Cyber Security Alerts
Blueteq Cyber Alerts
Latest High & Critical Vulnerabilities
Blueteq’s Cyber Alerts keep watch so you don’t have to. We continuously monitor newly published critical and high-risk vulnerabilities, analysing emerging threats as they appear. This page provides clear visibility of the issues that matter most, helping you stay protected.
CVE ID :CVE-2019-25697 Published : April 12, 2026, 12:28 p.m. | 38 minutes ago Description :CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send...Read more
Date: 2026-04-12
CVE ID :CVE-2019-25689 Published : April 12, 2026, 12:28 p.m. | 38 minutes ago Description :HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can...Read more
Date: 2026-04-12
CVE ID :CVE-2018-25258 Published : April 12, 2026, 12:28 p.m. | 38 minutes ago Description :RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers...Read more
Date: 2026-04-12
CVE ID :CVE-2026-6124 Published : April 12, 2026, 9:16 a.m. | 3 hours, 50 minutes ago Description :A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation...Read more
Date: 2026-04-12
CVE ID :CVE-2026-6123 Published : April 12, 2026, 9:16 a.m. | 3 hours, 50 minutes ago Description :A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of...Read more
Date: 2026-04-12
CVE ID :CVE-2026-6122 Published : April 12, 2026, 8:16 a.m. | 50 minutes ago Description :A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such...Read more
Date: 2026-04-12
CVE ID :CVE-2026-6121 Published : April 12, 2026, 8:16 a.m. | 4 hours, 50 minutes ago Description :A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd....Read more
Date: 2026-04-12
CVE ID :CVE-2026-6120 Published : April 12, 2026, 6:16 a.m. | 50 minutes ago Description :A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument...Read more
Date: 2026-04-12
CVE ID :CVE-2026-1116 Published : April 12, 2026, 3:16 a.m. | 7 hours, 50 minutes ago Description :A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from...Read more
Date: 2026-04-12
CVE ID :CVE-2026-31845 Published : April 11, 2026, 7:16 p.m. | 9 hours, 50 minutes ago Description :A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects...Read more
Date: 2026-04-11
CVE ID :CVE-2026-34621 Published : April 11, 2026, 7:16 a.m. | 21 hours, 50 minutes ago Description :Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in...Read more
Date: 2026-04-11
CVE ID :CVE-2026-5144 Published : April 11, 2026, 2:16 a.m. | 1 day ago Description :The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog...Read more
Date: 2026-04-11
CVE ID :CVE-2026-5059 Published : April 11, 2026, 1:16 a.m. | 5 hours, 50 minutes ago Description :aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is...Read more
Date: 2026-04-11
CVE ID :CVE-2026-5058 Published : April 11, 2026, 1:16 a.m. | 11 hours, 50 minutes ago Description :aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required...Read more
Date: 2026-04-11
CVE ID :CVE-2026-4149 Published : April 11, 2026, 12:12 a.m. | 54 minutes ago Description :Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era...Read more
Date: 2026-04-11
Latest Vulnerabilities
CVE ID :CVE-2019-25697 Published : April 12, 2026, 12:28 p.m. | 38 minutes ago Description :CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send...Read more
Date: 2026-04-12
CVE ID :CVE-2019-25689 Published : April 12, 2026, 12:28 p.m. | 38 minutes ago Description :HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can...Read more
Date: 2026-04-12
CVE ID :CVE-2018-25258 Published : April 12, 2026, 12:28 p.m. | 38 minutes ago Description :RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers...Read more
Date: 2026-04-12
CVE ID :CVE-2026-6124 Published : April 12, 2026, 9:16 a.m. | 3 hours, 50 minutes ago Description :A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation...Read more
Date: 2026-04-12
CVE ID :CVE-2026-6123 Published : April 12, 2026, 9:16 a.m. | 3 hours, 50 minutes ago Description :A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of...Read more
Date: 2026-04-12
CVE ID :CVE-2026-6122 Published : April 12, 2026, 8:16 a.m. | 50 minutes ago Description :A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such...Read more
Date: 2026-04-12
CVE ID :CVE-2026-6121 Published : April 12, 2026, 8:16 a.m. | 4 hours, 50 minutes ago Description :A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd....Read more
Date: 2026-04-12
CVE ID :CVE-2026-6120 Published : April 12, 2026, 6:16 a.m. | 50 minutes ago Description :A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument...Read more
Date: 2026-04-12
CVE ID :CVE-2026-1116 Published : April 12, 2026, 3:16 a.m. | 7 hours, 50 minutes ago Description :A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from...Read more
Date: 2026-04-12
CVE ID :CVE-2026-31845 Published : April 11, 2026, 7:16 p.m. | 9 hours, 50 minutes ago Description :A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects...Read more
Date: 2026-04-11
CVE ID :CVE-2026-34621 Published : April 11, 2026, 7:16 a.m. | 21 hours, 50 minutes ago Description :Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in...Read more
Date: 2026-04-11
CVE ID :CVE-2026-5144 Published : April 11, 2026, 2:16 a.m. | 1 day ago Description :The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog...Read more
Date: 2026-04-11
CVE ID :CVE-2026-5059 Published : April 11, 2026, 1:16 a.m. | 5 hours, 50 minutes ago Description :aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is...Read more
Date: 2026-04-11
CVE ID :CVE-2026-5058 Published : April 11, 2026, 1:16 a.m. | 11 hours, 50 minutes ago Description :aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required...Read more
Date: 2026-04-11
CVE ID :CVE-2026-4149 Published : April 11, 2026, 12:12 a.m. | 54 minutes ago Description :Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era...Read more
Date: 2026-04-11