appsec.fyi · Sources

thehackerwire.com

27 curated AppSec resources from thehackerwire.com across 7 topics on appsec.fyi.

thehackerwire.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-22.

RCE 14 SSRF 5 Deser 3 XSS 3 IDOR 2 AuthN 1 JWT 1
Date Added Resource Excerpt
2026-04-22 2026Authlib Critical JWT Forgery (CVE-2026-27962)JWTAuthlib Critical JWT Forgery (CVE-2026-27962)
2026-04-22 2026Keycloak SAML Disabled Client SSO Bypass (CVE-2026-3047)AuthNKeycloak SAML Disabled Client SSO Bypass (CVE-2026-3047)
2026-04-22 2026LibreChat SSRF Bypass via IPv6 Mapped Address ConfusionSSRFLibreChat SSRF Bypass via IPv6 Mapped Address Confusion
2026-04-16 2026Chamilo LMS IDOR Leads to Admin Privileges (CVE-2026-40291)IDORChamilo LMS IDOR Leads to Admin Privileges (CVE-2026-40291)
2026-04-10 2026FastGPT Critical SSRF via Unauthenticated HTTP Proxy EndpointSSRFFastGPT Critical SSRF via Unauthenticated HTTP Proxy Endpoint
2026-04-10 2026U-Office Force Critical RCE via Insecure Deserialization (CVE-2026-3422)DeserRCEU-Office Force Critical RCE via Insecure Deserialization (CVE-2026-3422)
2026-04-10 2026IBM Langflow Desktop RCE via Insecure DeserializationDeserRCEIBM Langflow Desktop RCE via Insecure Deserialization
2026-04-10 2026Wazuh RCE via Deserialization of Untrusted Data (CVE-2026-25769)RCEWazuh RCE via Deserialization of Untrusted Data (CVE-2026-25769)
2026-04-10 2026Critical Pre-Auth RCE in ChurchCRM Setup WizardRCECritical Pre-Auth RCE in ChurchCRM Setup Wizard
2026-04-10 2026WWBN AVideo RCE via Persistent PHP File Upload (CVE-2026-33717)RCEWWBN AVideo RCE via Persistent PHP File Upload (CVE-2026-33717)
2026-04-10 2026Explorance Blue RCE via Unrestricted File UploadRCEExplorance Blue RCE via Unrestricted File Upload
2026-04-10 2026Precurio Intranet Portal: CSRF to RCE via File UploadRCEPrecurio Intranet Portal: CSRF to RCE via File Upload
2026-04-10 2026Tiandy Easy7 RCE via OS Command Injection (CVE-2026-4585)RCETiandy Easy7 RCE via OS Command Injection (CVE-2026-4585)
2026-04-10 2026Microsoft Bing Images OS Command Injection RCERCEMicrosoft Bing Images OS Command Injection RCE
2026-04-10 2026AWS RES Root RCE via Crafted Session Name (CVE-2026-5707)RCEAWS RES Root RCE via Crafted Session Name (CVE-2026-5707)
2026-04-10 2026Group-Office Critical RCE via Insecure Deserialization (CVE-2026-34838)RCEGroup-Office Critical RCE via Insecure Deserialization (CVE-2026-34838)
2026-04-10 2026NVIDIA APEX Deserialization RCE (CVE-2025-33244)RCENVIDIA APEX Deserialization RCE (CVE-2025-33244)
2026-04-10 2026PraisonAI Critical RCE via Malicious YAML Parsing (CVE-2026-39890)RCEPraisonAI Critical RCE via Malicious YAML Parsing (CVE-2026-39890)
2026-04-10 2026Microsoft SharePoint Deserialization RCE (CVE-2026-26114)DeserMicrosoft SharePoint Deserialization RCE (CVE-2026-26114)
2026-04-10 2026CI4MS Critical Stored XSS (CVE-2026-34569)XSSCI4MS Critical Stored XSS (CVE-2026-34569)
2026-04-10 2026CI4MS Stored DOM XSS via Menu Management (CVE-2026-34565)XSSCI4MS Stored DOM XSS via Menu Management (CVE-2026-34565)
2026-04-10 2026Homarr DOM-based XSS (CVE-2026-33510)XSSHomarr DOM-based XSS (CVE-2026-33510)
2026-04-09 2026curl_cffi SSRF via Unrestricted Redirects (CVE-2026-33752)SSRFcurl_cffi SSRF via Unrestricted Redirects (CVE-2026-33752)
2026-04-09 2026Plunk Critical SSRF in SNS Webhook Handler (CVE-2026-32096)SSRFPlunk Critical SSRF in SNS Webhook Handler (CVE-2026-32096)
2026-04-09 2026Microsoft Purview SSRF Privilege Elevation (CVE-2026-26138)SSRFMicrosoft Purview SSRF Privilege Elevation (CVE-2026-26138)
2026-04-06 2026Nginx UI IDOR Allows Cross-User Resource AccessIDORNginx UI IDOR Allows Cross-User Resource Access
2026-04-03 2026OpenOlat Velocity Template Injection Leads to RCERCEOpenOlat Velocity Template Injection Leads to RCE