🚨 CRITICAL: CVE-2026-33701 affects opentelemetry-java-instrumentation <2.26.1. Unauthenticated RCE possible on Java ≤16 via unsafe RMI deserialization. Upgrade to 2.26.1+ or disable RMI now! Details: https://radar.offseq.com/threat/cve-2026-33701-cwe-502-deserialization-of-untruste-08578920 #OffSeq #Java #RCE #Vuln

🚨 CRITICAL: CVE-2026-33670 in SiYuan (<3.6.2) lets remote attackers exploit /api/file/readDir for path traversal, exposing sensitive files. Patch to 3.6.2+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-33670-cwe-22-improper-limitation-of-a-pat-0880f67a #OffSeq #vuln #infosec #SiYuan

🛡️ HIGH-severity: CVE-2026-28760 in RATOC RAID Monitoring Manager for Windows (<2.00.009.260220) allows DLL hijacking — local attackers may run code as admin. Patch ASAP, restrict installer access, and audit installs. https://radar.offseq.com/threat/cve-2026-28760-uncontrolled-search-path-element-in-f4dfdefd #OffSeq #infosec #vuln #windows

HIGH severity alert: RATOC RAID Monitoring Manager for Windows (<2.00.009.260220) can leave custom install folders with insecure ACLs, letting non-admins run code as SYSTEM. Check permissions & update! CVE-2026-32680 https://radar.offseq.com/threat/cve-2026-32680-incorrect-default-permissions-in-ra-38982bf7 #OffSeq #Vuln #Windows #SysAdmin

🚨 CRITICAL: CVE-2026-32573 in Nelio AB Testing plugin (≤8.2.7) enables code injection on WordPress sites. No active exploits, but risk of remote code execution. Monitor for patches & harden configs. https://radar.offseq.com/threat/cve-2026-32573-improper-control-of-generation-of-c-2c0edccd #OffSeq #WordPress #Vuln

🚨 CVE-2026-33526: Critical Use-After-Free in Squid (<7.5) allows remote attackers to crash Squid via ICP traffic. icp_access rules are ineffective. Upgrade to 7.5+ or disable ICP (icp_port=0) ASAP! https://radar.offseq.com/threat/cve-2026-33526-cwe-416-use-after-free-in-squid-cac-5f2ea159 #OffSeq #Squid #Vuln #DoS

⚠️ HIGH: CVE-2026-2343 in PeproDev Ultimate Invoice ≤2.2.5 exposes PII via predictable ZIP archive names in bulk downloads. No auth needed — risk of mass data leaks! Disable feature, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-2343-cwe-200-information-exposure-in-pepr-b24bfe87 #OffSeq #WordPress #Vuln

⚠️ HIGH-severity XSS (CVE-2026-2072, CVSS 8.2) in Hitachi Infrastructure Analytics Advisor & Ops Center Analyzer <11.0.5-00. Exploitable by low-privilege users. Patch when available, restrict access, enable WAF. https://radar.offseq.com/threat/cve-2026-2072-cwe-79-improper-neutralization-of-in-c6f3add7 #OffSeq #XSS #Vuln #Hitachi

🚨 CRITICAL: CVE-2026-4745 in dendibakh perf-ninja (CVSS 10) — remote code injection flaw in labs/misc/pgo/lua & ldo.C. No exploits yet, but restrict access, monitor logs, and prep for urgent patches. Full system compromise risk. https://radar.offseq.com/threat/cve-2026-4745-cwe-94-improper-control-of-generatio-1708b5aa #OffSeq #Vuln #AppSec

⚠️ CVE-2026-4755: Critical vuln in MolotovCherry Android-ImageMagick7 (<7.1.2-11). Remote, unauthenticated RCE possible due to improper input validation. Patch ASAP & enforce input checks. Details: https://radar.offseq.com/threat/cve-2026-4755-cwe-20-cwe-20-in-molotovcherry-andro-fb2c95b0 #OffSeq #Android #Vuln #ImageMagick #CVE2026_4755