2026-04-09
2026-04-09 17:16Z
CRIT

CVE-2026-39958 — oma is a package manager for AOSC OS.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39958

oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) from remote repository servers, registering them as APT source entries. However, the name field in said metadata were not checked for transliteration. In this case, a malicious party may supply a malformed Topic Manifest, which may cause malicious APT source entries to be added to CVSSv3.1 9.1 (CRITICAL)

CWECWE 93TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 17:16Z
HIGH

CVE-2026-39942 — Monospace Directus: Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39942

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content while manipulating metadata fields such as uploaded_by to obscure the tampering. This vulnerability is fixed in 11.17.0. CVSSv3.1 8.5 (HIGH)

CWECWE 639CWECWE 284VNDMonospaceVNDDirectusTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-04-09
2026-04-09 17:16Z
CRIT

CVE-2026-30479 — Dynamic: A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30479

A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable. CVSSv3.1 9.1 (CRITICAL)

CWECWE 94VNDDynamicTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 16:16Z
HIGH

CVE-2026-35204 — Helm Helm: From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35204

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not include a version: field containing POSIX dot-dot path separators ie. "/../". This vulnerability is fixed in 4.1.4. CVSSv3.1 8.6 (HIGH)

CWECWE 22VNDHelmTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-04-09
2026-04-09 16:16Z
HIGH

CVE-2025-70364 — Kiamo: An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70364

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDKiamoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 16:05Z
INFO

v2.12.0

AzureHound releases·github.com

AzureHound v2.12.0 released with bug fixes and feature enhancements. Changes include removal of race conditions in unit tests, correction of role filtering logic for User Access Admins, addition of AZContributor role assignment collection across management groups/resource groups/subscriptions, and strengthened unit test verification.

TACTA0007SRFIdentitySRFCloudVNDSpecteropsVNDMicrosoft AzureTYPToolSTGDiscoverySTGRecon
42
Edit Score
2026-04-09
2026-04-09 16:00Z
HIGH

Mythos, Machine-Speed Exploitation, and the Growing Importance of Identity Attack Paths

SpecterOps·specterops.io

SpecterOps analysis of Anthropic's Mythos AI model and its implications for enterprise security. The article argues that AI-accelerated vulnerability discovery and exploitation will compress the time between initial access and operational compromise, making identity attack path management critical for defenders. The core thesis: footholds become cheaper to produce, but their consequence depends on the reachability of high-value identities and delegated permissions within the target environment.

TACTA0004TACTA0001SRFIdentityTACTA0003SRFCloudTACTA0008VNDAnthropicTYPResearch
78
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-09
2026-04-09 15:16Z
CRIT

CVE-2026-5445 — Orthanc-server Orthanc: An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5445

An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel indices against the lookup table size. Crafted images containing indices larger than the palette size cause the decoder to read beyond allocated lookup table memory and expose heap contents in the output image. CVSSv3.1 9.1 (CRITICAL)

CWECWE 125VNDOrthanc ServerTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 15:16Z
CRIT

CVE-2026-5443 — Orthanc-server Orthanc: A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5443

A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation uses 32-bit multiplication for width and height calculations. If these values overflow, the validation check incorrectly succeeds, allowing the decoder to read and write to memory beyond allocated buffers. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDOrthanc ServerTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 15:16Z
CRIT

CVE-2026-5442 — Orthanc-server Orthanc: A heap buffer overflow vulnerability exists in the DICOM image decoder.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5442

A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation (VR) Unsigned Long (UL), instead of the expected VR Unsigned Short (US), which allows extremely large dimensions to be processed. This causes an integer overflow during frame size calculation and results in out-of-bounds memory access during image decoding. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDOrthanc ServerTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 15:16Z
HIGH

CVE-2026-34578 — Opnsense Opnsense: When the LDAP server configuration includes an Extended Query to restrict login to members

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34578

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap_escape(). An unauthenticated attacker can inject LDAP filter metacharacters into the username field of the WebGUI login page to enumerate valid LDAP usernames in the configured directory. When the LDAP server configuration includes an Extended Query to restrict login to members o CVSSv3.1 8.2 (HIGH)

CWECWE 90VNDOpnsenseTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-09
2026-04-09 15:16Z
HIGH

CVE-2025-70810 — Site: Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70810

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 15:16Z
CRIT

CVE-2025-62718 — Axios Axios: This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or intern CVSSv3.1 9.9 (CRITICAL)

CWECWE 918CWECWE 441VNDAxiosTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-04-09
2026-04-09 15:16Z
CRIT

CVE-2025-50228 — Jizhicms Jizhicms: v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-50228

Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules. CVSSv3.1 9.1 (CRITICAL)

CWECWE 918VNDJizhicmsTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 11:16Z
CRIT

CVE-2025-57735 — JWT: When user logged out, the JWT token the user had authtenticated with was not

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-57735

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario and possibility of intercepting the tokens, should upgrade to Airflow 3.2+ Users are recommended to upgrade to version 3.2.0, which fixes this issue. CVSSv3.1 9.1 (CRITICAL)

CWECWE 613VNDJwtTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 10:16Z
CRIT

CVE-2026-34179 — Canonical: In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34179

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin. CVSSv3.1 9.1 (CRITICAL)

CWECWE 915VNDCanonicalTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 10:16Z
CRIT

CVE-2026-34178 — Canonical: In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34178

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An authenticated remote attacker with instance-creation permission in a restricted project can craft a backup archive where backup.yaml carries restricted settings such as security.privileged=tru CVSSv3.1 9.1 (CRITICAL)

CWECWE 20VNDCanonicalTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 10:16Z
CRIT

CVE-2026-34177 — Canonical: A remote attacker with can_edit permission on a VM instance in a restricted project

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34177

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM CVSSv3.1 9.1 (CRITICAL)

CWECWE 184VNDCanonicalTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-09
2026-04-09 09:30Z
HIGH

The long road to your crypto: ClipBanker and its marathon infection chain

Kaspersky Securelist·securelist.comin the wild

ClipBanker trojan distributed via trojanized Proxifier installers hosted on GitHub, employing a sophisticated multi-stage infection chain using fileless techniques, process injection, and PowerShell obfuscation to ultimately deliver clipboard-hijacking malware targeting 25+ cryptocurrency wallet types. Over 2,000 Kaspersky users detected since early 2025, primarily in India and Vietnam, with 70% of detections from the free Virus Removal Tool indicating post-infection remediation.

SRFApplicationSRFOsTACTA0005TACTA0001TACTA0007TYPWriteupTYPThreat IntelSTGDefense Evasion
72
Edit Score
2026-04-09
2026-04-09 07:16Z
CRIT

CVE-2026-5854 — Totolink: Performing a manipulation of the argument merge results in os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5854

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 07:16Z
CRIT

CVE-2026-5853 — Such manipulation of the argument addrPrefixLen leads to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5853

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 07:16Z
CRIT

CVE-2026-5852 — This manipulation of the argument igmpVer causes os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5852

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 06:16Z
CRIT

CVE-2026-5851 — The manipulation of the argument enable results in os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5851

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 06:16Z
CRIT

CVE-2026-5850 — Totolink: The manipulation of the argument pptpPassThru leads to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5850

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-09
2026-04-09 05:16Z
CRIT

CVE-2026-1830 — Quick: The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-1830

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code execution on the server. CVSSv3.1 9.8 (CRITICAL) · EPSS 46th percentile

CWECWE 862VNDQuickTYPVulnerability
9.8
CVSS v3.1
99
Edit Score