Cyber Security Alerts
Blueteq Cyber Alerts
Latest High & Critical Vulnerabilities
Blueteq’s Cyber Alerts keep watch so you don’t have to. We continuously monitor newly published critical and high-risk vulnerabilities, analysing emerging threats as they appear. This page provides clear visibility of the issues that matter most, helping you stay protected.
CVE ID :CVE-2026-3614 Published : April 16, 2026, 6:16 a.m. | 2 hours, 56 minutes ago Description :The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability...Read more
Date: 2026-04-16
CVE ID :CVE-2026-3596 Published : April 16, 2026, 6:16 a.m. | 2 hours, 56 minutes ago Description :The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated...Read more
Date: 2026-04-16
CVE-2023-3634 - Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions
CVE ID :CVE-2023-3634 Published : April 16, 2026, 5:16 a.m. | 3 hours, 56 minutes ago Description :In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to...Read more
Date: 2026-04-16
CVE ID :CVE-2026-6351 Published : April 16, 2026, 2:39 a.m. | 33 minutes ago Description :MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files. ...Read more
Date: 2026-04-16
CVE ID :CVE-2026-6350 Published : April 16, 2026, 2:30 a.m. | 41 minutes ago Description :MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. ...Read more
Date: 2026-04-16
CVE ID :CVE-2026-6349 Published : April 16, 2026, 2:24 a.m. | 47 minutes ago Description :The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server....Read more
Date: 2026-04-16
CVE ID :CVE-2026-40504 Published : April 16, 2026, 2:16 a.m. | 55 minutes ago Description :Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many...Read more
Date: 2026-04-16
CVE ID :CVE-2026-6348 Published : April 16, 2026, 1:53 a.m. | 1 hour, 18 minutes ago Description :WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40502 Published : April 16, 2026, 1:16 a.m. | 3 hours, 56 minutes ago Description :OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40959 Published : April 16, 2026, 1:16 a.m. | 3 hours, 56 minutes ago Description :Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. Severity: 9.3 |...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40960 Published : April 16, 2026, 1:16 a.m. | 3 hours, 56 minutes ago Description :Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a...Read more
Date: 2026-04-16
CVE ID :CVE-2026-4880 Published : April 16, 2026, 12:16 a.m. | 4 hours, 55 minutes ago Description :The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40193 Published : April 16, 2026, 12:16 a.m. | 2 hours, 55 minutes ago Description :maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40192 Published : April 15, 2026, 11:16 p.m. | 3 hours, 55 minutes ago Description :Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40316 Published : April 15, 2026, 11:16 p.m. | 3 hours, 55 minutes ago Description :OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE...Read more
Date: 2026-04-16
Latest Vulnerabilities
CVE ID :CVE-2026-3614 Published : April 16, 2026, 6:16 a.m. | 2 hours, 56 minutes ago Description :The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability...Read more
Date: 2026-04-16
CVE ID :CVE-2026-3596 Published : April 16, 2026, 6:16 a.m. | 2 hours, 56 minutes ago Description :The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated...Read more
Date: 2026-04-16
CVE-2023-3634 - Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions
CVE ID :CVE-2023-3634 Published : April 16, 2026, 5:16 a.m. | 3 hours, 56 minutes ago Description :In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to...Read more
Date: 2026-04-16
CVE ID :CVE-2026-6351 Published : April 16, 2026, 2:39 a.m. | 33 minutes ago Description :MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files. ...Read more
Date: 2026-04-16
CVE ID :CVE-2026-6350 Published : April 16, 2026, 2:30 a.m. | 41 minutes ago Description :MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. ...Read more
Date: 2026-04-16
CVE ID :CVE-2026-6349 Published : April 16, 2026, 2:24 a.m. | 47 minutes ago Description :The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server....Read more
Date: 2026-04-16
CVE ID :CVE-2026-40504 Published : April 16, 2026, 2:16 a.m. | 55 minutes ago Description :Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many...Read more
Date: 2026-04-16
CVE ID :CVE-2026-6348 Published : April 16, 2026, 1:53 a.m. | 1 hour, 18 minutes ago Description :WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40502 Published : April 16, 2026, 1:16 a.m. | 3 hours, 56 minutes ago Description :OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40959 Published : April 16, 2026, 1:16 a.m. | 3 hours, 56 minutes ago Description :Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. Severity: 9.3 |...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40960 Published : April 16, 2026, 1:16 a.m. | 3 hours, 56 minutes ago Description :Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a...Read more
Date: 2026-04-16
CVE ID :CVE-2026-4880 Published : April 16, 2026, 12:16 a.m. | 4 hours, 55 minutes ago Description :The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40193 Published : April 16, 2026, 12:16 a.m. | 2 hours, 55 minutes ago Description :maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40192 Published : April 15, 2026, 11:16 p.m. | 3 hours, 55 minutes ago Description :Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making...Read more
Date: 2026-04-16
CVE ID :CVE-2026-40316 Published : April 15, 2026, 11:16 p.m. | 3 hours, 55 minutes ago Description :OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE...Read more
Date: 2026-04-16