CVE-2026-20161

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...

CVE-2026-20161 Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...

CVE-2026-3590

creationtimestamp| type| source ---|---|--- 2026-04-15 15:28:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjk7jllb5u2k 2026-04-16 11:35:11+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjmcwqgahd2b...

CVE-2026-4145

creationtimestamp| type| source ---|---|--- 2026-04-15 15:20:23+00:00| published-proof-of-concept| Telegram/uZRx6HZozAc0thMR3KKbNyvZVgKIzeeLzgWMgVKyfbYH8EA 2026-04-15 15:56:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjkb3s2lui2r 2026-04-15 16:03:25+00:00| seen|...

CVE-2026-4134

creationtimestamp| type| source ---|---|--- 2026-04-15 15:20:23+00:00| published-proof-of-concept| Telegram/uZRx6HZozAc0thMR3KKbNyvZVgKIzeeLzgWMgVKyfbYH8EA 2026-04-15 16:01:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjkbeqiq7i2o...

CVE-2026-41304

creationtimestamp| type| source ---|---|--- 2026-04-15 14:35:01+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-xr6f-h4x7-r6qp 2026-04-22 01:19:46+00:00| seen| Telegram/K73t--MeF8g6jG3bb2C-tygRugHSGj3gpQqllzPf61swe44 2026-04-22 02:22:08+00:00| seen|...

CVE-2026-40764

creationtimestamp| type| source ---|---|--- 2026-04-15 12:43:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjwbgp2db2o 2026-04-15 16:30:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkcx3e3fb2h 2026-04-15 17:20:42+00:00| seen|...

CVE-2026-27769

creationtimestamp| type| source ---|---|--- 2026-04-15 12:30:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjvk3msii2m 2026-04-16 11:35:10+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjmcwqgahd2b...

CVE-2026-1636

A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges...

CVE-2026-40745

creationtimestamp| type| source ---|---|--- 2026-04-15 12:26:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjve4f4gl23 2026-04-15 16:29:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkcwtc4rj27 2026-04-15 17:20:42+00:00| seen|...

CVE-2026-40784

creationtimestamp| type| source ---|---|--- 2026-04-15 12:18:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjuveihr32o 2026-04-15 16:29:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkcwlaq5m2p 2026-04-15 17:20:42+00:00| seen|...

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

CVE-2026-40740

creationtimestamp| type| source ---|---|--- 2026-04-15 12:14:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjunf24j22r...

CVE-2026-28741

creationtimestamp| type| source ---|---|--- 2026-04-15 12:08:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjudayl732o 2026-04-16 11:35:11+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjmcwqgahd2b...

CVE-2026-3590

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

CVE-2026-3590

Mattermost CVE-2026-3590 describes a race condition in the guest magic link authentication flow that fails to enforce atomic single-use for tokens. A valid magic link can be used to establish multiple independent authenticated sessions via concurrent requests on affected versions: Mattermost 10.1...

CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

CVE-2026-3590 Race Condition in Guest Magic Link Authentication Allows Token Reuse

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent...

From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

We’ve uncovered multiple campaigns distributing an infostealer we track as NWHStealer , using everything from fake VPN downloads to hardware utilities and gaming mods. What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it...

CVE-2026-5160

creationtimestamp| type| source ---|---|--- 2026-04-15 08:22:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjjhpqp6t72m 2026-04-23 14:15:11+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk675fasgt2h...