The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Malicious Ad for Homebrew Leads to MacSync Stealer

Published: 2026-05-01

Last Updated: 2026-05-01 19:01:21 UTC

by Brad Duncan (Version: 1)

Introduction

As macbooks and mac minis become more popular, we're seeing more campaigns targeting these macOS hosts. Malicious ads have popped up in search results that can lead potential victims to pages that present themselves as legitimate malware but instead are malware. This diary presents one such example from a malicious ad for a page that impersonates Homebrew we saw on Thursday, 2026-04-30.

Homebrew is a third-party package manager for macOS, and this page pushes MacSync Stealer malware. As I write this today (2026-05-01), the fake Homebrew page at hxxps[:]//sites.google[.]com/view/brewpage is still active ...

Read the full entry: https://isc.sans.edu/diary/Malicious+Ad+for+Homebrew+Leads+to+MacSync+Stealer/32942/

TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03)

Published: 2026-05-04

Last Updated: 2026-05-04 17:12:18 UTC

by Kenneth Hartman (Version: 1)

Summary

The most significant development of the week was the April 29 to 30 Mini Shai-Hulud worm, a self-propagating supply chain campaign that compromised four official SAP npm packages, two PyTorch Lightning PyPI versions, two intercom-client npm versions, and the intercom-php Packagist package across three package ecosystems. OX Security tracked roughly 1,800 GitHub repositories created with stolen credentials by the worm during the two day campaign, and Wiz attributed the operation to TeamPCP at high confidence based on a shared RSA public key with the prior Bitwarden CLI and Checkmarx KICS operations. Reporting suggests the campaign has now demonstrated cross-ecosystem worm propagation in production (npm to PyPI to Packagist), realizing the theoretical CanisterSprawl-style ecosystem-jump risk flagged in the W17 weekly. Separately, Check Point Research disclosed on April 27 to 28 that TeamPCP's extortion partner Vect ships a ChaCha20-IETF nonce-reuse flaw that effectively turns Vect 2.0 into a data wiper for any file larger than 128 KB, a finding analysts assess materially weakens the credibility of TeamPCP's Trivy-credential-trove monetization channel.

Dated event log ...

Read the full entry: https://isc.sans.edu/diary/TeamPCP+Weekly+Analysis+2026W18+20260427+through+20260503/32950/

Cleartext Passwords in MS Edge? In 2026?

Published: 2026-05-04

Last Updated: 2026-05-05 14:37:01 UTC

by Rob VandenBrink (Version: 1)

Yup, that is for real.

For me, this started with a post in X at hxxps://x.com/intcyberdigest/status/2051406295828250963?s=61 , which highlighted research by @L1v1ng0ffTh3L4N that found exactly this issue. Edge stores all of your browser passwords in clear text, even if you haven't used them in this session, y'know, just in case.

I figured, it couldn't be that easy, right? But like so many things, yes, yes it was.

To reproduce this

*Open Edge. Don't browse anywhere, just open it

*Flip out to Task Manager, search for Edge, then expand that task

*Highlight the "browser" sub-task, right click, and choose "Create Memory Dump" ...

Read the full entry: https://isc.sans.edu/diary/Cleartext+Passwords+in+MS+Edge+In+2026/32954/

SSL.com rotates their root certificate today (2026.05.05)

https://isc.sans.edu/diary/SSLcom+rotates+their+root+certificate+today/32956/

DShield Honeypot Update (2026.05.04)

https://isc.sans.edu/diary/DShield+Honeypot+Update/32948/

Wireshark 4.6.5 Released (2026.05.03)

https://isc.sans.edu/diary/Wireshark+465+Released/32944/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2026-41940 - cPanel is susceptible to an authentication bypass vulnerability in older versions, enabling remote attackers to gain unauthorized control panel access.

Product: cPanel

CVSS Score: 9.8

** KEV since 2026-04-30 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41940

ISC Podcast: https://isc.sans.edu/podcastdetail/9916

NVD References:

- https://docs.cpanel.net/release-notes/release-notes

- https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-- https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41940

CVE-2026-31431 - Linux kernel: A vulnerability in crypto: algif_aead has been resolved by reverting to operating out-of-place for improved efficiency and simplicity.

Product: Linux kernel

CVSS Score: 0

** KEV since 2026-05-01 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-31431

ISC Diary: https://isc.sans.edu/diary/32950

ISC Podcast: https://isc.sans.edu/podcastdetail/9914

NVD References: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431

CVE-2026-31718, CVE-2026-43011, CVE-2026-43038, CVE-2026-43039 - Linux kernel vulnerabilities

Product: Linux kernel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-31718

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-43011

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-43038

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-43039

CVE-2026-32202 - Windows Protection Mechanism Failure Vulnerability in Windows Shell allows an unauthorized attacker to perform spoofing over a network. Product: Microsoft Windows CVSS Score: 4.3 ** KEV since 2006-04-28 ** NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32202 MSFT References:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32202

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-32202

CVE-2024-1708 - ConnectWise ScreenConnect 23.9.7 and prior may allow an attacker to execute remote code or impact critical systems due to a path-traversal vulnerability.

Product: ConnectWise ScreenConnect

CVSS Score: 0

** KEV since 2026-04-28 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-1708

ISC Diary: https://isc.sans.edu/diary/32950

NVD References: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1708

CVE-2026-4670 - MOVEit Automation is vulnerable to authentication bypass due to a primary weakness in Progress Software, impacting versions before 2025.0.0 and prior.

Product: Progress MOVEit Automation

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-4670

ISC Podcast: https://isc.sans.edu/podcastdetail/9918

NVD References: https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174

CVE-2026-5174 - Progress Software MOVEit Automation is vulnerable to privilege escalation due to improper input validation in versions prior to 2025.1.5, 2025.0.9, and 2024.1.8.

Product: Progress MOVEit Automation

CVSS Score: 7.7

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5174

ISC Podcast: https://isc.sans.edu/podcastdetail/9918

NVD References: https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174

CVE-2026-31705 - Linux ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment

Product: Linux ksmbd

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-31705

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31705

CVE-2026-3854 - GitHub Enterprise Server was vulnerable to remote code execution due to improper neutralization of special elements during a git push operation.

Product: GitHub Enterprise Server

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3854

ISC Podcast: https://isc.sans.edu/podcastdetail/9910

CVE-2026-40976 - Spring Boot's default web security can be ineffective, allowing unauthorized access to all endpoints in certain circumstances.

Product: VMware Spring Boot

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-40976

NVD References: https://spring.io/security/cve-2026-40976

CVE-2026-7321 - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.

Product: Mozilla Firefox

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7321

NVD References:

- https://www.mozilla.org/security/advisories/mfsa2026-30/

- https://www.mozilla.org/security/advisories/mfsa2026-33/

- https://www.mozilla.org/security/advisories/mfsa2026-36/

- https://www.mozilla.org/security/advisories/mfsa2026-39/

CVE-2025-60889 - StellarGroup HPX 1.11.0 may allow attackers to execute arbitrary code through insecure deserialization of untrusted input.

Product: StellarGroup HPX 1.11.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60889

CVE-2026-41873 - Apache Pony Mail has an inconsistent interpretation of HTTP requests vulnerability leading to admin account takeover, affecting all versions of the Lua implementation.

Product: Apache Pony_Mail

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41873

NVD References: https://lists.apache.org/thread/1c7jtxjobh280kqc13fzw1cg57xrz951

CVE-2026-42778, CVE-2026-42779 - Deserialization of untrusted data vulnerabilities in Apache MINA AbstractIoBuffer.getObject() is vulnerable to incomplete fix for CVE-2024-52046 in versions 2.1.0 to 2.1.11 and 2.2.0 to 2.2.6, with the issue resolved in versions 2.1.12 and 2.2.7 by applying the classname allowlist earlier.

Product: Apache MINA

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42778

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42779

NVD References:

- https://lists.apache.org/thread/fhlx5k91hrkgyzh7yk1nghrn3k27gxy0

- https://lists.apache.org/thread/fhlx5k91hrkgyzh7yk1nghrn3k27gxy0

CVE-2026-40682, CVE-2026-42027 - Vulnerabilities in Apache OpenNLP

Product: Apache OpenNLP

CVSS Scores: 9.1 - 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-40682 (improper restriction of XML external entity reference)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42027 (unsafe reflection)

NVD References:

- https://lists.apache.org/thread/r6jpt0qr9nj67gqhppqg7jxf8vsbo0w6

- https://lists.apache.org/thread/ltlo4powjfc0w2w2yyl1o5tc7q1gcb2y

CVE-2026-42809, CVE-2026-42810, CVE-2026-42811 - Apache Polaris vulnerabilities

Product: Apache Polaris

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42809

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42810

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42811

NVD References:

- https://lists.apache.org/thread/8tfsr8y7pgq6rdcvjx95hkcr47td671r

- https://lists.apache.org/thread/gg3qq9sqg4hdjmprqy46p40xmln61dm9

- https://lists.apache.org/thread/hovn5hmkj9wj7v9cd8sn67svg03klgvg

CVE-2026-42812 - Apache Iceberg is vulnerable to an issue where changing the `write.metadata.path` property can allow attackers to write table metadata to an attacker-chosen location without proper validation.

Product: Apache Iceberg

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42812

NVD References: https://lists.apache.org/thread/wxd2wj3p0smvrk84msv317wg5tp3jtw9

CVE-2026-24178 - NVIDIA NVFlare Dashboard is vulnerable to authorization bypass and privilege escalation due to a flaw in the user management system allowing unauthenticated attackers to manipulate user-controlled keys.

Product: NVIDIA NVFlare

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24178

CVE-2026-3893 - The Carlson VASCO-B GNSS Receiver lacks authentication, enabling network attackers to access and modify its configuration and functions without credentials.

Product: Carlson VASCO-B GNSS Receiver

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3893

CVE-2026-41386 - OpenClaw before 2026.3.22 is susceptible to privilege escalation through unauthorized device roles and scopes during initial pairing.

Product: OpenClaw

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41386

NVD References: https://github.com/openclaw/openclaw/security/advisories/GHSA-gg9v-mgcp-v6m7

CVE-2026-43534 - OpenClaw before 2026.4.10 is vulnerable to input validation allowing malicious hook names to be used for escalating untrusted input into higher-trust agent context.

Product: OpenClaw

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-43534

NVD References: https://github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr

CVE-2026-43566 - OpenClaw versions 2026.4.7 before 2026.4.14 have a privilege escalation vulnerability that allows attackers to maintain an owner-like execution context by sending untrusted webhook wake events.

Product: OpenClaw

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-43566

NVD References: https://github.com/openclaw/openclaw/security/advisories/GHSA-g2hm-779g-vm32

CVE-2026-41446 - Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 have undisclosed diagnostic HTTP endpoints that can be accessed with just the device MAC address and service tag found on the physical device label, allowing attackers to execute commands as root.

Product: Snap One WattBox 800 and 820 series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41446

CVE-2026-7333 - Google Chrome prior to version 147.0.7727.138 had a high severity vulnerability in GPU allowing a remote attacker to potentially escape the sandbox.

Product: Google Chrome

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7333

NVD References:

- https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html

- https://issues.chromium.org/issues/493955227

CVE-2026-42523 - Jenkins GitHub Plugin 1.46.0 and earlier has a stored XSS vulnerability due to improper processing of job URLs, allowing non-anonymous attackers with Overall/Read permission to exploit.

Product: Jenkins GitHub

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42523

NVD References: https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3704

CVE-2026-26015 - DocsGPT versions 0.15.0 to 0.16.0 allow an attacker to achieve arbitrary remote code execution due to a bypass in the "MCP test" behavior.

Product: DocsGPT

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26015

NVD References: https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74

CVE-2026-30893 - Wazuh allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes.

Product: Wazuh

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30893

NVD References: https://github.com/wazuh/wazuh/security/advisories/GHSA-m8rw-v4f6-8787

CVE-2018-25316, CVE-2018-25317, CVE-2018-25318 - Tenda vulnerabilities

Product: Tenda

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25316

NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25317

NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25318

NVD References:

- https://www.vulncheck.com/advisories/tenda-w308r-v2-cookie-session-weakness-dns-change

- https://www.vulncheck.com/advisories/tenda-w3002r-a302-w309r-64-en-cookie-session-weakness-dns-change

- https://www.vulncheck.com/advisories/tenda-fh303-a300-68-en-cookie-session-weakness-dns-change

CVE-2026-7381 - Plack::Middleware::XSendfile versions through 1.0053 for Perl enable client-controlled path rewriting through the X-Sendfile-Type header.

Product: Plack

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7381

NVD References: https://metacpan.org/release/MIYAGAWA/Plack-1.0053/view/lib/Plack/Middleware/XSendfile.pm#DEPRECATION-NOTICE

CVE-2025-14543 - Connext Professional (Core Libraries) allows Serialized Data External Linking through Improper Restriction of XML External Entity Reference vulnerability.

Product: Connext Professional

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14543

CVE-2025-71284 - Synway SMG Gateway Management Software is vulnerable to OS command injection in the RADIUS configuration endpoint, allowing unauthenticated remote attackers to achieve remote code execution.

Product: Synway SMG Gateway Management Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-71284

NVD References: https://www.vulncheck.com/advisories/synway-smg-gateway-management-software-os-command-injection-via-radius-address

CVE-2026-33446, CVE-2026-33447 - Buffer overflow vulnerabilities in Secure Access client version 14.49 and earlier allows attackers to trigger a buffer overflow via a specially crafted packet, potentially leading to memory corruption or a denial of service.

Product: Absolute Secure Access

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33446

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33447

NVD References:

- https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33446

- https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-33447

CVE-2026-35051, CVE-2026-39858 - Authentication bypass vulnerabilities in Traefik

Product: Traefik

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-35051

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39858

NVD References:

- https://github.com/traefik/traefik/security/advisories/GHSA-6384-m2mw-rf54

- https://github.com/traefik/traefik/security/advisories/GHSA-5m6w-wvh7-57vm

CVE-2026-42994 - Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, sourced from npm, contained embedded malicious code due to a Checkmarx supply chain incident.

Product: Bitwarden CLI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42994

NVD References: https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127

CVE-2026-42482, CVE-2026-42483, CVE-2026-42484 - Buffer overflow vulnerabilities in Hashcat v7.1.2.

Product: Hashcat 7.1.2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42482

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42483

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42484

CVE-2026-37531 - AGL app-framework-main up to version 17.1.12 is vulnerable to a Zip Slip path traversal and TOCTOU race condition during widget installation, allowing for potential file writing anywhere on the filesystem regardless of verification failure.

Product: AGL app-framework-main

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-37531

CVE-2026-37534 - Open-SAE-J1939 allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame.

Product: Open-SAE J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-37534

CVE-2026-37541 - Open Vehicle Monitoring System 3 (OVMS3) 3.3.005 is vulnerable to a buffer overflow in canformat_gvret.cpp, allowing remote attackers to trigger a denial of service or potentially execute arbitrary code.

Product: Open Vehicle Monitoring System OVMS3

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-37541

NVD References: https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381

CVE-2026-7482 - Ollama before 0.17.1 has a heap out-of-bounds read vulnerability in the GGUF model loader, allowing attackers to leak sensitive data by supplying a malicious GGUF file to the /api/create endpoint and uploading the resulting artifact through the /api/push endpoint.

Product: Ollama

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7482

CVE-2026-42076 - Evolver is vulnerable to remote code execution via command injection in version 1.69.3 and earlier.

Product: Evolver GEP-powered self-evolving engine

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42076

NVD References: https://github.com/EvoMap/evolver/security/advisories/GHSA-j5w5-568x-rq53

CVE-2026-42090 - Notesnook had a stored XSS vulnerability in the note export flow that could be escalated to remote code execution in the desktop app prior to versions 3.3.15 for Web/Desktop and 3.3.20 for iOS/Android.

Product: Notesnook

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42090

NVD References: https://github.com/streetwriters/notesnook/security/advisories/GHSA-fjm8-jg78-89h4

CVE-2026-25293 - Buffer overflow due to incorrect authorization in PLC FW

Product: PLC FW

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25293

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html

CVE-2026-36356 - The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.

Product: MeiG Smart FORGE_SLT711 devices

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-36356

CVE-2026-7411 - Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 is vulnerable to a path traversal attack that can lead to Remote Code Execution (RCE) and system compromise.

Product: Eclipse BaSyx Java Server SDK

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7411

NVD References: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/423

CVE-2026-27960 - OpenCTI is vulnerable to privilege escalation in versions 6.6.0 through 6.9.12, allowing unauthenticated attackers to query the API as any existing user, but has been patched in version 6.9.13.

Product: OpenCTI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27960

NVD References: https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-6vvv-vmfr-xhrx

CVE-2026-41571 - Note Mark is vulnerable to an unauthenticated bypass in version 0.19.2 due to a hardcoded bcrypt("null") placeholder for OIDC-registered users with no stored password, allowing anyone to access a valid session with password: "null" until patched in version 0.19.3.

Product: Note Mark

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41571

NVD References: https://github.com/enchant97/note-mark/security/advisories/GHSA-pxf8-6wqm-r6hh

CVE-2026-42087, CVE-2026-42088 - Vulnerabilities in OpenC3 COSMOS

Product: OpenC3 COSMOS

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42087

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42088

NVD References:

- https://github.com/OpenC3/cosmos/security/advisories/GHSA-v529-vhwc-wfc5

- https://github.com/OpenC3/cosmos/security/advisories/GHSA-2wvh-87g2-89hr

CVE-2026-42796 - Arelle before version 2.39.10 allows unauthenticated remote attackers to execute malicious Python code through the plugins query parameter in the /rest/configure endpoint.

Product: Arelle

CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42796

NVD References: https://www.vulncheck.com/advisories/arelle-unauthenticated-rce-via-rest-configure

CVE-2023-54342, CVE-2023-54344 - Remote code execution vulnerabilities in Eclipse Equinox OSGi

Product: Eclipse Equinox OSGi

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-54342

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-54344

NVD References:

- https://www.vulncheck.com/advisories/eclipse-equinox-osgi-console-remote-code-execution

- https://www.vulncheck.com/advisories/eclipse-equinox-osgi-remote-code-execution-via-console

CVE-2026-42364, CVE-2026-42368, CVE-2026-42369, CVE-2026-42370, CVE-2026-7161, CVE-2026-7372 - GeoVision Vulnerabilities

Product: GeoVision LPC2011/LPC2211

CVSS Scores: 9.0 - 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42364

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42368

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42369

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42370

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7161

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7372

NVD References:

- https://talosintelligence.com/vulnerability_reports/

- https://www.geovision.com.tw/cyber_security.php

CVE-2026-24118, CVE-2026-24120, CVE-2026-24781, CVE-2026-26332, CVE-2026-26956 - VM2 vulnerabilities

Product: VM2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24118

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24120

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24781

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26332

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26956

NVD References:

- https://github.com/patriksimek/vm2/security/advisories/GHSA-grj5-jjm8-h35p

- https://github.com/patriksimek/vm2/security/advisories/GHSA-qvjj-29qf-hp7p

- https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c

- https://github.com/patriksimek/vm2/security/advisories/GHSA-55hx-c926-fr95

- https://github.com/patriksimek/vm2/security/advisories/GHSA-ffh4-j6h5-pg66

CVE-2026-7248, CVE-2026-7853, CVE-2026-7854 - Vulnerabilities in D-Link DI-8100

Product: D-Link DI-8100

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7248

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7853

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7854

CVE-2026-42373, CVE-2026-42374, CVE-2026-42375 - Vulnerabilities in D-Link DIR-605L

Product: D-Link DIR-605L

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42373

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42374

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42375

NVD References:

- https://www.securin.io/zero-day/cve-2026-42373-hardcoded-telnet-backdoor-in-d-link-dir-605l-b2-end-of-life-

- https://www.securin.io/zero-day/cve-2026-42374-hardcoded-telnet-backdoor-in-d-link-dir-600l-b1-end-of-life-

- https://www.securin.io/zero-day/cve-2026-42375-hardcoded-telnet-backdoor-in-d-link-dir-600l-a1-end-of-life-

CVE-2026-42376 - D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) has a hardcoded telnet backdoor allowing unauthenticated attackers on the local network to gain full administrative control.

Product: D-Link DIR-456U

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42376

NVD References: https://www.securin.io/zero-day/cve-2026-42376-hardcoded-telnet-backdoor-in-d-link-dir-456u-a1-end-of-life-

CVE-2026-7202, CVE-2026-7203, CVE-2026-7204, CVE-2026-7240 through CVE-2026-7244, CVE-2026-7538, CVE-2026-7546, CVE-2026-7719, CVE-2026-7747, CVE-2026-7823, CVE-2026-36841 - TOTOLINK vulnerabilities

Product: TOTOLINK

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7202

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7203

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7204

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7240

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7241

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7242

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7243

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7244

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7538

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7546

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7719

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7747

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7823

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-36841