π΄ CVE-2026-41615 - Critical (9.6)
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-41615/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-42897 - High (8.1)
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-42897/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-44542 - Critical (9.1)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape t...
π https://www.thehackerwire.com/vulnerability/CVE-2026-44542/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-23998 - High (7.5)
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleetβs Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, thi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-27886 - High (7.5)
Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use t...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-44586 - High (8.3)
SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes s...
π https://www.thehackerwire.com/vulnerability/CVE-2026-44586/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-44523 - Critical (10)
Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as shor...
π https://www.thehackerwire.com/vulnerability/CVE-2026-44523/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-44633 - High (8.1)
Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint acce...
π https://www.thehackerwire.com/vulnerability/CVE-2026-44633/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-44592 - Critical (9.4)
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-re...
π https://www.thehackerwire.com/vulnerability/CVE-2026-44592/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-8621 - High (8.8)
Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Cra...
π https://www.thehackerwire.com/vulnerability/CVE-2026-8621/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
TheHackerWire