Real-time vulnerability alerts for all your software to all your teams.
Joined June 2017
- Tweets 1,279
- Following 1,969
- Followers 832
- Likes 90
683 Photos and videos
š SAP NetWeaver AS ABAP hit with a SAML XML Signature Wrapping flaw (CVE-2026-44748, CVSS 9.9). Authenticated users can forge signed XML docs to bypass auth controls ā critical scope impact across C/I/A. Patch via SAP Note 3746332. #SAP #AppSec
secalerts.co/vulnerability/Cā¦
45
š CVE-2026-5067: Critical (9.8) unauthenticated memory corruption in Zephyr's HTTP WebSocket upgrade path. A crafted Sec-WebSocket-Key triggers out-of-bounds read/write. No auth, no interaction needed. Patch if you're running Zephyr RTOS. secalerts.co/vulnerability/Cā¦
45
Jun 14
š§ Linux kernel CVE-2026-46289 is critical (9.8) - no auth, no interaction, network exploitable. Faulty length calcs in extract_kvec_to_sg hit C/I/A all high. Check your kernel version now. #Linux #infosec
secalerts.co/vulnerability/Cā¦
73
Jun 14
š§© CVE-2023-54352: Critical unauthenticated RCE in WordPress Seotheme. No login needed ā attackers upload malicious PHP files straight to the theme directory. CVSS 9.3. Remove or replace this theme immediately. #WordPress #cybersecurity secalerts.co/vulnerability/Cā¦
59
Jun 13
š§³ CVE-2024-58349: WordPress Travelscape theme 1.0.3 has a critical (CVSS 9.3) unauthenticated arbitrary file upload flaw. No login required to drop malicious files on your server. Disable or update the theme immediately. #WordPress #cybersecurity secalerts.co/vulnerability/Cā¦
46
Jun 13
š Unauthenticated RCE in WordPress Background Image Cropper 1.2 ā attackers can upload arbitrary files via ups.php with no login required. PoC is on Exploit-DB. CVE-2024-58348 secalerts.co/vulnerability/Cā¦
69
Jun 13
āļø CVE-2026-39910: STACKIT IaaS API's missing authorization check lets any low-privileged authenticated attacker escalate to full org compromise via service account attachment. Critical 9.3 CVSS. Check your exposure now. #CloudSecurity #PrivEsc
secalerts.co/vulnerability/Cā¦
56
Jun 13
One empty header = instant admin. CVE-2026-25555 hits OpenBullet2 0.3.2 with a critical auth bypass (9.3) in the X-Api-Key middleware, letting unauthenticated attackers own the API with zero effort. š Patch or lock it down now.
#appsec #cybersecurity
secalerts.co/vulnerability/Cā¦
97
Jun 13
š§® CVE-2026-52778: YesWiki's formula calculator uses unsafe eval() ā unauthenticated RCE DoS, CVSS 9.8. No auth, no interaction needed. Patch to v4.6.6 now. secalerts.co/vulnerability/Cā¦
66
Jun 13
š SimpleHelp auth bypass ā CVE-2026-48558 is critical (9.5). OIDC JWT signatures aren't verified, letting unauthenticated attackers bypass login entirely. Affects v5.5.15 and prior 6.0 pre-release. Patch now. secalerts.co/vulnerability/Cā¦
101
Jun 12
šŖµ Splunk Enterprise has a critical CVE-2026-20253 (9.8): unauthenticated attackers can create or truncate arbitrary files via a PostgreSQL sidecar endpoint. Affects versions below 10.2.4 / 10.0.7. Patch now. secalerts.co/vulnerability/Cā¦
180
Jun 12
š CVE-2026-50086: Aqara's IAM/SSO gateway exposes an unauthenticated AES oracle against its platform signing key. No credentials needed to abuse it. CVSS 10. If you use Aqara, check now. secalerts.co/vulnerability/Cā¦
1
1
1
1,267
Jun 12
š NetMan 204 has a hard-coded backdoor: username & password 'eurek' grants full admin access to anyone, no auth needed. CVE-2025-71317 scores 9.3 critical with a public exploit already on Exploit-DB. Check your UPS management cards. secalerts.co/vulnerability/Cā¦
56
Jun 12
š Unauthenticated RCE in Termix via SSH tunnel command injection. CVE-2026-45748 scores 9.8 critical - no auth, no user interaction needed. Update to v2.3.2 now. #infosec #cybersecurity secalerts.co/vulnerability/Cā¦
59
Jun 12
šļø MariaDB CVE-2026-49261: OS command injection via wsrep_notify_cmd ā CVSS 10. No auth, no interaction, full system takeover. Five separate release lines across 10.6, 10.11, 11.4, 11.8 and 12.3 are affected. Patch now. secalerts.co/vulnerability/Cā¦
1
64
Jun 11
š¢ Oracle PeopleSoft zero-day exploited in active data theft attacks. CVE-2026-35273 hits PeopleTools 8.61 & 8.62 - no auth, network exploitable, CVSS 9.8. Patch now.
#Oracle #PeopleSoft secalerts.co/vulnerability/Cā¦
90
Jun 11
š CVE-2025-71316: Critical RCE (CVSS 9.2) in SQLite sqldiff. The '-L' flag enables arbitrary DLL loading via Unicode-to-ANSI argument injection in Windows runtime handling. Attack conditions apply but no privileges needed. secalerts.co/vulnerability/Cā¦
73
Jun 11
š§ Adobe Campaign Classic hit with a CVSS 10 critical. CVE-2026-48303 lets unauthenticated attackers execute arbitrary code via Incorrect Authorization. Versions 7.4.3 build 9394 and earlier are exposed. Patch now. secalerts.co/vulnerability/Cā¦
75
Jun 10
Adobe Campaign Classic: critical CVSS 10 SSRF. CVE-2026-47938 affects ACC v7.4.3 build 9394 and earlier and could result in privilege escalation. No auth required. Patch now. secalerts.co/vulnerability/Cā¦
59
Jun 10
SAP NetWeaver ABAP hit with a critical 9.8 memory corruption flaw. CVE-2026-27671 lets unauthenticated attackers send crafted RFC requests to exploit the SAP Kernel. No auth needed. Patch via SAP Note 3717897 now. #SAP #NetWeaver secalerts.co/vulnerability/Cā¦
69