2174 items
Unread (2164) All Dismissed
MEDIUM
CVE-2026-40514 (CVSS 5.9) — SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email...
NVD CVE-2026-40514 40d ago
HIGH
CVE-2026-32688 (CVSS 0) — Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows...
NVD CVE-2026-32688 41d ago
HIGH
CVE-2026-7101 (CVSS 8.8) — A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of ...
NVD CVE-2026-7101 41d ago
INFO
TGR-STA-1030: New Activity in Central and South America
rss:unit42 threat-actorsmalwarenation-state 43d ago
HIGH
CVE-2026-31583 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: media: em28xx: fix use-after-fr...
NVD CVE-2026-31583 43d ago
HIGH
CVE-2026-31581 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free...
NVD CVE-2026-31581 43d ago
HIGH
CVE-2026-31580 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: bcache: fix cached_dev.sb_bio u...
NVD CVE-2026-31580 43d ago
HIGH
CVE-2026-31578 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: media: as102: fix to not free m...
NVD CVE-2026-31578 43d ago
HIGH
CVE-2026-31576 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free ...
NVD CVE-2026-31576 43d ago
HIGH
CVE-2026-6947 (CVSS 7.5) — DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, al...
NVD CVE-2026-6947 44d ago
MEDIUM
CVE-2026-32952 (CVSS 5.3) — go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0...
NVD CVE-2026-32952 44d ago
CRITICAL
CVE-2026-6942 (CVSS 9.8) — radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows rem...
NVD CVE-2026-6942 44d ago
INFO
Frontier AI and the Future of Defense: Your Top Questions Answered
rss:unit42 threat-actorsmalwarenation-state 44d ago
HIGH
CVE-2026-41205 (CVSS 7.5) — Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vuln...
NVD CVE-2026-41205 44d ago
HIGH
CVE-2026-31532 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-afte...
NVD CVE-2026-31532 45d ago
CRITICAL
CVE-2026-6887 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vul...
NVD CVE-2026-6887 45d ago
CRITICAL
CVE-2026-6886 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication By...
NVD CVE-2026-6886 45d ago
CRITICAL
CVE-2026-6885 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File U...
NVD CVE-2026-6885 45d ago
CRITICAL
CVE-2026-3960 (CVSS 9.8) — A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/I...
NVD CVE-2026-3960 45d ago
INFO
Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System
rss:unit42 threat-actorsmalwarenation-state 45d ago
CRITICAL
CVE-2026-41179 (CVSS 9.8) — Rclone is a command-line program to sync files and directories to and from different cloud storage p...
NVD CVE-2026-41179 45d ago
HIGH
CVE-2026-31527 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gene...
NVD CVE-2026-31527 46d ago
HIGH
CVE-2026-31500 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize b...
NVD CVE-2026-31500 46d ago
HIGH
CVE-2026-31489 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-pu...
NVD CVE-2026-31489 46d ago
HIGH
CVE-2026-31455 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushin...
NVD CVE-2026-31455 46d ago
HIGH
CVE-2026-6855 (CVSS 7.1) — A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th...
NVD CVE-2026-6855 46d ago
MEDIUM
CVE-2026-6848 (CVSS 5.4) — A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive ...
NVD CVE-2026-6848 46d ago
INFO
When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
rss:unit42 threat-actorsmalwarenation-state 46d ago
INFO
CVE-2026-41144 (CVSS 0) — F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedde...
NVD CVE-2026-41144 46d ago
HIGH
CVE-2026-40938 (CVSS 7.5) — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting ...
NVD CVE-2026-40938 46d ago
INFO
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
Krebs breachesthreat-actors 46d ago
CRITICAL
CVE-2026-5965 (CVSS 9.8) — NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated l...
NVD CVE-2026-5965 47d ago
CRITICAL
CVE-2026-32311 (CVSS 9.8) — Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, tr...
NVD CVE-2026-32311 47d ago
HIGH
CVE-2026-31430 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access...
NVD CVE-2026-31430 48d ago
INFO
Fracturing Software Security With Frontier AI Models
rss:unit42 threat-actorsmalwarenation-state 48d ago
INFO
Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)
rss:unit42 threat-actorsmalwarenation-state 50d ago
HIGH
CVE-2026-40476 (CVSS 7.5) — graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCa...
NVD CVE-2026-40476 50d ago
CRITICAL
CVE-2026-29013 (CVSS 9.8) — libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling wher...
NVD CVE-2026-29013 50d ago
HIGH
CVE-2026-40527 (CVSS 7.8) — radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command...
NVD CVE-2026-40527 50d ago
HIGH
CVE-2026-40518 (CVSS 7.1) — ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerab...
NVD CVE-2026-40518 50d ago
CRITICAL
CVE-2025-15625 (CVSS 9.8) — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in...
NVD CVE-2025-15625 51d ago
HIGH
CVE-2025-15624 (CVSS 7.5) — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In ...
NVD CVE-2025-15624 51d ago
HIGH
CVE-2025-15623 (CVSS 7.5) — Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System In...
NVD CVE-2025-15623 51d ago
INFO
A Deep Dive Into Attempted Exploitation of CVE-2023-33538
rss:unit42 CVE-2023-33538threat-actorsmalware 51d ago
CRITICAL
CVE-2026-27820 (CVSS 9.8) — zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3...
NVD CVE-2026-27820 51d ago
HIGH
CVE-2026-41035 (CVSS 7.4) — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call,...
NVD CVE-2026-41035 52d ago
HIGH
CVE-2026-6351 (CVSS 7.5) — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat...
NVD CVE-2026-6351 52d ago
CRITICAL
CVE-2026-6350 (CVSS 9.8) — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing ...
NVD CVE-2026-6350 52d ago
CRITICAL
CVE-2026-6349 (CVSS 9.8) — The  iSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticat...
NVD CVE-2026-6349 52d ago
HIGH
CVE-2026-6348 (CVSS 8.8) — WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing...
NVD CVE-2026-6348 52d ago
MEDIUM NVD Mon, 27 Apr 2026 15:16:20 UTC
CVE-2026-40514 (CVSS 5.9) — SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email...
https://nvd.nist.gov/vuln/detail/CVE-2026-40514
TL;DR
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to deter…
CVE-2026-40514
Read full story ↗