2026-04-13
2026-04-13 19:00Z
INFO

BloodHound 9.0 — Product Updates

SpecterOps·specterops.io

SpecterOps released BloodHound 9.0, expanding attack path analysis beyond Active Directory to SaaS platforms including Okta, Jamf, and GitHub via OpenGraph extensions. The release introduces OpenHound (a standardized data collection framework), Environment Targeted Access Control (ETAC) for multi-tenant deployments, and improved graph visualization and query capabilities.

SRFApplicationTACTA0007SRFIdentitySRFCloudTACTA0008VNDBloodhoundVNDSpecteropsTYPTool
72
Edit Score
2026-04-13
2026-04-13 18:16Z
HIGH

CVE-2026-6196 — Tenda: Performing a manipulation of the argument cmdinput results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6196

A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDTendaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 18:16Z
CRIT

CVE-2026-6195 — Such manipulation of the argument admpass leads to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6195

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 18:16Z
HIGH

CVE-2026-6194 — This manipulation of the argument wan-url causes stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6194

A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 18:16Z
HIGH

CVE-2026-6100 — Use: Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6100

Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a ` CVSSv3.1 8.1 (HIGH)

CWECWE 416CWECWE 787CWECWE 825TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-13
2026-04-13 18:16Z
HIGH

CVE-2026-32316 — JSON: An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32316

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer allocation size calculation, resulting in a drastically undersized heap buffer. Subsequent memory copy operations then write the full string data into this undersized buffer, cau CVSSv3.1 8.2 (HIGH)

CWECWE 122CWECWE 190TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-13
2026-04-13 18:16Z
HIGH

CVE-2026-28291 — Git: simple-git enables running native Git commands from JavaScript.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28291

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as Git's flexible option parsing allows numerous character combinations (e.g., -vu, -4u, -nu) to circumvent the regular-expression-based blocklist in the unsafe operat CVSSv3.1 8.1 (HIGH)

CWECWE 78VNDGitTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-13
2026-04-13 16:16Z
HIGH

CVE-2026-6186 — The manipulation of the argument NatBind leads to buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6186

A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 120CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 16:16Z
HIGH

CVE-2025-69627 — Gonitro Nitro_pdf_pro: Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69627

Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper functions. Because the freed memory region may contain unpredictable heap data or remnants of attacker-controlled JavaScript strings, downstream routines such as wcscmp() may proces CVSSv3.1 8.4 (HIGH)

CWECWE 416VNDNitroVNDGonitroTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-13
2026-04-13 15:47Z
INFO

v9.0.0

BloodHound releases·github.com

BloodHound v9.0.0 released with incremental feature additions and bug fixes including API key expiration support, OpenGraph extension management improvements, Azure ingestion enhancements, and UI/UX refinements across 40+ contributors.

VNDBloodhoundVNDSpecter OpsTYPTool
35
Edit Score
2026-04-13
2026-04-13 15:17Z
HIGH

CVE-2026-33858 — Dag: Authors, who normally should not be able to execute code in the webserver

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33858

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue. CVSSv3.1 8.8 (HIGH)

CWECWE 502VNDDagTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 15:17Z
CRIT

CVE-2026-31283 — Totara: In Totara LMS v19.1.5 and before, the forgot password API does not implement rate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime configuration is a hard control enforced via flag PWRESET_STATUS_ALREADYSENT, and no further password-reset email messages are sent if this flag is active for a specific email address. CVSSv3.1 9.8 (CRITICAL)

CWECWE 770VNDTotaraTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 15:17Z
CRIT

CVE-2026-31282 — Totara: LMS v19.1.5 and before is vulnerable to Incorrect Access Control.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31282

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDTotaraTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 15:17Z
HIGH

CVE-2026-31281 — Totara: LMS v19.1.5 and before is vulnerable to HTML Injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31281

Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The supplier states that the product name is Totara Learning and that the functionality referenced is the in app messaging client. They note that the in app messaging client only has the abili CVSSv3.1 8.0 (HIGH) · EPSS 13th percentile

CWECWE 79VNDTotaraTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-04-13
2026-04-13 15:17Z
HIGH

CVE-2026-1462 — A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-1462

A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables arbitrary attacker-controlled code execution during model inference under the victim's privileges. The issue arises due to the unconditional loading of external SavedModels, serialization of attacker- CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 14:16Z
CRIT

CVE-2026-31414 — Linux: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31414

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper Use expect->helper in ctnetlink and /proc to dump the helper name. Using nfct_help() without holding a reference to the master conntrack is unsafe. Use exp->master->helper in ctnetlink path if userspace does not provide an explicit helper when creating an expectation to retain the existing behaviour. The ctnetlink expectation path holds the reference on th CVSSv3.1 9.8 (CRITICAL) · EPSS 9th percentile

TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 10:16Z
HIGH

CVE-2026-35337 — Deserialization: of Untrusted Data vulnerability in Apache Storm.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35337

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without any class filtering or validation. An authenticated user with topology submission rights could supply a crafted serialized object in the "TGT" credential field, leading to remote code execution in bot CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 09:00Z
CRIT

JanelaRAT: a financial threat targeting users in Latin America

Kaspersky Securelist·securelist.comin the wild

JanelaRAT is an active banking trojan targeting Latin American financial users, particularly in Brazil and Mexico, with 26,434 detected attacks in 2025. The malware evolved from BX RAT and employs multi-stage infection chains using MSI droppers, DLL sideloading, and custom C2 infrastructure with daily rotation via dynamic DNS. Version 33 introduces live banking session hijacking, credential harvesting overlays mimicking legitimate banking interfaces, keystroke injection, and anti-analysis evasion targeting banking security software.

SRFApplicationTACTA0005TACTA0001TACTA0002TACTA0006TACTA0007SRFWebTACTA0003
78
Edit Score
2026-04-13
2026-04-13 07:16Z
HIGH

CVE-2026-6168 — This manipulation of the argument ssid5g causes stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6168

A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 07:16Z
HIGH

CVE-2026-5936 — This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5936

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints (e.g., cloud metadata services), or bypass network access controls, potentially leading to sensitive information disclosure and further compromise of the internal environment. CVSSv3.1 8.5 (HIGH)

CWECWE 918TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-04-13
2026-04-13 07:16Z
CRIT

CVE-2026-5085 — Mcrawfor Solstice\: Predictable session ids could allow an attacker to gain access to systems.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id. The same method is used in the _generateID method in Solstice::Subsession, which is part of the same distribution. The epoch time may be guessed, if it is not leaked in the HTTP Date header. Stringified hash refences will contain pr CVSSv3.1 9.1 (CRITICAL)

CWECWE 338CWECWE 340VNDSolsticeVNDMcrawforTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-13
2026-04-13 07:16Z
HIGH

CVE-2026-3830 — Product: The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3830

The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks CVSSv3.1 8.6 (HIGH)

CWECWE 89TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-04-13
2026-04-13 05:16Z
HIGH

CVE-2026-25208 — Integer: overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25208

Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. CVSSv3.1 8.1 (HIGH)

CWECWE 190TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-13
2026-04-13 04:16Z
HIGH

CVE-2026-6157 — Totolink: The manipulation of the argument apcliSsid results in buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6157

A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 120CWECWE 119VNDTotolinkTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 04:16Z
CRIT

CVE-2026-6156 — The manipulation of the argument Comment leads to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6156

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score