2026-04-08
2026-04-08 19:25Z
HIGH

CVE-2026-30815 — Tp-link Archer_ax53_firmware: An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30815

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modification of configuration files, disclosure of sensitive information, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213. CVSSv3.1 8.0 (HIGH)

CWECWE 78VNDTp LinkTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-04-08
2026-04-08 19:25Z
HIGH

CVE-2026-30814 — Tp-link Archer_ax53_firmware: A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30814

A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Bui CVSSv3.1 8.0 (HIGH)

CWECWE 787CWECWE 121VNDTp LinkTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-04-08
2026-04-08 19:25Z
CRIT

CVE-2026-2942 — ProSolution: The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2942

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile

CWECWE 434VNDProsolutionTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-08
2026-04-08 18:50Z
CRIT

CVE-2026-20160 — Cisco: CVE-2026-20160 is a critical unauthenticated remote code execution vulnerability in Cisco Smart

Horizon3.ai·horizon3.aiCVE-2026-20160in the wild

CVE-2026-20160 is a critical unauthenticated remote code execution vulnerability in Cisco Smart Software Manager On-Prem (versions 9-202502 through 9-202510) caused by exposure of an internal API service. Successful exploitation grants root-level command execution on the underlying appliance with no authentication required and no workarounds available. Cisco released patches in version 9-202601 and later; Horizon3.ai released Rapid Response detection coverage on April 8, 2026.

SRFApplicationTACTA0001TACTA0002SRFNetwork ApplianceVNDCiscoTYPVulnerabilityTYPAdvisorySTGPrivesc
88
Edit Score
2026-04-08
2026-04-08 18:26Z
HIGH

CVE-2026-33466 — Limitation: Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33466

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives. An attacker who can serve a specially crafted archive to Logstash through a compromised or attacker-controlled update endpoint can write arbitrary files to the host filesyst CVSSv3.1 8.1 (HIGH)

CWECWE 22TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-08
2026-04-08 18:24Z
CRIT

CVE-2025-52221 — Tenda Ac6_firmware: AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52221

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters. CVSSv3.1 9.8 (CRITICAL)

CWECWE 120CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-08
2026-04-08 17:21Z
CRIT

CVE-2026-31017 — Frappe Erpnext: A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31017

A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application allows the inclusion of HTML elements such as <iframe> that reference external resources. The PDF rendering engine automatically fetches these resources on the server side. An attack CVSSv3.1 9.1 (CRITICAL)

CWECWE 918VNDFrappeTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-08
2026-04-08 17:17Z
CRIT

CVE-2023-46945 — Qd-today Qd: 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-46945

QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request CVSSv3.1 9.1 (CRITICAL)

CWECWE 918VNDQd TodayTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-08
2026-04-08 16:18Z
CRIT

Node.js Trust Falls: Dangerous Module Resolution on Windows

Zero Day Initiative·thezdi.comCVE-2026-0775CVE-2026-0776in the wild0day

ZDI disclosed a systemic vulnerability in Node.js module resolution on Windows where the runtime searches C:\node_modules as a fallback path, allowing any low-privileged user to plant malicious modules that execute with the privileges of applications loading missing or optional dependencies. Two 0-day cases are documented: npm CLI (CVE-2026-0775, patched in v11.2.0) and Discord (CVE-2026-0776, unpatched), with evidence that MongoDB Compass, MongoDB Shell, and other Electron-based applications are similarly affected. Node.js maintainers explicitly reject this as a vulnerability, citing "trust the filesystem" philosophy, while npm and Discord refuse to treat local-access exploits as valid security issues.

SRFApplicationSRFOsTACTA0001TACTA0002VNDDiscordTYPResearchTYPVulnerabilitySTGPrivesc
92
Edit Score
2026-04-08
2026-04-08 16:16Z
CRIT

CVE-2026-33229 — Xwiki Xwiki: Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of the whole instance. Note that script right already cons CVSSv3.1 9.8 (CRITICAL)

CWECWE 862VNDXwikiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-08
2026-04-08 16:16Z
CRIT

CVE-2026-31040 — Statamcp Stata-mcp: A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDStatamcpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-08
2026-04-08 15:24Z
HIGH

Incident Response Remediation: How to Eliminate Attack Paths After a Breach

Horizon3.ai·horizon3.ai

Horizon3.ai publishes a framework for post-incident remediation that distinguishes between incident containment and actual elimination of attack paths. The article argues most organizations fail remediation by treating ticket closure as resolution, overlooking identity risks, and skipping validation testing—allowing attackers to reuse the same compromise vectors. The framework emphasizes four key questions: initial access vector, persistence mechanisms, lateral movement paths, and validation through adversarial testing.

SRFNetworkTACTA0007SRFIdentityTYPResearchTYPAdvisorySTGDiscoverySTGPrivescSTGLat Movement
68
Edit Score
2026-04-08
2026-04-08 15:16Z
HIGH

CVE-2026-39394 — CI4MS: The install routes have CSRF protection explicitly disabled, and the InstallFilter can be bypassed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39394

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings(), which writes it into the .env file via preg_replace(). Because newline characters in the value are not stripped, an attacker can inject arbitrary configuration directives into the .env CVSSv3.1 8.1 (HIGH)

CWECWE 93VNDCi4msTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-08
2026-04-08 15:16Z
HIGH

CVE-2026-39393 — CI4MS: Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39393

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('settings')) combined with .env file existence to block post-installation access to the setup wizard. When the database is temporarily unreachable during a cache miss (TTL expiry or admin-triggered cache clear), the guard fails open, allow CVSSv3.1 8.1 (HIGH)

CWECWE 306VNDCi4msTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-04-08
2026-04-08 13:39Z
CRIT

FortiGate CVE-2025-59718 Exploitation: Incident Response Findings

Rapid7 Research·rapid7.comCVE-2025-59718in the wild

Rapid7's IR team investigated a FortiGate CVE-2025-59718 exploitation incident where attackers bypassed SSO authentication to gain initial access, then established persistence through account creation and configuration modification before pivoting to internal systems. The attackers maintained low-profile activity for two weeks, downloading configurations, enabling SSL VPN, and creating administrative accounts before lateral movement via RDP and PsExec. The investigation demonstrates the importance of edge device visibility and backward-timeline reconstruction to identify the true initial access vector.

TACTA0005TACTA0001SRFNetwork ApplianceTACTA0006TACTA0007TACTA0003TACTA0008VNDFortinet
78
Edit Score
2026-04-08
2026-04-08 12:16Z
HIGH

CVE-2026-5208 — Command: injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-5208

Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names CVSSv3.1 8.2 (HIGH)

CWECWE 78VNDCommandTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-04-08
2026-04-08 12:16Z
HIGH

CVE-2026-3396 — WCAPF: – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3396

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 7.5 (HIGH) · EPSS 95th percentile

CWECWE 89VNDWcapfTYPVulnerability
7.5
CVSS v3.1
93
Edit Score
2026-04-08
2026-04-08 12:16Z
HIGH

CVE-2026-3243 — Advanced: The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3243

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability was partially patched CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile

CWECWE 22VNDAdvancedTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 09:16Z
CRIT

CVE-2026-39640 — Site: Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39640

Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2. CVSSv3.1 9.6 (CRITICAL) · EPSS 5th percentile

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-04-08
2026-04-08 09:16Z
HIGH

CVE-2026-39621 — Site: Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39621

Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= 2.3.2.5. CVSSv3.1 8.8 (HIGH) · EPSS 5th percentile

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-08
2026-04-08 09:16Z
CRIT

CVE-2026-39620 — Site: Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39620

Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5. CVSSv3.1 9.6 (CRITICAL) · EPSS 5th percentile

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-04-08
2026-04-08 09:16Z
CRIT

CVE-2026-39619 — Site: Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39619

Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2. CVSSv3.1 9.6 (CRITICAL) · EPSS 5th percentile

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-04-08
2026-04-08 09:16Z
CRIT

CVE-2026-39617 — Site: Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39617

Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3. CVSSv3.1 9.6 (CRITICAL) · EPSS 5th percentile

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-04-08
2026-04-08 09:16Z
HIGH

CVE-2026-39495 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39495

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.27. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-04-08
2026-04-08 09:16Z
HIGH

CVE-2026-39486 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-39486

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8. CVSSv3.1 8.5 (HIGH) · EPSS 11th percentile

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score