2026-04-09
2026-04-09 02:42Z
HIGH

sccmhunter — SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active

GitHub · AD attack tooling·github.comGITHUB POC

SCCMHunter is a post-exploitation tool designed to identify, profile, and attack Microsoft System Center Configuration Manager (SCCM) assets within Active Directory domains. The tool consolidates multiple known SCCM attack primitives—including NTLM coercion, client push account abuse, and credential extraction from task sequences—into a unified framework for lateral movement and privilege escalation.

SRFApplicationTACTA0006TACTA0007VNDMicrosoftTYPToolTYPWriteupSTGDiscoverySTGCred Access
78
Edit Score
2026-04-09
2026-04-09 02:16Z
HIGH

CVE-2026-5830 — Tenda: Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5830

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDTendaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 02:16Z
HIGH

CVE-2026-4326 — Vertex: The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4326

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can('install_plugins') capability check does not terminate execution when it fails — it only sets an error message variable while allowing the plugin installation and activation code to execute. The error response is on CVSSv3.1 8.8 (HIGH) · EPSS 12th percentile

CWECWE 862VNDVertexTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 00:16Z
HIGH

CVE-2026-5815 — The manipulation results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5815

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-09
2026-04-09 00:00Z
HIGH

We let OpenClaw loose on an internal network. Here’s what it found

Sophos X-Ops·news.sophos.com

Sophos Red Team conducted a controlled penetration test using OpenClaw, an agentic AI tool, against a legacy on-premises network with strict safety guardrails and custom-built skills. The assessment discovered 23 actionable findings, reduced AD reconnaissance from 3 days to 3 hours, and demonstrated both the efficiency gains and safety challenges of deploying autonomous AI agents in offensive security operations.

SRFApplicationSRFNetworkTACTA0007TACTA0043VNDSophosTYPResearchTYPWriteupSTGDiscovery
78
Edit Score
2026-04-09
2026-04-09 00:00Z
CRIT

Adobe Reader zero-day vulnerability in active exploitation

Sophos X-Ops·news.sophos.comCVE-2026-34621in the wild0day

Adobe Reader zero-day vulnerability exploited in the wild since at least December 2025 allows remote code execution via malicious PDF files containing obfuscated JavaScript that executes privileged Acrobat APIs. Attacks are targeted at Russian oil and gas sector organizations using spear-phishing lures. No CVE identifier or official patch has been released as of the advisory date.

SRFApplicationTACTA0001TACTA0002TACTA0006VNDAdobeTYPVulnerabilityTYPThreat IntelSTGExecution
8.6
CVSS v3.1
92
Edit Score
2026-04-09
2026-04-09 00:00Z
CRIT

U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026

Trend Micro Research·trendmicro.comCVE-2020-12812CVE-2026-20045CVE-2025-12825CVE-2026-20860CVE-2025-38067in the wild0day

Trend Micro's Q1 2026 threat intelligence report documents a critical escalation in attacks against U.S. public sector: Salt Typhoon (PRC-linked) confirmed breaching House Committee staff emails with ongoing access; AI-enabled ransomware campaigns targeting state/federal systems; and multiple critical RCE vulnerabilities (Fortinet, Cisco, VMware) actively exploited with 10,000+ unpatched internet-facing devices. The report highlights configuration failures in state DHS systems, third-party supply chain attacks on law enforcement, and the emergence of agentic AI in attack automation.

SRFApplicationSRFOsTACTA0004TACTA0001SRFNetworkSRFNetwork ApplianceTACTA0006TACTA0007
78
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-08
2026-04-08 23:17Z
HIGH

CVE-2026-5173 — GitLab: has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5173

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control. CVSSv3.1 8.5 (HIGH)

CWECWE 749VNDGitlabTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5915 — Google Chrome: Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5915

Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.1 (HIGH)

CWECWE 20VNDGoogleTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5914 — Google Chrome: Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5914

Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)

CWECWE 843VNDGoogleVNDTypeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5913 — Google Chrome: Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5913

Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.1 (HIGH)

CWECWE 125VNDGoogleTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5912 — Google Chrome: Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5912

Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)

CWECWE 472VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5910 — Google Chrome: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5910

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)

CWECWE 472VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5909 — Google Chrome: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5909

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)

CWECWE 472VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5908 — Google Chrome: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5908

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)

CWECWE 472VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5907 — Google Chrome: Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5907

Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low) CVSSv3.1 8.1 (HIGH)

CWECWE 125VNDGoogleVNDMediaTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5904 — Google Chrome: Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5904

Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low) CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
CRIT

CVE-2026-5902 — Google Chrome: Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5902

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low) CVSSv3.1 9.8 (CRITICAL)

CWECWE 362VNDGoogleVNDRaceTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5884 — Google Chrome: Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5884

Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)

CWECWE 20VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5883 — Google Chrome: Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5883

Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH) · EPSS 32th percentile

CWECWE 416VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5879 — Google Chrome: Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5879

Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)

CWECWE 20VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5877 — Google Chrome: Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5877

Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
CRIT

CVE-2026-5874 — Google Chrome: Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5874

Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) CVSSv3.1 9.6 (CRITICAL)

CWECWE 416VNDGoogleTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5873 — Google Chrome: Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5873

Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)

CWECWE 125CWECWE 787VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 22:16Z
HIGH

CVE-2026-5872 — Google Chrome: Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5872

Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score