CVE-2026-33009

creationtimestamp| type| source ---|---|--- 2026-03-26 18:44:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhyb5mpmwy2d 2026-03-26 22:22:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyndnlegi2d...

CVE-2026-33009 EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

CVE-2024-33009

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the...

CVE-2024-33009 SQL injection vulnerability in SAP Global Label Management (GLM)

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the...

Widespread Exploitation of Zyxel Network Devices

Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices. The vulnerability is present in the default configuration of vulnerable devices and is exploitable in the Wide Area Network...

Zyxel patches two critical vulnerabilities

Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service DoS conditions and even a remote code execution on the affected Zyxell firewalls. Affected users should...

Zyxel USG < 4.35 / ATP < 4.35 / VPN < 4.35 / ZyWALL < 4.35 (RCE) (CVE-2020-9054)

The Firmware version of the Zyxel USG, ATP, ZyWALL or VPN is affected by multiple vulnerabilities: - A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX...

CVE-2023-33009

creationtimestamp| type| source ---|---|--- 2023-05-24 16:26:54+00:00| seen| https://t.me/cibsecurity/64677 2023-05-25 19:04:24+00:00| seen| Telegram/o33eMMvV5GbS5yvZwxR9Wy9Vxsb16o4MXlOt7k80dQpLQ 2023-05-25 19:12:23+00:00| seen| https://t.me/KomunitiSiber/262 2023-05-26 18:40:05+00:00| seen|...

CVE-2023-33009

CVE-2023-33009 is a buffer-overflow vulnerability in the notification function across Zyxel firewall/NGFW families (ATP, USG FLEX, VPN, ZyWALL/USG) with affected firmware ranges roughly 4.60–5.36 Patch 1 (and ZyWALL/USG 4.60–4.73 Patch 1). An unauthenticated attacker could trigger denial-of-servi...

CVE-2023-33009

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50W firmware versions 4.60 through 5.36 Patch 1, USG20W-VPN firmware versions 4.60 through 5.36 Patch...

CVE-2022-33009

creationtimestamp| type| source ---|---|--- 2022-06-28 02:35:13+00:00| seen| https://t.me/cibsecurity/45259...

CVE-2022-33009

A stored cross-site scripting XSS vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file...

CVE-2022-33009

LightCMS v1.3.11 has a stored XSS vulnerability exploitable by uploading a crafted PDF file. Root cause: insufficient validation of user-supplied data and output filtering. Impact is client-side script execution. Affected version: LightCMS 1.3.11. No remediation details are provided in the suppli...

CVE-2021-33009

creationtimestamp| type| source ---|---|--- 2022-05-13 20:27:20+00:00| seen| https://t.me/cibsecurity/42692...

CVE-2021-33009

CVE-2021-33009 affects mySCADA myPRO prior to version 8.20.0. An unauthenticated remote attacker can upload arbitrary files to the file system due to an unrestricted upload vulnerability (CWE-434). CVSSv3 base score 7.5 (HIGH) with network access and no authentication; impact on integrity is HIGH...