{"sector":{"id":"ics","name":"Industrial Control Systems / OT","sector":"industrial","description":"Operational technology, ICS/SCADA, manufacturing, energy and utilities.\nHeavy weight on PLC/HMI vendors and protocol-level vulnerabilities.","visibility":"public"},"top_24h":[{"id":"81b751b5-289c-4537-bdfb-3d449bababa3","threat_type":"cve","title":"FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName\n before constructing file pa","summary":"FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName\n before constructing file paths, allowing an unauthenticated attacker to\n write arbitrary files outside the intended upload directory or read \nfiles from arbitrary locations on the server.\n\nThis issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0.\n\nUsers are recommended to upgrade to version 10.9.0, which fixes the issue.","severity":"medium","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-06T10:16:26.163000Z","last_modified_at":"2026-05-06T15:05:39.151793Z","external_id":"CVE-2026-43975","description":"FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName\n before constructing file paths, allowing an unauthenticated attacker to\n write arbitrary files outside the intended upload directory or read \nfiles from arbitrary locations on the server.\n\nThis issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0.\n\nUsers are recommended to upgrade to version 10.9.0, which fixes the issue.","affected_products":[],"references":["https://github.com/apache/wicket/pull/1432","https://lists.apache.org/thread/xp2jrdk6ppv1zcmxb4w1mk2lg1dw3hbr","http://www.openwall.com/lists/oss-security/2026/05/06/4"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-22"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":6.5,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T15:05:39.330677Z"},{"id":"ad4474c7-62e5-4a09-9515-8749a1ba6bff","threat_type":"cve","title":"A remote code execution vulnerability\nexists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated\nuser with System Setting permissio","summary":"A remote code execution vulnerability\nexists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated\nuser with System Setting permissions can execute arbitrary commands on the\nserver by sending a crafted HTTP POST request to the ASWebCommon.srf backend\nendpoint to bypass the frontend restrictions.","severity":"high","cvss_score":8.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-06T08:16:04.490000Z","last_modified_at":"2026-05-06T08:59:38.678099Z","external_id":"CVE-2026-7841","description":"A remote code execution vulnerability\nexists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated\nuser with System Setting permissions can execute arbitrary commands on the\nserver by sending a crafted HTTP POST request to the ASWebCommon.srf backend\nendpoint to bypass the frontend restrictions.","affected_products":[],"references":["https://www.geovision.com.tw/cyber_security.php"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":false,"matched":[],"points":0},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":8.8,"points":15},"priority_boost":{"hit":true,"matched":["remote code execution"],"points":20},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T08:59:38.794366Z"},{"id":"f225734d-f978-4351-ae52-b46351c0c6ce","threat_type":"cve","title":"Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulner","summary":"Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracle OCI CLI allowing users to place imported files outside the intended directory.","severity":"medium","cvss_score":6.1,"cvss_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-06T08:16:03.697000Z","last_modified_at":"2026-05-06T15:05:39.107761Z","external_id":"CVE-2026-35254","description":"Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in Oracle OCI CLI allowing users to place imported files outside the intended directory.","affected_products":[],"references":["https://www.oracle.com/security-alerts/all-oracle-cves-outside-other-oracle-public-documents.html"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-22"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":6.1,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T15:05:39.318362Z"},{"id":"8a1067aa-6f1b-46a2-8747-5a61635b8ab1","threat_type":"cve","title":"A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the compon","summary":"A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.","severity":"high","cvss_score":7.2,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T20:16:41.677000Z","last_modified_at":"2026-05-06T14:04:51.342432Z","external_id":"CVE-2026-7857","description":"A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.","affected_products":[],"references":["https://github.com/draw-ctf/report/blob/main/DI-8100/user_group_asp_overflow.md","https://vuldb.com/submit/807853","https://vuldb.com/vuln/361134","https://vuldb.com/vuln/361134/cti","https://www.dlink.com/"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-119"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":7.2,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T14:04:56.001943Z"},{"id":"83d8d27b-85d1-4853-b230-f189e17ff8e2","threat_type":"cve","title":"A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface","summary":"A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.","severity":"high","cvss_score":7.2,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T20:16:41.500000Z","last_modified_at":"2026-05-06T14:04:51.319921Z","external_id":"CVE-2026-7856","description":"A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.","affected_products":[],"references":["https://github.com/draw-ctf/report/blob/main/DI-8100/url_member_asp_overflow.md","https://vuldb.com/submit/807849","https://vuldb.com/vuln/361133","https://vuldb.com/vuln/361133/cti","https://www.dlink.com/"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-119"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":7.2,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T14:04:55.997138Z"},{"id":"475fc584-b8f4-4330-b697-6575aa432c6e","threat_type":"cve","title":"A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP","summary":"A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.","severity":"high","cvss_score":8.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T19:16:23.710000Z","last_modified_at":"2026-05-05T19:46:45.321163Z","external_id":"CVE-2026-7855","description":"A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.","affected_products":[],"references":["https://github.com/draw-ctf/report/blob/main/DI-8100/tggl_asp_overflow.md","https://vuldb.com/submit/807841","https://vuldb.com/vuln/361132","https://vuldb.com/vuln/361132/cti","https://www.dlink.com/"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-119"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":8.8,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T02:00:15.934892Z"},{"id":"990acb2f-d3bf-4f17-b42a-f8853f4229bb","threat_type":"cve","title":"A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_","summary":"A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.","severity":"critical","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T19:16:23.540000Z","last_modified_at":"2026-05-05T19:46:45.298043Z","external_id":"CVE-2026-7854","description":"A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.","affected_products":[],"references":["https://github.com/draw-ctf/report/blob/main/DI-8100/url_rule_asp_overflow.md","https://vuldb.com/submit/807838","https://vuldb.com/vuln/361131","https://vuldb.com/vuln/361131/cti","https://www.dlink.com/"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-119"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":9.8,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T02:00:15.962730Z"},{"id":"588695d2-465f-4dcf-9f60-6073e8280d3b","threat_type":"cve","title":"A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handl","summary":"A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.","severity":"critical","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T18:16:04.123000Z","last_modified_at":"2026-05-05T19:46:45.156778Z","external_id":"CVE-2026-7853","description":"A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.","affected_products":[],"references":["https://github.com/draw-ctf/report/blob/main/DI-8100/auto_reboot_asp_overflow.md","https://vuldb.com/submit/807837","https://vuldb.com/vuln/361130","https://vuldb.com/vuln/361130/cti","https://www.dlink.com/"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-119"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":9.8,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T02:00:15.772505Z"},{"id":"871c4695-7545-47a1-bb88-f0e616bbcd13","threat_type":"cve","title":"A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ","summary":"A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.","severity":"high","cvss_score":7.2,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T18:16:03.947000Z","last_modified_at":"2026-05-05T19:46:45.129600Z","external_id":"CVE-2026-7851","description":"A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.","affected_products":[],"references":["https://github.com/draw-ctf/report/blob/main/DI-8100/yyxz_dlink_asp_overflow.md","https://vuldb.com/submit/807798","https://vuldb.com/vuln/361128","https://vuldb.com/vuln/361128/cti","https://www.dlink.com/"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-119"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":7.2,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T02:00:15.744267Z"},{"id":"27276106-8d9b-43a9-af83-4ac655fb5e30","threat_type":"cve","title":"Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `proc","summary":"Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to remote code execution. This has been patched in version 8.6.3.","severity":"high","cvss_score":8.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T17:17:02.577000Z","last_modified_at":"2026-05-06T16:06:39.411885Z","external_id":"CVE-2026-23479","description":"Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to remote code execution. This has been patched in version 8.6.3.","affected_products":["cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"],"references":["https://github.com/redis/redis/releases/tag/8.6.3","https://github.com/redis/redis/security/advisories/GHSA-93m2-935m-8rj3"],"sources":["nvd"],"score":35.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":false,"matched":[],"points":0},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":8.8,"points":15},"priority_boost":{"hit":true,"matched":["remote code execution"],"points":20},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":35,"final_score":35.0},"calculated_at":"2026-05-06T16:06:39.953197Z"}],"top_7d":[{"id":"0da69b0c-abe3-484a-af6c-cc3bd2432dc7","threat_type":"cve","title":"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to g","summary":"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.","severity":"critical","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd","kev","actively-exploited","ransomware"],"published_at":"2026-04-29T22:17:34.339369Z","last_modified_at":"2026-05-06T15:23:37.677810Z","external_id":"CVE-2026-41940","description":"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.","affected_products":["cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*","cpe:2.3:a:cpanel:whm:*:*:*:*:*:*:*:*","cpe:2.3:a:cpanel:wp_squared:*:*:*:*:*:wordpress:*:*"],"references":["https://docs.cpanel.net/release-notes/release-notes","https://docs.wpsquared.com/changelogs/versions/changelog/#13617","https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026","https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026","https://www.vulncheck.com/advisories/cpanel-and-whm-authentication-bypass-via-login-flow","https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/","https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/","https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940"],"sources":["nvd","cisa_kev"],"score":95.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-306"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":9.8,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":true,"points":25},"actively_exploited":{"hit":true,"points":15},"ransomware":{"hit":true,"points":15},"multi_source":{"hit":true,"source_count":2,"points":5},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":95,"final_score":95.0},"calculated_at":"2026-05-06T15:24:16.023863Z"},{"id":"4f1e1ccb-9a2d-4d4b-88d6-025408e35526","threat_type":"cve","title":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit","summary":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.","severity":"critical","cvss_score":7.8,"cvss_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd","kev","actively-exploited"],"published_at":"2026-04-29T22:17:30.493476Z","last_modified_at":"2026-05-06T15:23:37.653656Z","external_id":"CVE-2026-31431","description":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.","affected_products":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:10.1:*:*:*:*:*:*:*","cpe:2.3:o:amazon:amazon_linux:-:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*","cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*"],"references":["https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c","https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc","https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667","https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82","https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b","https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5","https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237","https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8","http://www.openwall.com/lists/oss-security/2026/04/29/23","http://www.openwall.com/lists/oss-security/2026/04/29/25","http://www.openwall.com/lists/oss-security/2026/04/29/26","http://www.openwall.com/lists/oss-security/2026/04/30/10","http://www.openwall.com/lists/oss-security/2026/04/30/11","http://www.openwall.com/lists/oss-security/2026/04/30/12","http://www.openwall.com/lists/oss-security/2026/04/30/14","http://www.openwall.com/lists/oss-security/2026/04/30/15","http://www.openwall.com/lists/oss-security/2026/04/30/16","http://www.openwall.com/lists/oss-security/2026/04/30/17","http://www.openwall.com/lists/oss-security/2026/04/30/18","http://www.openwall.com/lists/oss-security/2026/04/30/2","http://www.openwall.com/lists/oss-security/2026/04/30/20","http://www.openwall.com/lists/oss-security/2026/04/30/5","http://www.openwall.com/lists/oss-security/2026/04/30/6","http://www.openwall.com/lists/oss-security/2026/05/01/10","http://www.openwall.com/lists/oss-security/2026/05/01/12","http://www.openwall.com/lists/oss-security/2026/05/01/15","http://www.openwall.com/lists/oss-security/2026/05/01/16","http://www.openwall.com/lists/oss-security/2026/05/01/17","http://www.openwall.com/lists/oss-security/2026/05/01/18","http://www.openwall.com/lists/oss-security/2026/05/01/2","http://www.openwall.com/lists/oss-security/2026/05/01/22","http://www.openwall.com/lists/oss-security/2026/05/01/23","http://www.openwall.com/lists/oss-security/2026/05/01/24","http://www.openwall.com/lists/oss-security/2026/05/01/3","http://www.openwall.com/lists/oss-security/2026/05/02/14","http://www.openwall.com/lists/oss-security/2026/05/02/15","http://www.openwall.com/lists/oss-security/2026/05/02/16","http://www.openwall.com/lists/oss-security/2026/05/02/17","http://www.openwall.com/lists/oss-security/2026/05/02/18","http://www.openwall.com/lists/oss-security/2026/05/02/19","http://www.openwall.com/lists/oss-security/2026/05/02/20","http://www.openwall.com/lists/oss-security/2026/05/02/21","http://www.openwall.com/lists/oss-security/2026/05/02/23","http://www.openwall.com/lists/oss-security/2026/05/02/24","http://www.openwall.com/lists/oss-security/2026/05/02/25","http://www.openwall.com/lists/oss-security/2026/05/02/4","http://www.openwall.com/lists/oss-security/2026/05/02/5","http://www.openwall.com/lists/oss-security/2026/05/02/6","http://www.openwall.com/lists/oss-security/2026/05/02/7","http://www.openwall.com/lists/oss-security/2026/05/02/8","http://www.openwall.com/lists/oss-security/2026/05/03/10","http://www.openwall.com/lists/oss-security/2026/05/03/12","http://www.openwall.com/lists/oss-security/2026/05/03/13","http://www.openwall.com/lists/oss-security/2026/05/03/3","http://www.openwall.com/lists/oss-security/2026/05/03/4","http://www.openwall.com/lists/oss-security/2026/05/03/5","http://www.openwall.com/lists/oss-security/2026/05/03/6","http://www.openwall.com/lists/oss-security/2026/05/04/1","http://www.openwall.com/lists/oss-security/2026/05/04/10","http://www.openwall.com/lists/oss-security/2026/05/04/11","http://www.openwall.com/lists/oss-security/2026/05/04/12","http://www.openwall.com/lists/oss-security/2026/05/04/13","http://www.openwall.com/lists/oss-security/2026/05/04/14","http://www.openwall.com/lists/oss-security/2026/05/04/2","http://www.openwall.com/lists/oss-security/2026/05/04/24","http://www.openwall.com/lists/oss-security/2026/05/04/27","http://www.openwall.com/lists/oss-security/2026/05/04/28","http://www.openwall.com/lists/oss-security/2026/05/04/29","http://www.openwall.com/lists/oss-security/2026/05/04/31","http://www.openwall.com/lists/oss-security/2026/05/04/8","http://www.openwall.com/lists/oss-security/2026/05/04/9","http://www.openwall.com/lists/oss-security/2026/05/06/5","https://copy.fail","https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170","https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation","https://github.com/theori-io/copy-fail-CVE-2026-31431","https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431","https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"],"sources":["cisa_kev","nvd"],"score":60.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":false,"matched":[],"points":0},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":7.8,"points":15},"priority_boost":{"hit":false,"matched":[],"points":0},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":true,"points":25},"actively_exploited":{"hit":true,"points":15},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":true,"source_count":2,"points":5},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":60,"final_score":60.0},"calculated_at":"2026-05-06T15:24:16.017346Z"},{"id":"3c8f8c4e-3e8d-4414-a88a-44f743a92733","threat_type":"cve","title":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticate","summary":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.","severity":"critical","cvss_score":10.0,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T16:16:18.360000Z","last_modified_at":"2026-05-05T19:46:44.895742Z","external_id":"CVE-2026-7411","description":"In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.","affected_products":[],"references":["https://gitlab.eclipse.org/security/cve-assignment/-/issues/102","https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423"],"sources":["nvd"],"score":55.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-22"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":10.0,"points":15},"priority_boost":{"hit":true,"matched":["remote code execution"],"points":20},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":55,"final_score":55.0},"calculated_at":"2026-05-06T02:00:15.515359Z"},{"id":"550b0c47-2a46-4c8b-90cb-05c9e3f46f9a","threat_type":"cve","title":"Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary comma","summary":"Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.","severity":"critical","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T12:16:16.710000Z","last_modified_at":"2026-05-05T20:47:39.756712Z","external_id":"CVE-2023-54344","description":"Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.","affected_products":[],"references":["https://www.exploit-db.com/exploits/51879","https://www.vulncheck.com/advisories/eclipse-equinox-osgi-remote-code-execution-via-console"],"sources":["nvd"],"score":55.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-306"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":9.8,"points":15},"priority_boost":{"hit":true,"matched":["remote code execution"],"points":20},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":55,"final_score":55.0},"calculated_at":"2026-05-06T02:00:15.017221Z"},{"id":"21654ace-c9e5-451e-ae75-42dd03aca82a","threat_type":"cve","title":"Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated atta","summary":"Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.","severity":"critical","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-05T12:16:15.650000Z","last_modified_at":"2026-05-05T20:47:39.719043Z","external_id":"CVE-2023-54342","description":"Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, establishing a reverse shell connection.","affected_products":[],"references":["https://www.exploit-db.com/exploits/51878","https://www.vulncheck.com/advisories/eclipse-equinox-osgi-console-remote-code-execution"],"sources":["nvd"],"score":55.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-306"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":9.8,"points":15},"priority_boost":{"hit":true,"matched":["remote code execution"],"points":20},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":55,"final_score":55.0},"calculated_at":"2026-05-06T02:00:14.999111Z"},{"id":"7444e611-b074-49d0-9da7-7eb2d8ab1172","threat_type":"cve","title":"Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins quer","summary":"Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file through the plugins parameter, causing the Arelle webserver to download and execute the attacker-controlled code within the Arelle process with its privileges.","severity":"critical","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-04T18:16:32.520000Z","last_modified_at":"2026-05-05T20:47:39.305641Z","external_id":"CVE-2026-42796","description":"Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file through the plugins parameter, causing the Arelle webserver to download and execute the attacker-controlled code within the Arelle process with its privileges.","affected_products":[],"references":["https://github.com/Arelle/Arelle/pull/2320","https://github.com/Arelle/Arelle/releases/tag/2.39.10","https://www.vulncheck.com/advisories/arelle-unauthenticated-rce-via-rest-configure"],"sources":["nvd"],"score":55.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-306"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":9.8,"points":15},"priority_boost":{"hit":true,"matched":["remote code execution"],"points":20},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":55,"final_score":55.0},"calculated_at":"2026-05-06T02:00:14.001401Z"},{"id":"5a91828a-e55c-43cb-9d78-1efcb138f993","threat_type":"cve","title":"Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function ","summary":"Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters. This issue has been patched in version 1.69.3.","severity":"critical","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-05-04T17:16:24.440000Z","last_modified_at":"2026-05-05T16:43:41.830854Z","external_id":"CVE-2026-42076","description":"Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync() without proper sanitization, enabling remote code execution when the corpus parameter contains shell metacharacters. This issue has been patched in version 1.69.3.","affected_products":[],"references":["https://github.com/EvoMap/evolver/releases/tag/v1.69.3","https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53"],"sources":["nvd"],"score":55.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-78"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":9.8,"points":15},"priority_boost":{"hit":true,"matched":["remote code execution"],"points":20},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":55,"final_score":55.0},"calculated_at":"2026-05-06T02:00:13.815050Z"},{"id":"cbb01e48-805c-4666-9a85-6e460338ada3","threat_type":"cve","title":"HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to ","summary":"HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded to the bridge session manager and executed through the shared shell subprocess helper, allowing them to spawn shell sessions as the OpenHarness process user and access local files, credentials, workspace state, and repository contents.","severity":"high","cvss_score":8.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-04-30T22:16:27.097000Z","last_modified_at":"2026-05-04T19:22:38.802523Z","external_id":"CVE-2026-7551","description":"HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded to the bridge session manager and executed through the shared shell subprocess helper, allowing them to spawn shell sessions as the OpenHarness process user and access local files, credentials, workspace state, and repository contents.","affected_products":["cpe:2.3:a:hkuds:openharness:*:*:*:*:*:*:*:*"],"references":["https://github.com/HKUDS/OpenHarness/commit/438e37309778e19060dfe7b172eb142e543c4cd6","https://github.com/HKUDS/OpenHarness/pull/208","https://www.vulncheck.com/advisories/hkuds-openharness-remote-command-execution-via-bridge-slash-command"],"sources":["nvd"],"score":55.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-78"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":8.8,"points":15},"priority_boost":{"hit":true,"matched":["remote code execution"],"points":20},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":55,"final_score":55.0},"calculated_at":"2026-05-06T02:00:10.199049Z"},{"id":"c77190ef-7873-4aa5-9f29-28475fc19dee","threat_type":"cve","title":"Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where ","summary":"Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can inject arbitrary shell commands by submitting a POST request with crafted radius_address, radius_address2, shared_secret2, source_ip, timeout, or retry parameters along with save=1 and enable_radius=1 to achieve remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 (UTC).","severity":"critical","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-04-30T17:16:25.630000Z","last_modified_at":"2026-05-05T18:45:39.283415Z","external_id":"CVE-2025-71284","description":"Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can inject arbitrary shell commands by submitting a POST request with crafted radius_address, radius_address2, shared_secret2, source_ip, timeout, or retry parameters along with save=1 and enable_radius=1 to achieve remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 (UTC).","affected_products":["cpe:2.3:a:synway:smg_gateway_management_software:-:*:*:*:*:*:*:*"],"references":["https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/synway/synwaysmg-radius-rce.yaml","https://mp.weixin.qq.com/s/PyepoFSuQ63E3RnpQa9nsA","https://mrxn.net/jswz/synway-9-2radius-rce.html","https://www.synway.net/","https://www.vulncheck.com/advisories/synway-smg-gateway-management-software-os-command-injection-via-radius-address"],"sources":["nvd"],"score":55.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-78"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":9.8,"points":15},"priority_boost":{"hit":true,"matched":["remote code execution"],"points":20},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":55,"final_score":55.0},"calculated_at":"2026-05-06T02:00:15.802462Z"},{"id":"87f72823-1ebb-4bef-8e84-7bbacbcb6416","threat_type":"cve","title":"BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files ","summary":"BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the field_hiddenfile and field_deleteimg parameters during profile editing to unlink files from the server.","severity":"high","cvss_score":8.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_version":"3.1","tags":["nvd"],"published_at":"2026-04-29T22:17:34.339369Z","last_modified_at":"2026-04-30T20:51:56.904577Z","external_id":"CVE-2018-25308","description":"BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the field_hiddenfile and field_deleteimg parameters during profile editing to unlink files from the server.","affected_products":[],"references":["http://lenonleite.com.br/","https://www.exploit-db.com/exploits/44432","https://www.vulncheck.com/advisories/buddypress-xprofile-custom-fields-type-remote-code-execution"],"sources":["nvd"],"score":55.0,"score_breakdown":{"technology_match":{"hit":false,"matched":[],"points":0},"keyword_match":{"hit":false,"matched":[],"points":0},"cwe_match":{"hit":true,"matched":["CWE-22"],"points":20},"cvss_threshold":{"hit":true,"threshold":6.0,"cvss_score":8.8,"points":15},"priority_boost":{"hit":true,"matched":["remote code execution"],"points":20},"excluded":{"hit":false,"matched":[],"points":0},"kev":{"hit":false,"points":0},"actively_exploited":{"hit":false,"points":0},"ransomware":{"hit":false,"points":0},"multi_source":{"hit":false,"source_count":1,"points":0},"package_match":{"hit":false,"matched":[],"points":0},"raw_total":55,"final_score":55.0},"calculated_at":"2026-05-06T02:00:20.673279Z"}],"stats":{"total_threats":28771,"critical_count":101,"high_count":20,"average_score":13.72,"sources_active":["nvd","cisa_kev"]}}