CRITICAL: gematik app-Authenticator <4.16.0 vulnerable to auth hijack via deep links. No workarounds — update to 4.16.0+ now to secure health data! radar.offseq.com/threat/cve-2026-33875-cw... #OffSeq #CVE202633875 #VulnAlert
🚨 VMware Spring AI 1.0.x & 1.1.x face HIGH risk (CVE-2026-22729): JSONPath injection lets users bypass access controls for sensitive docs. Upgrade or sanitize filter inputs now. radar.offseq.com/threat/cve-2026-22729-vu... #OffSeq #SpringAI #VulnAlert
Craft CMS faces a CRITICAL flaw: CVE-2026-32267 lets remote attackers escalate to admin via shared URLs. Upgrade to 4.17.6/5.9.12 now! 🔒 radar.offseq.com/threat/cve-2026-32267-cw... #OffSeq #CraftCMS #VulnAlert
🛑 DLL hijacking in TR-VISION HOME (≤2.0.5) - HIGH severity. Local attackers can escalate privileges. Restrict directory access & monitor for suspicious DLLs. radar.offseq.com/threat/cve-2026-4255-cwe... #OffSeq #VulnAlert #Windows
LiteSpeed OpenLiteSpeed & LSWS Enterprise hit by HIGH-severity OS command injection flaw (admin access needed). Act now: review admin access, monitor logs, prep for patch. radar.offseq.com/threat/cve-2026-31386-im... #OffSeq #LiteSpeed #VulnAlert
Tenda F453 (v1.0.0.3) hit by HIGH severity buffer overflow — remote code execution possible, no auth needed. Restrict access & monitor /goform/SetIpBind traffic. Patch when available! radar.offseq.com/threat/cve-2026-3379-buf... #OffSeq #VulnAlert #NetworkS...
Hyland OnBase 8.0 hit by CRITICAL vuln: unauth .NET Remoting on TCP/8900 enables RCE & file writes. Restrict port, monitor, patch ASAP. 🛡️ radar.offseq.com/threat/cve-2026-26221-cw... #OffSeq #Hyland #VulnAlert
CRITICAL: Code injection in goauthentik authentik (CVE-2026-25227). Users with certain permissions can execute code. Upgrade to patched versions now! radar.offseq.com/threat/cve-2026-25227-cw... #OffSeq #authentik #VulnAlert
Security threat visualization
🚨 Umbraco CMS 16.3.3 hit by CRITICAL vuln (CVE-2025-67288): attackers can upload crafted PDFs to run code. No patch—apply strict file upload controls & monitor closely! radar.offseq.com/threat/cve-2025-67288-na... #OffSeq #Umbraco #VulnAlert
Security threat visualization
CRITICAL: CVE-2025-14700 in Crafty Controller 4.6.1 lets authenticated users run code via SSTI. Limit access, monitor closely, and prep for patches. Details: radar.offseq.com/threat/cve-2025-14700-cw... #OffSeq #VulnAlert #SSTI
Security threat visualization
🚨 Critical RFI in Stockholm WP theme (≤9.14.1) allows remote code execution. Patch or disable immediately; harden PHP configs. No public exploits yet, but risk is high. radar.offseq.com/threat/cve-2025-68068-im... #OffSeq #WordPress #VulnAlert
Security threat visualization
🚩 HIGH severity: wpchill Image Gallery (v2.13.1) path traversal lets Author+ users delete critical files—remote code execution possible. Audit & restrict access. Details: radar.offseq.com/threat/cve-2025-13645-cw... #OffSeq #WordPress #VulnAlert
Security threat visualization
D-Link DIR-822K & DWR-M920 (HIGH, CVE-2025-13551): Remote buffer overflow flaw w/ public exploit—patch when available, isolate routers, monitor network. Details: radar.offseq.com/threat/cve-2025-13551-bu... #OffSeq #VulnAlert #DLink
Security threat visualization
Oracle Identity Manager hit by CRITICAL vuln: ";.wadl" URL bypass enables remote code execution. Patch now, monitor for suspicious POSTs & ".wadl" URLs. radar.offseq.com/threat/oracle-identity-m... #OffSeq #Oracle #VulnAlert
Security threat visualization
CRITICAL: WP移行専用プラグイン for CPI vuln (CVE-2025-11170) lets unauth. users upload any file — RCE possible. Audit & disable plugin, block risky uploads now! radar.offseq.com/threat/cve-2025-11170-cw... #OffSeq #WordPress #VulnAlert
Security threat visualization
WordPress Contact Form CFDB7 (≤1.3.2) hit by CRITICAL pre-auth SQL injection & PHP object injection. Disable plugin or apply WAF rules until patched. High risk for web admins! radar.offseq.com/threat/cve-2025-4665-cwe... #OffSeq #WordPress #VulnAlert
Security threat visualization
Tenda O3 (v1.0.0.10) faces a HIGH severity stack overflow (CVE-2025-12214). Remote code execution possible—public exploit available. Segment, monitor, and restrict access now. radar.offseq.com/threat/cve-2025-12214-st... #OffSeq #VulnAlert #IoTSecurity
Security threat visualization
CRITICAL: CVE-2025-12216 in Azure Access BLU-IC2 & BLU-IC4 (≤1.19.5) lets malicious apps persist, blocking uninstallation. Restrict network access & monitor apps while awaiting patch. radar.offseq.com/threat/cve-2025-12216-cw... #OffSeq #VulnAlert #C...
Security threat visualization
CRITICAL: marsupialtail quokka <=3.0.1 faces RCE risk (CVE-2025-62515) due to unsafe pickle deserialization. Audit servers, restrict network exposure, and monitor now! radar.offseq.com/threat/cve-2025-62515-cw... #OffSeq #CVE202562515 #VulnAlert
Security threat visualization
Zenitel TCIS-3+ (<9.2.3.3) hit by CRITICAL command injection (CVE-2025-59817) — root access risk. Restrict web portal, monitor for abuse, patch when available. Details: radar.offseq.com/threat/cve-2025-59817-cw... #OffSeq #CVE202559817 #VulnAlert
Security threat visualization
🚨 CRITICAL: CVE-2025-10266 in NUP Portal allows unauthenticated SQL Injection—full DB compromise possible. No patch; restrict access, deploy WAFs, monitor activity now. radar.offseq.com/threat/cve-2025-10266-cw... #OffSeq #SQLInjection #VulnAlert
Security threat visualization
upKeeper Manager (5.0.0–5.2.11) faces a HIGH severity flaw leaking domain creds in logs. Review access & prep for updates. radar.offseq.com/threat/cve-2025-8663-cwe... #OffSeq #VulnAlert #Security
Security threat visualization
CRITICAL: aiven-db-migrate <1.0.7 lets attackers become PostgreSQL superuser via path traversal. Upgrade to 1.0.7+ now and lock down migrations to trusted sources! radar.offseq.com/threat/cve-2025-55282-cw... #OffSeq #CVE202555282 #VulnAlert
Security threat visualization
🔔 HIGH severity stack buffer overflow in Linksys RE6250 (up to 20250801). Public exploit out, no patch yet—restrict access & monitor devices! Details: radar.offseq.com/threat/cve-2025-8832-sta... #OffSeq #Linksys #VulnAlert
🛡️ Stay Protected: BaseFortify.eu offers detailed vulnerability insights and risk assessments to help you monitor and mitigate such threats. Register for free at basefortify.eu/register #CyberSecurity #VulnAlert #AttackSurface
Rockwell Automation - FactoryTalk® AssetCentre Multiple Vulnerabilities
CVE-2025-0477, CVE-2025-0497, CVE-2025-0498 #infosec #VulnAlert
Patch up your #VMWare Avi Load Balancers 🚦VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217) support.broadcom.com/web/ecx/support-content-... #infosec #VulnAlert
🚨 CVE-2024-47894
📅 Published: 2025-01-13
🏢 Vendor: Imagination Technologies
💾 Product: Graphics DDK
🏗️ Affected Version: <= 24.2 RTM2
🐛 CWE-823
🏆 Base Score: 7.1
⚠️ Base Severity: HIGH
🔗 https://s.mtrbio.com/ehqlegotcy
#VulnAlert #InfoSec #CyberSecurity
🚨 CVE-2024-52936
📅 Published: 2025-01-13
🏢 Vendor: Imagination Technologies
💾 Product: Graphics DDK
🏗️ Affected Version: <= 24.2 RTM2
🐛 CWE-823
🔗 https://s.mtrbio.com/xihjfwjczg
#VulnAlert #InfoSec #CyberSecurity
New @Fortinet SQL Injection vulnerability published boys.
🚨 CVE-2023-37931
📅 Published: 2025-01-14
🏢 Vendor: Fortinet
💾 Product: FortiVoice
🐛 CWE-89
🏆 Base Score: 8.8
⚠️ Base Severity: HIGH
🔗 https://s.mtrbio.com/tiqzdukigr
#VulnAlert #InfoSec #CyberSecurity
