π¨ EUVD-2026-31332
π Score: 7.5/10 (CVSS v3.1)
π¦ Product: Authen::TOTP
π’ Vendor: TCHATZI
π
Updated: 2026-05-21
π Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31332
π¨ EUVD-2026-31333
π Score: 4.3/10 (CVSS v3.1)
π¦ Product: GSheet For Woo Importer
π’ Vendor: mrdollar4444
π
Updated: 2026-05-21
π The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and including, 2.3.1. This makes it possib...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31333
π¨ EUVD-2026-31331
π Score: 8.6/10 (CVSS v3.1)
π¦ Product: iina
π’ Vendor: iina
π
Updated: 2026-05-21
π IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a c...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31331
π CVE-2026-45206 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.
Pl...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45206/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π CVE-2026-45208 - High (7.8)
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target...
π https://www.thehackerwire.com/vulnerability/CVE-2026-45208/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
π΄ CVE-2026-48207 - Critical (9.8)
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deseri...
π https://www.thehackerwire.com/vulnerability/CVE-2026-48207/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
Cool, there's now a code execution exploit on nginx. Now this might sound harmless since you need some ridiculous settings like disabling certain memory protection features but this can still be used to cause a denial of service by crashing nginc workers and what if someone combines it with another exploit in for example the memory protection thingy and then combine it with copyfail. I fucking hate the mordern world, in sometime the entire Internet is just ai finding exploits and other ai fixing it. Fuck all of this man
π° Warning: Microsoft Defender Flaws Actively Exploited to Gain SYSTEM Privileges
β οΈ ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow
π cyber[.]netsecops[.]io
π CVE-2026-48235 - High (8.2)
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses (InstaMapper and G...
π https://www.thehackerwire.com/vulnerability/CVE-2026-48235/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
EUVD Bot
TheHackerWire
Fox Ritch 
π©πͺ
OffSequence
CyberNetsecIO