Offensive Sequence12h ago
🚨 CVE-2026-34838 (CRITICAL, CVSS 10): Group-Office <6.8.156, <25.0.90, <26.0.12 vulnerable to insecure deserialization (CWE-502). Authenticated attackers can achieve RCE by injecting malicious serialized objects. Patch now! https://radar.offseq.com/threat/cve-2026-34838-cwe-502-deserialization-of-untruste-f6c31d56 #OffSeq #Vuln #RCE
Offensive Sequence14h ago
πŸ›‘ CRITICAL: CVE-2026-32213 impacts Azure AI Foundry. Improper authorization lets remote attackers fully compromise systems β€” no auth needed! Restrict access, enhance monitoring, & prep IR now. https://radar.offseq.com/threat/cve-2026-32213-cwe-285-improper-authorization-in-m-b7cd2d00 #OffSeq #Azure #Cloud #Vuln #BlueTeam
Offensive Sequence1d ago
🚨 CVE-2026-34564 (CRITICAL, CVSS 9.1): ci4ms < 0.31.0.0 vulnerable to stored XSS via Menu Management. Low-priv attackers can inject scripts, impacting admins & users. Patch & audit menus now. https://radar.offseq.com/threat/cve-2026-34564-cwe-79-improper-neutralization-of-i-8f6e6ad8 #OffSeq #XSS #infosec #vuln
Offensive Sequence1d ago
🚨 CVE-2026-34566: Critical stored XSS (CVSS 9.1) in ci4ms < 0.31.0.0. Attackers can inject persistent JS via Page Management, impacting admins & users. Upgrade to 0.31.0.0+, audit content, enable CSP. Details: https://radar.offseq.com/threat/cve-2026-34566-cwe-79-improper-neutralization-of-i-937ed996 #OffSeq #XSS #Vuln #Infosec
Offensive Sequence2d ago
⚠️ CVE-2026-23898: HIGH-severity flaw in Joomla! CMS (4.0.0-5.4.3, 6.0.0-6.0.3) lets admin-level attackers delete arbitrary files, risking DoS or system compromise. Patch ASAP, restrict high-priv accounts, monitor for deletions. https://radar.offseq.com/threat/cve-2026-23898-cwe-73-destructive-file-deletion-an-4b16a48a #OffSeq #Joomla #Vuln
Offensive Sequence2d ago
πŸ”₯ CRITICAL: CVE-2026-4370 in Canonical Juju (3.2.0 – 3.6.19, 4.0 – 4.0.4) allows unauthenticated attackers to join Dqlite clusters via improper TLS validation. Patch or restrict port access now! https://radar.offseq.com/threat/cve-2026-4370-cwe-295-improper-certificate-validat-9bb2b3b6 #OffSeq #Juju #Vuln #Infosec
Offensive Sequence2d ago
⚠️ CVE-2026-5286: HIGH severity use-after-free in Chrome’s Dawn component <146.0.7680.178. Remote code execution possible via crafted HTML. Patch now to stay protected! https://radar.offseq.com/threat/cve-2026-5286-use-after-free-in-google-chrome-34aabe80 #OffSeq #Chrome #Vuln #InfoSec
Offensive Sequence3d ago
πŸ”΄ CRITICAL: CVE-2026-4317 in Umami 3.0.2 enables authenticated SQL injection via 'timezone' param. No patch yet β€” sanitize inputs, use parameterized queries, and enforce least privilege. Protect your data! https://radar.offseq.com/threat/cve-2026-4317-cwe-89-improper-neutralization-of-sp-e769b7b4 #OffSeq #CVE20264317 #SQLInjection #Vuln
Offensive Sequence3d ago
⚠️ CRITICAL: CVE-2026-34558 in ci4ms (<0.31.0.0) β€” Stored DOM XSS in Methods Management lets attackers inject persistent JS into admin panels. Patch to 0.31.0.0+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-34558-cwe-79-improper-neutralization-of-i-198231a4 #OffSeq #XSS #Vuln #AppSec
Offensive Sequence3d ago
baserCMS < 5.2.3 hit by CRITICAL OS command injection (CVE-2026-30880, CVSS 9.2). Remote unauthenticated RCE possible via installer. Patch to 5.2.3+ now or restrict installer access! https://radar.offseq.com/threat/cve-2026-30880-cwe-78-improper-neutralization-of-s-5ac38c48 #OffSeq #baserCMS #Vuln #infosec