Posts of last 24 hours
Currently trending CVE - Hype Score: 1 - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.
https://cvemon.intruder.io/cves/CVE-2026-39938
Currently trending CVE - Hype Score: 1 - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31.
https://cvemon.intruder.io/cves/CVE-2026-39955
After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.
https://www.darkreading.com/threat-intelligence/fortibleed-actors-inc-lynx-ransomware-gangs
https://cyber.gc.ca/en/alerts-advisories/al26-016-vulnerability-impacting-citrix-netscaler-cve-2026-8451
Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic.
Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the network's pool of usable devices by millions.
Google identifies NetNut, also tracked as Popa, as a network spread across home
https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html
A vulnerability was found in Cisco Evolved Programmable Network Manager up to 8.1.1 and classified as critical. Impacted is an unknown function of the component REST API Endpoint. Such manipulation leads to missing authorization.
This vulnerability is uniquely identified as CVE-2026-20155. The attack can be launched remotely. No exploit exists.
It is suggested to upgrade the affected component.
https://vuldb.com/vuln/354723
A vulnerability, which was classified as critical, was found in rtk-ai rtk 1.0.0. The affected element is the function execSync of the component Template String Handler. Executing a manipulation can lead to os command injection.
This vulnerability is registered as CVE-2026-55249. It is possible to launch the attack remotely. No exploit is available.
https://vuldb.com/vuln/373061
A vulnerability has been found in rtk-ai rtk up to 0.31.x and classified as problematic. The impacted element is an unknown function of the file rtk/filters.toml of the component Filter Handler. The manipulation leads to insufficient verification of data authenticity.
This vulnerability is documented as CVE-2026-45792. The attack needs to be performed locally. There is not any exploit available.
The affected component should be upgraded.
https://vuldb.com/vuln/373062
A vulnerability was found in QOS.CH Sarl Logback-core up to 1.5.34/1.5.134. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Configuration Handler. The manipulation leads to improper input validation.
This vulnerability is referenced as CVE-2026-13006. The attack can only be performed from a local environment. No exploit is available.
Upgrading the affected component is recommended.
https://vuldb.com/vuln/373176
A vulnerability was found in Schneider Electric PowerLogic P7. It has been declared as problematic. This impacts an unknown function of the component Configuration Handler. The manipulation results in null pointer dereference.
This vulnerability is reported as CVE-2026-9716. The attack can be launched remotely. No exploit exists.
It is advisable to implement a patch to correct this issue.
https://vuldb.com/vuln/373933