⚠️ CRITICAL: CVE-2026-6271 in shahinurislam Career Section plugin (≤1.7) lets unauthenticated attackers upload dangerous files — risk of remote code execution.

️ CRITICAL: CVE-2026-6271 in shahinurislam Career Section plugin (≤1.7) lets unauthenticated attackers upload dangerous files — risk of remote code execution. Disable plugin immediately & monitor uploads. https://radar.offseq.com/threat/cve-2026-6271-cwe-434-unrestricted-upload-of-file--9fe22087 #OffSeq #WordPress #RCE #Vulnerability

Fortinet & Ivanti released CRITICAL patches for RCE & info disclosure vulnerabilities, some exploitable without auth. Products: FortiAuthenticator, FortiSandbox, Ivanti Xtraction & more. Patch ASAP — no known exploitation yet. Details: https://radar.offseq.com/threat/fortinet-ivanti-patch-critical-vulnerabilities-a2386d8e #OffSeq #Vulnerability #Infosec

CRITICAL: CVE-2026-32661 stack buffer overflow in Canon GUARDIANWALL MailSuite (v1.4.00 – 2.4.26). Remote code execution possible. Restrict network access & monitor pop3wallpasswd. Patch pending. https://radar.offseq.com/threat/cve-2026-32661-stack-based-buffer-overflow-in-cano-fe8551b1 #OffSeq #CVE202632661 #infosec #vuln

CVE-2026-8072 (CRITICAL, 9.2): Ingeteam Ingecon Sun EMS Board uses weak hashing for SAT access credentials, risking privilege escalation. No mitigation yet — review access and monitor for updates. https://radar.offseq.com/threat/cve-2026-8072-cwe-327-use-of-a-broken-or-risky-cry-6e7aa5de #OffSeq #ICS #Vulnerability

️ HIGH severity in SignalK signalk-server <2.25.0 (CVE-2026-41893): WebSocket login bypasses rate limits, enabling fast brute force attacks. Patch to 2.25.0+ ASAP. Details: https://radar.offseq.com/threat/cve-2026-41893-cwe-307-improper-restriction-of-exc-a656937b #OffSeq #infosec #vuln #bruteforce

HIGH severity alert: CVE-2026-8234 stack buffer overflow in EFM ipTIME A8004T (v14.18.2) — remote, unauthenticated exploit possible. No patch yet; restrict remote access now. Details: https://radar.offseq.com/threat/cve-2026-8234-stack-based-buffer-overflow-in-efm-i-fc36030f #OffSeq #CVE20268234 #RouterSecurity #Infosec

️ CVE-2026-7330: HIGH severity stored XSS in thedark Auto Affiliate Links (≤6.8.8) lets unauthenticated attackers inject scripts via AJAX endpoint. WP admins at risk — update/disable plugin! https://radar.offseq.com/threat/cve-2026-7330-cwe-79-improper-neutralization-of-in-dc918ba5 #OffSeq #WordPress #Infosec #XSS

️ CVE-2026-35428 (CRITICAL, CVSS 9.6) affects Microsoft Azure Cloud Shell via command injection (CWE-77). Exploitation enables spoofing over networks. Microsoft has deployed a fix — update your environments! Details: https://radar.offseq.com/threat/cve-2026-35428-cwe-77-improper-neutralization-of-s-2b3310c3 #OffSeq #Azure #Vulnerability #CloudSec

CRITICAL: CVE-2026-42880 in Argo CD (v3.2.0 – 3.2.10, 3.3.0 – 3.3.8) allows attackers with read-only access to extract plaintext Kubernetes Secrets via the ServerSideDiff endpoint. Patch to 3.2.11/3.3.9+ now! https://radar.offseq.com/threat/cve-2026-42880-cwe-200-exposure-of-sensitive-infor-40029159 #OffSeq #ArgoCD #Kubernetes #CVE202642880

CVE-2026-41202: CRITICAL path traversal in ci4ms (<0.31.5.0) lets authenticated users upload ZIPs for remote code execution. Patch to 0.31.5.0 now! Details: https://radar.offseq.com/threat/cve-2026-41202-cwe-22-improper-limitation-of-a-pat-c7627c61 #OffSeq #infosec #CVE202641202 #vuln

CVE-2026-0300: CRITICAL PAN-OS vuln in PA-Series & VM-Series. Buffer overflow in User-ID Auth Portal enables unauth RCE as root. Restrict portal access ASAP. Prisma Access & Cloud NGFW not impacted. Details: https://radar.offseq.com/threat/cve-2026-0300-cwe-787-out-of-bounds-write-in-palo--a6a99009 #OffSeq #PaloAltoNetworks #Vuln

CRITICAL: CVE-2026-42779 in Apache MINA (2.1.0 – 2.1.11 & 2.2.0 – 2.2.6) enables remote code execution via deserialization of untrusted data. Upgrade to 2.1.12/2.2.7 now! https://radar.offseq.com/threat/cve-2026-42779-cwe-502-deserialization-of-untruste-d7661188 #OffSeq #ApacheMINA #Vuln #Infosec

️ CVE-2026-5402: HIGH severity heap buffer overflow in Wireshark 4.6.0 – 4.6.4 TLS dissector. Exploitation can lead to DoS or code execution. No patch yet — avoid untrusted TLS traffic. https://radar.offseq.com/threat/cve-2026-5402-cwe-122-heap-based-buffer-overflow-i-bdf27e3b #OffSeq #Wireshark #CVE20265402 #BlueTeam

Chrome 147 & Firefox 150.0.1 ship critical security updates: use-after-free & memory corruption bugs could allow code execution or info leaks. Patch to latest browser versions ASAP. ️ https://radar.offseq.com/threat/chrome-147-firefox-150-security-updates-rolling-ou-587da3ca #OffSeq #BrowserSecurity #Vulnerability

️ CRITICAL: CVE-2026-3854 lets users with push access run arbitrary code on GitHub backend servers. Impacts GitHub.com & Enterprise Server. GitHub.com patched 2026-03-04; ES patch 2026-03-10. Patch ASAP! No wild exploits found. https://radar.offseq.com/threat/critical-github-vulnerability-exposed-millions-of--29b3abff #OffSeq #GitHub #Infosec

CVE-2026-7155: CRITICAL OS command injection in Totolink A8000RU (7.1cu.643_b20200521). Exploitable remotely, no auth needed. Disable remote mgmt & restrict access until patch. Details: https://radar.offseq.com/threat/cve-2026-7155-os-command-injection-in-totolink-a80-1189da9b #OffSeq #Vulnerability #CVE2026_7155 #IoTSecurity

️ HIGH severity: CVE-2026-3868 affects Moxa EDR-8010 v1.0 routers. Remote attackers can trigger a DoS via HTTPS mgmt interface buffer overflow. No patch yet — restrict access & monitor for outages. https://radar.offseq.com/threat/cve-2026-3868-cwe-130-improper-handling-of-length--680be2d5 #OffSeq #Moxa #Infosec #ICS

CRITICAL SQL Injection (CVE-2026-6887) in BorG SPM 2007: unauthenticated remote attackers can manipulate databases. No patch, product EOL. Isolate or discontinue use ASAP. Details: https://radar.offseq.com/threat/cve-2026-6887-cwe-89-improper-neutralization-of-sp-f0a62364 #OffSeq #SQLInjection #Vuln #InfoSec

CRITICAL RCE issue tied to Google Antigravity is attracting cybercriminals using its reputation to spread malware. No confirmed active exploitation or patch yet. Stay vigilant — avoid suspicious content and monitor advisories. https://radar.offseq.com/threat/google-antigravity-in-crosshairs-of-security-resea-49e17863 #OffSeq #Infosec #Malware #RCE

HIGH severity alert: Quantum Networks QN-I-470 routers (6.1.1.B1) have a CLI OS command injection (CVE-2026-41036). Authenticated attackers can execute root commands remotely. Limit access & monitor systems. https://radar.offseq.com/threat/cve-2026-41036-cwe-78-improper-neutralization-of-s-3995b27c #OffSeq #Vuln #NetworkSecurity