🚨 CRITICAL: CVE-2026-32248 in parse-server (>=9.0.0, <9.6.0-alpha.12, <8.6.38) allows unauth attackers to hijack accounts if anonymous auth is enabled. MongoDB & PostgreSQL affected. Upgrade ASAP or disable anonymous auth! https://radar.offseq.com/threat/cve-2026-32248-cwe-943-improper-neutralization-of--cc26229b #OffSeq #CVE202632248 #infosec
⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-32251-cwe-611-improper-restriction-of-xml-6ee364da #OffSeq #CVE202632251 #infosec #XXE
🚨 CRITICAL: CVE-2026-3611 impacts Honeywell IQ4E (v3.50_3.44) — missing web HMI authentication lets remote attackers create admin accounts, lock out operators, and control building systems. Restrict access & create user accounts ASAP. https://radar.offseq.com/threat/cve-2026-3611-cwe-306-missing-authentication-for-c-2be1059b #OffSeq #ICS #Honeywell
🚨 CRITICAL: CVE-2026-22193 in wpDiscuz <7.6.47 enables unauthenticated remote SQL injection. Attackers can access sensitive DB data. Patch ASAP or apply mitigations (WAF, access controls, log monitoring)! https://radar.offseq.com/threat/cve-2026-22193-improper-neutralization-of-special--3f166beb #OffSeq #WordPress #SQLInjection
🚨 CRITICAL: CVE-2026-27591 in Winter CMS (<1.0.477, <1.1.12, <1.2.12) lets any authenticated backend user escalate to admin via crafted requests. Patch ASAP! Impact: full compromise. https://radar.offseq.com/threat/cve-2026-27591-cwe-284-improper-access-control-in--eac8002f #OffSeq #WinterCMS #CVE202627591 #infosec
🚨 CVE-2026-3826 (CRITICAL): WellChoose IFTOP PHP LFI lets unauthenticated attackers execute remote code. No patch yet. Isolate affected systems & monitor for LFI attempts. Act now to avoid full compromise! https://radar.offseq.com/threat/cve-2026-3826-cwe-98-improper-control-of-filename--e68c5a28 #OffSeq #Infosec #PHP #Vulnerability
⚠️ CVE-2026-0124 (CRITICAL, CVSS 10) hits Google Pixel devices: local out-of-bounds write means privilege escalation — no user interaction needed. Restrict access, monitor now, patch ASAP when available. https://radar.offseq.com/threat/cve-2026-0124-elevation-of-privilege-in-google-and-bf0f89c1 #OffSeq #Android #Vuln #MobileSecurity
🚩 CVE-2026-3768 (HIGH, CVSS 8.7): Stack buffer overflow in Tenda F453 v1.0.0.3 — remote, unauthenticated exploit possible. Public exploit code released. Patch ASAP or restrict remote access! https://radar.offseq.com/threat/cve-2026-3768-stack-based-buffer-overflow-in-tenda-9b634f69 #OffSeq #CVE20263768 #RouterSecurity #Infosec
🛑 CVE-2026-3732: HIGH severity stack buffer overflow in Tenda F453 (v1.0.0.3). Remote, unauthenticated code execution risk — no patch yet. Block remote mgmt & monitor endpoints. Details: https://radar.offseq.com/threat/cve-2026-3732-stack-based-buffer-overflow-in-tenda-41443da2 #OffSeq #Vuln #RouterSecurity #CVE20263732
🛡️ CVE-2026-3715: HIGH-severity stack overflow in Wavlink WL-WN579X3-C routers (v231124). Remote attackers can execute code w/o auth. Exploit code is public — patch to 20260226 now! https://radar.offseq.com/threat/cve-2026-3715-stack-based-buffer-overflow-in-wavli-504a0f36 #OffSeq #Vulnerability #RouterSecurity #Infosec
🚨 CRITICAL CVE-2026-30861: Tencent WeKnora (0.2.5 – 0.2.9) OS command injection enables unauth RCE — full system compromise possible. Patch to 0.2.10 now! More info: https://radar.offseq.com/threat/cve-2026-30861-cwe-78-improper-neutralization-of-s-94bf2228 #OffSeq #RCE #Vulnerability #InfoSec
Subscribe to #offseq entries via RSS feed