⚠️ CVE-2026-4987 (HIGH): SureForms plugin for WordPress lets attackers bypass payment amount validation by setting form_id to 0 — no auth needed, all versions <=2.5.2 at risk.

️ CVE-2026-4987 (HIGH): SureForms plugin for WordPress lets attackers bypass payment amount validation by setting form_id to 0 — no auth needed, all versions <=2.5.2 at risk. Patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4987-cwe-20-improper-input-validation-in--6438ea07 #OffSeq #WordPress #Vuln #PaymentSecurity

HIGH severity buffer overflow in Wavlink WL-WN579X3-C (231124): Remote attackers can exploit UPnP Handler to run code. No patch from vendor. Disable UPnP & block remote access immediately. CVE-2026-5004 https://radar.offseq.com/threat/cve-2026-5004-stack-based-buffer-overflow-in-wavli-7ae39014 #OffSeq #Infosec #RouterSecurity #CVE20265004

CVE-2026-1679: HIGH severity buffer overflow in Zephyr RTOS (all versions). Local attackers can trigger kernel memory corruption via eswifi socket offload driver. Patch ASAP, enforce access controls. Details: https://radar.offseq.com/threat/cve-2026-1679-buffer-copy-without-checking-size-of-5ca8f17f #OffSeq #ZephyrRTOS #IoTSecurity #CVE

CVE-2026-33945 (CRITICAL, CVSS 10): lxc incus <6.23.0 is vulnerable to path traversal, enabling attackers to write as root & escalate privileges. Upgrade to 6.23.0+ ASAP, restrict config access! https://radar.offseq.com/threat/cve-2026-33945-cwe-22-improper-limitation-of-a-pat-4b327a65 #OffSeq #CVE202633945 #ContainerSecurity

CRITICAL vuln in plank/laravel-mediable <=6.4.0 (CVE-2026-4809): attackers can upload malicious PHP files by spoofing MIME types. No patch yet. Disable client MIME trust & enforce server-side checks! Details: https://radar.offseq.com/threat/cve-2026-4809-cwe-434-unrestricted-upload-of-file--9d4d9e8e #OffSeq #CVE20264809 #Laravel #RCE

MimeTypes Link Icons plugin (≤3.2.20) hit by HIGH severity SSRF (CVE-2026-1313, CVSS 8.3). Contributor+ users can abuse "Show file size" to access internal resources. Disable the feature & check user roles. https://radar.offseq.com/threat/cve-2026-1313-cwe-918-server-side-request-forgery--530406e8 #OffSeq #WordPress #SSRF #CVE20261313

CRITICAL: CVE-2026-33075 affects labring FastGPT ≤4.14.8.3. GitHub Actions workflow flaw enables attackers to run code & steal secrets, risking supply chain compromise. No patch — audit workflows & restrict secrets now! https://radar.offseq.com/threat/cve-2026-33075-cwe-494-download-of-code-without-in-52a1ff21 #OffSeq #Infosec #SupplyChain

CRITICAL: CVE-2026-27065 in ThimPress BuilderPress (≤2.0.1) lets attackers perform unauthenticated RFI, risking full WordPress compromise. Disable plugin & harden PHP configs immediately! https://radar.offseq.com/threat/cve-2026-27065-cwe-98-improper-control-of-filename-c54e685b #OffSeq #WordPress #Vuln #RFI #CVE202627065

CRITICAL: CVE-2026-25534 SSRF in Spinnaker clouddriver-artifacts. Versions <2025.2.4 & select 2025.x allow SSRF via URL validation bypass. Patch to 2025.2.4+, 2025.3.1, 2025.4.1, or 2026.0.0 ASAP! Details: https://radar.offseq.com/threat/cve-2026-25534-cwe-918-server-side-request-forgery-618622b4 #OffSeq #SSRF #Spinnaker

CVE-2026-23489 (CRITICAL, CVSS 9.1): GLPI 'fields' plugin (<1.23.3) allows privileged users to execute arbitrary PHP code (RCE risk). Patch to 1.23.3+, review permissions, and monitor activity. https://radar.offseq.com/threat/cve-2026-23489-cwe-20-improper-input-validation-in-9483a14f #OffSeq #GLPI #CVE202623489 #infosec

CRITICAL: CVE-2026-4182 in D-Link DIR-816 (v1.10CNB05) — stack buffer overflow in /goform/form2Wl5RepeaterStep2.cgi enables remote code execution. No patch, public exploit exists. Replace or isolate devices now! https://radar.offseq.com/threat/cve-2026-4182-stack-based-buffer-overflow-in-d-lin-4b5e9537 #OffSeq #DLink #IoTSecurity

️ CRITICAL: D-Link DIR-816 (1.10CNB05) stack-based buffer overflow via pskValue in /goform/form2Wl5BasicSetup.cgi. Exploit is public, remote code execution possible. Device is EOL — isolate or replace! CVE-2026-4184 https://radar.offseq.com/threat/cve-2026-4184-stack-based-buffer-overflow-in-d-lin-8b4d54d9 #OffSeq #DLink #Vuln

CVE-2026-1947: HIGH severity in NEX-Forms – Ultimate Forms Plugin for WordPress (all versions ≤9.1.9). Unauthenticated attackers can overwrite form entries via IDOR. Disable plugin or restrict access ASAP! https://radar.offseq.com/threat/cve-2026-1947-cwe-639-authorization-bypass-through-412339ff #OffSeq #WordPress #Vuln #InfoSec

HIGH severity: CVE-2026-4172 in TRENDnet TEW-632BRP (v1.010B32) — stack-based buffer overflow in /ping_response.cgi (ping_ipaddr). Public exploit, no patch. Isolate, restrict access, and monitor now! https://radar.offseq.com/threat/cve-2026-4172-stack-based-buffer-overflow-in-trend-df028a4c #OffSeq #Infosec #RouterVuln

️ CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables remote unauthenticated command injection via /cgi-bin/wireless.cgi. Exploit is public — restrict remote admin, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #Vuln #IoTSecurity

CRITICAL: CVE-2026-4170 in Topsec TopACM 3.0 enables unauthenticated OS command injection via 'template_path' in /nmc_sync.php. No patch, public exploit out. Restrict access, deploy WAF/IDS, monitor logs urgently! https://radar.offseq.com/threat/cve-2026-4170-os-command-injection-in-topsec-topac-9e1efe11 #OffSeq #vuln #cybersecurity

️ CVE-2026-4008: HIGH severity stack buffer overflow in Tenda W3 (v1.0.0.3(2204)) lets remote attackers execute code or cause DoS — no auth needed. Public exploit available, patch or restrict access now! https://radar.offseq.com/threat/cve-2026-4008-stack-based-buffer-overflow-in-tenda-40f87be9 #OffSeq #Tenda #Infosec #Vuln

CVE-2026-2631 (CRITICAL): Datalogics Ecommerce Delivery WP plugin (<2.6.60) lets unauthenticated attackers gain admin via REST endpoint. Patch or restrict access now! Details: https://radar.offseq.com/threat/cve-2026-2631-cwe-269-improper-privilege-managemen-beccaec0 #OffSeq #WordPress #Vuln #Infosec

CRITICAL: CVE-2026-28806 in nerves_hub_web ≤2.3.x allows authenticated users to take over devices/orgs via improper authorization. Upgrade to 2.4.0+ ASAP! Remote console: high risk of full compromise. https://radar.offseq.com/threat/cve-2026-28806-cwe-285-improper-authorization-in-n-d2ddfb8c #OffSeq #nerveshub #infosec #CVE202628806

CRITICAL: CVE-2026-27685 in SAP NetWeaver EP-RUNTIME 7.50 (Admin) enables privileged users to upload malicious serialized data — risking full system compromise. Restrict uploads, monitor privileged actions, patch ASAP! https://radar.offseq.com/threat/cve-2026-27685-cwe-502-deserialization-of-untruste-36704129 #OffSeq #SAP #CVE #InfoSec