🛡️ CRITICAL: CVE-2026-4744 in rizonesoft Notepad3 (<6.25.714.1) enables out-of-bounds reads — possible data disclosure & crashes. Patch ASAP, restrict access, and avoid untrusted files. More info: https://radar.offseq.com/threat/cve-2026-4744-cwe-125-out-of-bounds-read-in-rizone-16fef5f9 #OffSeq #CVE20264744 #infosec #vuln

🛡️ CVE-2026-4601: CRITICAL bug in jsrsasign <11.1.1 misses a vital DSA signing step, letting attackers recover private keys if exploited. No active attacks yet, but update ASAP! Details: https://radar.offseq.com/threat/cve-2026-4601-missing-cryptographic-step-in-jsrsas-1b19c447 #OffSeq #CVE20264601 #Crypto #Vuln

🔴 CRITICAL: Oracle Identity Manager RCE (CVE-2026-21992) allows unauthenticated remote code execution. No active exploitation reported yet, but patch now to avoid full compromise. Review deployments and restrict access. https://radar.offseq.com/threat/oracle-releases-emergency-patch-for-critical-ident-3d33a815 #OffSeq #Oracle #Vuln #Patch

⚠️ HIGH severity alert: CVE-2026-2580 – SQL Injection in flippercode WP Maps plugin for WordPress (all versions). Unauthenticated attackers can exfiltrate data via 'orderby'. Patch or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-2580-cwe-89-improper-neutralization-of-sp-b93f1b1b #OffSeq #WordPress #Vuln #SQLi

🛡️ CVE-2026-4540: MEDIUM-severity SQL Injection in projectworlds Online Notes Sharing System v1.0. Exploit code is public, no active attacks yet. Patch or mitigate — focus on the 'Benutzer' param in /login.php. More info: https://radar.offseq.com/threat/cve-2026-4540-sql-injection-in-projectworlds-onlin-4351ab2e #OffSeq #SQLInjection #Vuln

🔥 HIGH severity: CVE-2026-4261 in Expire Users (WordPress, all versions) lets Subscribers escalate to Admin via missing authorization in 'save_extra_user_profile_fields'. Patch urgently or mitigate! https://radar.offseq.com/threat/cve-2026-4261-cwe-862-missing-authorization-in-hus-fa4ebb4d #OffSeq #WordPress #Vuln #Security

CVE-2026-24060 (CRITICAL): WebCTRL Premium Server sends BACnet data in cleartext, risking interception & modification. No patch yet — segment OT networks & use VPNs for BACnet traffic. Monitor for sniffing, restrict access. Details: https://radar.offseq.com/threat/cve-2026-24060-cwe-319-in-automated-logic-webctrl--ad487a9d #OffSeq #ICS #Vuln #BACnet

⚠️ CVE-2026-4478 (CRITICAL, CVSS 9.2) hits Yi Home Camera 2 (2.1.1_20171024151200): Improper signature verification in HTTP firmware update handler. Public exploit, no vendor response. Monitor & segment affected devices. https://radar.offseq.com/threat/cve-2026-4478-improper-verification-of-cryptograph-dd0fa87f #OffSeq #IoTSecurity #Vuln

⚠️ CVE-2026-32767: SiYuan (<3.6.1) has a CRITICAL SQL injection flaw in /api/search/fullTextSearchBlock. Any authenticated user can run SQL, risking full data compromise. Upgrade to 3.6.1+ ASAP. https://radar.offseq.com/threat/cve-2026-32767-cwe-89-improper-neutralization-of-s-8a5766fd #OffSeq #SiYuan #SQLInjection #Vuln

🚨 CRITICAL: CVE-2026-27065 in ThimPress BuilderPress (≤2.0.1) lets attackers perform unauthenticated RFI, risking full WordPress compromise. Disable plugin & harden PHP configs immediately! https://radar.offseq.com/threat/cve-2026-27065-cwe-98-improper-control-of-filename-c54e685b #OffSeq #WordPress #Vuln #RFI #CVE202627065