2026-04-17
2026-04-17 19:16Z
HIGH

CVE-2026-27890 — Firebirdsql Firebird: In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issu CVSSv3.1 8.2 (HIGH) · EPSS 26th percentile

CWECWE 787CWECWE 119VNDFirebirdsqlVNDFirebirdTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-17
2026-04-17 19:05Z
HIGH

Mythos Didn’t Break Cybersecurity. It Exposed What Was Already Broken.

Horizon3.ai·horizon3.ai

Horizon3.ai's analysis of Mythos AI and similar vulnerability-discovery systems argues that the real cybersecurity gap is not vulnerability volume but the industry's inability to prioritize based on actual exploitability and attack-path impact. The piece contends that organizations are already overwhelmed with unremediable backlogs and that AI-accelerated vulnerability discovery merely exposes pre-existing structural failures in how risk is assessed and remediated.

SRFApplicationTACTA0001SRFNetworkTACTA0007TACTA0008TYPResearchTYPThreat IntelSTGDiscovery
72
Edit Score
2026-04-17
2026-04-17 18:16Z
HIGH

CVE-2026-5718 — Drag: The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5718

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.7. This is due to insufficient file type validation that occurs when custom blacklist types are configured, which replaces the default dangerous extension denylist instead of merging with it, and the wpcf7_antiscript_file_name() sanitization function being bypassed for filenames containing non-ASCII characters. This make CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 434VNDDragTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-17
2026-04-17 17:17Z
HIGH

CVE-2026-40516 — Hkuds Openharness: before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40516

OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an agent session to invoke these tools against loopback, RFC1918, link-local, or other non-public addresses to read response bodies from local development services, cloud metadata endp CVSSv3.1 8.3 (HIGH) · EPSS 11th percentile

CWECWE 918VNDHkudsVNDOpenharnessTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-04-17
2026-04-17 17:09Z
INFO

v2.12.1-rc1: fix: BED-4600 - Add Request Timeout (#188)

AzureHound releases·github.com

AzureHound v2.12.1-rc1 release candidate adds request timeout handling to prevent indefinite hangs on failed API calls (BED-4600). This is a routine bug-fix release with no security vulnerabilities disclosed.

SWAzurehoundVNDSpecteropsTYPTool
15
Edit Score
2026-04-17
2026-04-17 11:00Z
HIGH

We beat Google’s zero-knowledge proof of quantum cryptanalysis

Trail of Bits·blog.trailofbits.com

Trail of Bits demonstrated a cryptographic proof forgery attack against Google's zero-knowledge proof of quantum circuit optimization by exploiting memory safety vulnerabilities in the SP1 zkVM prover's Rust implementation. The attack leveraged unsafe deserialization (rkyv access_unchecked) and register aliasing to bypass Toffoli gate counting and implement non-reversible quantum operations, producing a forged proof with 0 Toffoli gates vs. Google's 2.1M while maintaining correctness on elliptic curve point addition.

TACTA0005VNDGoogleVNDSuccinct LabsTYPResearchTYPExploitSTGDefense EvasionTECT1027EXPDeserialization
88
Edit Score
2026-04-17
2026-04-17 09:16Z
CRIT

CVE-2025-15625 — Sparxsystems Pro_cloud_server: Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-15625

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile

CWECWE 89CWECWE 200VNDSparxsystemsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-17
2026-04-17 08:16Z
HIGH

CVE-2026-23853 — Dell Powerprotect_dp_series_appliance: An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23853

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system. CVSSv3.1 8.4 (HIGH) · EPSS 2th percentile

CWECWE 1391VNDDellTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-17
2026-04-17 04:16Z
HIGH

CVE-2026-3605 — Hashicorp Vault: An authenticated user with access to a kvv2 path through a policy containing a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3605

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret data. Fxed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16. CVSSv3.1 8.1 (HIGH) · EPSS 2th percentile

CWECWE 288VNDHashicorpTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-17
2026-04-17 00:00Z
CRIT

Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday

Microsoft released 163 patches across 17 product families in April 2026 Patch Tuesday, addressing 8 Critical-severity vulnerabilities and 154 Important-severity issues. Two vulnerabilities are actively exploited in the wild: CVE-2026-32201 (SharePoint spoofing) and CVE-2026-33825 (Defender EoP). The patch load includes 20 RCEs and 94 elevation-of-privilege vulnerabilities, with IKE (CVE-2026-33824, CVSS 9.8) and multiple Office RCEs requiring immediate attention.

SRFApplicationSRFOsTACTA0004TACTA0002TACTA0003VNDMicrosoftVNDGoogleVNDAdobe
9.8
CVSS v3.1
68
Edit Score
2026-04-16
2026-04-16 23:44Z
INFO

v9.0.2-rc1

BloodHound releases·github.com

BloodHound v9.0.2-rc1 release candidate published with bug fixes for cipher support (BED-8029) and Azure post-processing failures with PostgreSQL (BED-8031). This is a pre-release version containing 4 commits since v9.0.1.

VNDBloodhoundVNDSpecter OpsTYPTool
25
Edit Score
2026-04-16
2026-04-16 23:19Z
MED

WerReportCreate API

Hexacorn·hexacorn.com

Hexacorn documents the WerReportCreate API, a Windows error reporting mechanism used across native OS binaries and libraries. The research catalogs how various system components invoke this API with unique event names for diagnostic purposes, revealing the breadth of Windows error reporting infrastructure.

SRFOsTACTA0007VNDMicrosoftTYPResearchTECT1014
62
Edit Score
2026-04-16
2026-04-16 22:16Z
HIGH

CVE-2026-41113 — sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-41113

sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. CVSSv3.1 8.1 (HIGH) · EPSS 26th percentile

CWECWE 78TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-16
2026-04-16 19:44Z
CRIT

CVE-2026-33032: Nginx UI Missing MCP Authentication

Rapid7 Research·rapid7.comCVE-2026-33032CVE-2026-27944in the wild

CVE-2026-33032 is a critical missing authentication vulnerability (CVSS 9.8) in Nginx UI that allows unauthenticated attackers to access a Model Context Protocol (MCP) server capable of performing privileged operations on managed Nginx instances. The vulnerability is being actively exploited in the wild as part of a two-stage attack chain with CVE-2026-27944 (information leak), affecting versions 2.3.5 and below. Patched in version 2.3.6.

SRFApplicationTACTA0001TACTA0007SRFWebVNDNginxTYPVulnerabilityTYPAdvisorySTGDiscovery
82
Edit Score
2026-04-16
2026-04-16 18:16Z
CRIT

CVE-2026-27820 — Ruby-lang Zlib: Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capaci CVSSv3.1 9.8 (CRITICAL) · EPSS 2th percentile

CWECWE 120CWECWE 131VNDRuby LangTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-16
2026-04-16 16:16Z
CRIT

CVE-2026-5426 — Hard: Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks CVSSv3.1 9.1 (CRITICAL) · EPSS 20th percentile

CWECWE 502CWECWE 321VNDHardTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-16
2026-04-16 16:00Z
HIGH

Into The Rainbow: Google’s NTLMv1 Rainbow Tables Explained in a Bit Too Much Detail

SpecterOps·specterops.io

SpecterOps published an in-depth technical breakdown of Google's NTLMv1 rainbow tables (8.8 TB across 4,096 tables covering ~2^59 DES keys) and the three-phase recovery process (precompute, lookup, check) to extract NT hashes from NTLMv1 authentication responses. The work operationalizes the attack against legacy NTLM, particularly targeting systems with Credential Guard enabled via tools like DumpGuard, and includes open-sourced tooling and performance benchmarks (~1 hour per ciphertext on consumer hardware).

SRFOsTACTA0006VNDMicrosoftVNDGoogleTYPResearchTYPToolTYPWriteupSTGCred Access
82
Edit Score
2026-04-16
2026-04-16 14:22Z
HIGH

GodPotatoBOF — Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original

GitHub · LPE exploits·github.comGITHUB POC

GodPotatoBOF is a Cobalt Strike Beacon Object File that ports the GodPotato privilege escalation exploit to CS, enabling attackers to abuse the SeImpersonate privilege to steal SYSTEM tokens and either spawn privileged processes or apply tokens to the current beacon. The tool supports multiple execution modes including direct command execution and token impersonation.

SRFOsTACTA0004VNDCobalt StrikeTYPToolTYPExploitSTGPrivescTECT1134TECT1548
72
Edit Score
2026-04-16
2026-04-16 14:16Z
CRIT

CVE-2026-6270 — Fastify Fastify\/middie: This allows unauthenticated requests to reach routes defined in child plugin scopes, bypassing authentication

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6270

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the parent middleware. This allows unauthenticated requests to reach routes defined in child plugin scopes, bypassing authentication and authorization checks. Upgrade to @fastify/middie 9. CVSSv3.1 9.1 (CRITICAL) · EPSS 18th percentile

CWECWE 436VNDFastifyTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-16
2026-04-16 13:28Z
INFO

v3.4.0.57

Mythic releases·github.com

Mythic v3.4.0.57 released with a Dockerfile tag bump to match the release version. No detailed changelog or feature/fix information is provided in the GitHub release page.

VNDMythicTYPTool
15
Edit Score
2026-04-16
2026-04-16 13:16Z
CRIT

CVE-2026-31843 — Laravel: The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31843

The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any() without authentication middleware, enabling remote access without credentials. User-controlled input is directly written into executable PHP files using file_put_contents(). These files are later executed via require() during n CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile

CWECWE 284VNDLaravelTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-16
2026-04-16 13:00Z
HIGH

Taking Maestro in Stride: AI Threat Modeling Frameworks

Bishop Fox Labs·bishopfox.com

Bishop Fox publishes a threat modeling framework comparison for agentic AI systems, introducing MAESTRO (Multi-Agent Environment, Security, Threat, Risk and Outcome) as a complement to traditional STRIDE modeling. The article demonstrates how AI agents break classical threat modeling assumptions by acting simultaneously as processes, data stores, and actors across trust boundaries, requiring layered architectural analysis across seven dimensions: foundation models, data operations, agent frameworks, deployment infrastructure, observability, security/compliance, and ecosystem interactions.

TACTA0001TACTA0003SRFAiTYPResearchTYPTechnique
72
Edit Score
2026-04-16
2026-04-16 13:00Z
HIGH

ClickFix Phishing Campaign Masquerading as a Claude Installer

Rapid7 Research·rapid7.com

Rapid7 observed a ClickFix phishing campaign impersonating a Claude AI installer, delivering a multi-stage payload chain via fake MSIX bundles. The attack chain progresses from mshta execution through obfuscated VBS/PowerShell stages, culminating in AMSI bypass and process injection with encrypted shellcode. Detection relied on RunMRU registry monitoring and behavioral analysis of suspicious Run utility execution.

SRFApplicationSRFOsTACTA0005TACTA0001TACTA0002VNDAnthropicTYPWriteupTYPThreat Intel
62
Edit Score
2026-04-16
2026-04-16 09:44Z
HIGH

From APT28 to RePythonNET: automating .NET malware analysis

Sekoia.io·sekoia.io

Sekoia TDR published RePythonNET-MCP, an open-source tool automating .NET malware analysis via pythonnet and dnlib integration with AI-assisted decompilation. The research demonstrates practical reverse engineering of APT28's obfuscated Covenant C2 implant, including automated string decryption, function renaming, and configuration extraction through an MCP server exposing 30+ analysis tools.

SRFApplicationTACTA0002TACTA0011VNDApt28VNDCovenantTYPResearchTYPToolTYPWriteup
78
Edit Score
2026-04-16
2026-04-16 06:30Z
HIGH

OID-See — OID-See is an identity attack surface mapping tool that models OAuth trust, persistence, and impersonation paths in Entr

GitHub · Azure / Entra tools·github.comGITHUB POC

OID-See is an open-source identity attack surface mapping tool for Microsoft Entra ID that discovers, analyzes, and visualizes risky third-party and multi-tenant applications through OAuth trust relationships, persistence paths, and impersonation vectors. Version 1.1.1 adds Microsoft's official permission tiering data, BloodHound OpenGraph interoperability, and offline-capable first-party app detection; v1.1.0 introduced large-tenant performance optimization (30k+ nodes) and external identity posture scanning.

SRFIdentitySRFCloudTACTA0043VNDMicrosoftTYPResearchTYPToolSTGDiscoverySTGRecon
78
Edit Score