECWE 284VNDOracleVNDVulnerabilityTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-21
2026-04-21 21:16Z
HIGH

CVE-2026-34291 — Oracle Http_server: Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34291

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthor CVSSv3.1 8.7 (HIGH)

CWECWE 284VNDOracleVNDVulnerabilityTYPVulnerability
8.7
CVSS v3.1
94
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-34287 — Oracle Identity_manager_connector: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34287

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector CVSSv3.1 9.1 (CRITICAL)

CWECWE 284VNDOracleVNDVulnerabilityTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-34286 — Oracle Identity_manager_connector: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34286

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector CVSSv3.1 9.1 (CRITICAL)

CWECWE 306VNDOracleVNDVulnerabilityTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-34285 — Oracle Identity_manager_connector: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34285

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector CVSSv3.1 9.1 (CRITICAL)

CWECWE 306VNDOracleVNDVulnerabilityTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-34279 — Oracle Enterprise_manager_base_platform: Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34279

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Su CVSSv3.1 9.1 (CRITICAL) · EPSS 12th percentile

CWECWE 306VNDOracleVNDVulnerabilityTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-21
2026-04-21 21:16Z
CRIT

CVE-2026-34275 — Oracle Advanced_inbound_telephony: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34275

Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Inbound Telephony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integ CVSSv3.1 9.8 (CRITICAL) · EPSS 13th percentile

CWECWE 306VNDOracleVNDVulnerabilityTYPVulnerability
9.8
CVSS v3.1
99
Edit Score