CVE-2026-47151

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...

CVE-2026-47149

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

EUVD-2026-39406

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...

CVE-2026-47151 Door Lock ClearWeekdaySchedule invalid table index and write in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...

CVE-2026-47151

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can cause out-of-bounds writes in Door Lock schedule state. Impact: potential HIGH availability disruption and LOW integrity impact; no confidentiality change. These messages must originate from a device already joined to th...

CVE-2026-47149

CVE-2026-47149 affects EmberZNet v9.0.2 and earlier: malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads, terminating the process. Impacts devices that have joined the network and support the Door Lock cluster. No information leakage to the sender was observ...

CVE-2026-47149 Door Lock GetUserType invalid table index in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

EUVD-2026-39404

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

PT-2026-52404

Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into the Door Lock schedule state. This issue affects only devices that support the Door Lock cluster and requires the...

Fake software on GitHub and SourceForge distribute Deno RAT

During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor. Attackers are using compromised YouTube channels to distribute links ...

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEPDOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batc...

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency CISA issued an update to V1: Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices...

Microsoft Azure Front Door Access Control Error Vulnerability

Microsoft Azure Front Door is a cloud-based content delivery network from Microsoft Corporation in the United States. An access control error vulnerability exists in Microsoft Azure Front Door, which can be exploited by an attacker to elevate privileges...

PT-2026-20278

Name of the Vulnerable Software and Affected Versions Slider Future versions up to and including 1.0.5 Description The Slider Future plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the slider future handle image upload function. This...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, potentially grant themselves elevated privileges and thus execute arbitrary code or gain access to sensitive data. Of the vulnerabilities labeled...

CVE-2026-24300

Azure Front Door Elevation of Privilege Vulnerability...

EUVD-2026-5520

Azure Front Door Elevation of Privilege Vulnerability...

CVE-2026-24300

Azure Front Door Elevation of Privilege Vulnerability...

CVE-2026-24300 Azure Front Door Elevation of Privilege Vulnerability

...

CVE-2026-24300 Azure Front Door Elevation of Privilege Vulnerability

...