🚨 CVE-2026-4415 (CRITICAL, CVSS 9.2) hits Gigabyte Control Center: unauth’d remote attackers can write files anywhere if pairing is enabled. No patch yet — disable pairing & monitor for anomalies. https://radar.offseq.com/threat/cve-2026-4415-cwe-23-relative-path-traversal-in-gi-d148431b #OffSeq #Vuln #Gigabyte #Infosec

🔎 CVE-2026-34005 (HIGH): Xiongmai DVR/NVR (v4.03.R11) root OS command injection via DVRIP (port 34567). Authenticated attackers can fully compromise devices. Restrict access, monitor, and segment ASAP. https://radar.offseq.com/threat/cve-2026-34005-cwe-78-improper-neutralization-of-s-b117df4c #OffSeq #Xiongmai #Infosec #Vuln

⚠️ CVE-2026-0560: HIGH-severity SSRF in parisneo/lollms (<2.2.0) allows remote attackers to access internal network/cloud endpoints via /api/files/export-content. Patch to 2.2.0+ or block unsafe URLs now! https://radar.offseq.com/threat/cve-2026-0560-cwe-918-server-side-request-forgery--5103940b #OffSeq #SSRF #Vuln #AppSec

⚠️ CVE-2026-4176 (HIGH): Perl Compress::Raw::Zlib uses a vulnerable zlib, risking memory corruption or code execution. Affects 5.9.4 – 5.43.0. Update to Compress::Raw::Zlib 2.221+ ASAP! https://radar.offseq.com/threat/cve-2026-4176-cwe-1395-dependency-on-vulnerable-th-556b643e #OffSeq #Perl #Vuln #SysAdmin

🚨 HIGH severity: CVE-2026-0558 in parisneo/lollms (≤2.2.0) — /api/files/extract-text allows unauthenticated file uploads, risking DoS & info leaks. Restrict access, enforce auth, and monitor activity. No patch yet. https://radar.offseq.com/threat/cve-2026-0558-cwe-287-improper-authentication-in-p-51fddf90 #OffSeq #Vuln #AppSec

⚠️ CVE-2026-5041 (MEDIUM): Command injection in Chamber of Commerce Membership Mgmt System v1.0 via admin/pageMail.php. High privileges needed, public exploit exists. Input validation & patching advised. https://radar.offseq.com/threat/cve-2026-5041-command-injection-in-code-projects-c-82c5a99c #OffSeq #Vuln #CommandInjection #InfoSec

⚠️ MEDIUM severity SQL Injection (CVE-2026-5035) found in code-projects Accounting System 1.0 (/view_work.php, Parameter Handler). Public exploit available — review your systems and restrict access if possible. https://radar.offseq.com/threat/cve-2026-5035-sql-injection-in-code-projects-accou-b844fbad #OffSeq #SQLInjection #Vuln

⚠️ CVE-2026-5019: SQL injection in code-projects Simple Food Order System 1.0 (all-orders.php, Status param). MEDIUM severity, public exploit available — remote attackers at risk. Monitor and restrict exposure. https://radar.offseq.com/threat/cve-2026-5019-sql-injection-in-code-projects-simpl-bb8230db #OffSeq #SQLi #Vuln

⚠️ CVE-2026-4987 (HIGH): SureForms plugin for WordPress lets attackers bypass payment amount validation by setting form_id to 0 — no auth needed, all versions <=2.5.2 at risk. Patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4987-cwe-20-improper-input-validation-in--6438ea07 #OffSeq #WordPress #Vuln #PaymentSecurity

🔥 HIGH severity: CVE-2026-4248 in Ultimate Member plugin (≤2.11.2) lets Contributor users trigger admin password resets via malicious post preview — risking full site takeover. Restrict access & monitor now! https://radar.offseq.com/threat/cve-2026-4248-cwe-285-improper-authorization-in-ul-0446e863 #OffSeq #WordPress #CVE20264248 #Vuln