Available now! Telegram Research 2025 — the year's key insights 
CVE Notify
Open in Telegram
📈 Analytical overview of Telegram channel CVE Notify
Channel CVE Notify (@cvenotify) in the English language segment is an active participant. Currently, the community unites 18 873 subscribers, ranking 7 135 in the Technologies & Applications category and 2 089 in the USA region.
📊 Audience metrics and dynamics
Since its creation on невідомо, the project has demonstrated rapid growth, gathering an audience of 18 873 subscribers.
According to the latest data from 10 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 425 over the last 30 days and by 10 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 0.54%. Within the first 24 hours after publication, content typically collects 0.40% reactions from the total number of subscribers.
- Post reach: On average, each post receives 101 views. Within the first day, a publication typically gains 75 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 1.
- Thematic interests: Content is focused on key topics such as cve-2026, attack, input, validation, manipulation.
📝 Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
“Alert on the latest CVEs
Partner channel: @malwr”
Thanks to the high frequency of updates (latest data received on 11 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
18 873
Subscribers
+1024 hours
+1227 days
+42530 days
Data loading in progress...
Similar Channels
Tags Cloud
Incoming and Outgoing Mentions
---
---
---
---
---
---
Attracting Subscribers
June '26
June '26
+161
in 0 channels
May '26
+531
in 2 channels
Get PRO
April '26
+278
in 1 channels
Get PRO
March '26
+266
in 2 channels
Get PRO
February '26
+423
in 1 channels
Get PRO
January '26
+436
in 1 channels
Get PRO
December '25
+713
in 3 channels
Get PRO
November '25
+453
in 1 channels
Get PRO
October '25
+320
in 1 channels
Get PRO
September '25
+190
in 0 channels
Get PRO
August '25
+198
in 0 channels
Get PRO
July '25
+280
in 0 channels
Get PRO
June '25
+178
in 0 channels
Get PRO
May '25
+207
in 0 channels
Get PRO
April '25
+262
in 0 channels
Get PRO
March '25
+207
in 0 channels
Get PRO
February '25
+179
in 0 channels
Get PRO
January '25
+214
in 3 channels
Get PRO
December '24
+299
in 0 channels
Get PRO
November '24
+831
in 1 channels
Get PRO
October '24
+997
in 2 channels
Get PRO
September '24
+1 432
in 1 channels
Get PRO
August '24
+1 728
in 3 channels
Get PRO
July '24
+1 253
in 2 channels
Get PRO
June '24
+1 168
in 2 channels
Get PRO
May '24
+1 342
in 0 channels
Get PRO
April '24
+1 457
in 1 channels
Get PRO
March '24
+1 255
in 2 channels
Get PRO
February '24
+845
in 1 channels
Get PRO
January '24
+462
in 1 channels
Get PRO
December '23
+451
in 1 channels
Get PRO
November '23
+140
in 1 channels
Get PRO
October '23
+194
in 0 channels
Get PRO
September '23
+174
in 0 channels
Get PRO
August '23
+179
in 0 channels
Get PRO
July '23
+114
in 0 channels
Get PRO
June '23
+136
in 0 channels
Get PRO
May '23
+108
in 0 channels
Get PRO
April '23
+147
in 0 channels
Get PRO
March '23
+174
in 0 channels
Get PRO
February '23
+108
in 0 channels
Get PRO
January '23
+107
in 0 channels
Get PRO
December '22
+102
in 0 channels
Get PRO
November '22
+152
in 0 channels
Get PRO
October '22
+74
in 0 channels
Get PRO
September '22
+97
in 0 channels
Get PRO
August '22
+142
in 0 channels
Get PRO
July '22
+93
in 0 channels
Get PRO
June '22
+109
in 0 channels
Get PRO
May '22
+194
in 0 channels
Get PRO
April '22
+94
in 0 channels
Get PRO
March '22
+153
in 0 channels
Get PRO
February '22
+155
in 0 channels
Get PRO
January '22
+160
in 0 channels
Get PRO
December '21
+203
in 0 channels
Get PRO
November '21
+47
in 0 channels
Get PRO
October '21
+76
in 0 channels
Get PRO
September '21
+88
in 0 channels
Get PRO
August '21
+339
in 0 channels
Get PRO
July '21
+92
in 0 channels
Get PRO
June '21
+5
in 0 channels
Get PRO
May '21
+24
in 0 channels
Get PRO
April '21
+18
in 0 channels
Get PRO
March '21
+37
in 0 channels
Get PRO
February '21
+101
in 0 channels
Get PRO
January '21
+324
in 0 channels
| Date | Subscriber Growth | Mentions | Channels | |
| 11 June | +6 | |||
| 10 June | +11 | |||
| 09 June | +18 | |||
| 08 June | +23 | |||
| 07 June | +15 | |||
| 06 June | +6 | |||
| 05 June | +15 | |||
| 04 June | +35 | |||
| 03 June | +14 | |||
| 02 June | +7 | |||
| 01 June | +11 |
Channel Posts
🚨 CVE-2025-7064
Authentication bypass by primary weakness vulnerability in ABB Freelance.
This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.
🎖@cveNotify
| 2 | 🚨 CVE-2022-44630
Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery.
This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0.
🎖@cveNotify | 78 |
| 3 | 🚨 CVE-2022-42479
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Soledad: from n/a through 8.2.5.
🎖@cveNotify | 63 |
| 4 | 🚨 CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
🎖@cveNotify | 57 |
| 5 | 🚨 CVE-2026-53901
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the request through __massageInput(). Because the normalized $input could still contain an id field, a user able to reach an affected add endpoint could supply an identifier that should have been server-controlled.
Successful exploitation could allow creation of objects with attacker-chosen identifiers, potentially causing unauthorized data manipulation, object spoofing, inconsistent references, or disruption through identifier collisions, depending on the affected model and endpoint permissions. The issue was fixed in v1.37 by removing id from the normalized input before entity patching.
🎖@cveNotify | 86 |
| 6 | 🚨 CVE-2024-32110
Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery.
This issue affects WpEvently: from n/a through 4.1.2.
🎖@cveNotify | 77 |
| 7 | 🚨 CVE-2023-40200
Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6.
🎖@cveNotify | 55 |
| 8 | 🚨 CVE-2023-33999
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS.
This issue affects WP Mail Log: from n/a through 1.0.2.
🎖@cveNotify | 46 |
| 9 | 🚨 CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing a manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage of credentials. Remote exploitation of the attack is possible. The exploit is now public and may be used. Upgrading to version 9.0.6 is able to mitigate this issue. It is recommended to upgrade the affected component. The vendor confirms: "The mainstream version ZKBioTime V9.0.6 has fixed this vulnerability. Please update to the latest version as soon as possible. For the Middle East version BioTime 9.5.X, you can contact the local technical support to obtain the fix package."
🎖@cveNotify | 61 |
| 10 | 🚨 CVE-2026-10795
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp_loaded function. This is due to insufficient validation of the remote communications message format, where signature verification can be bypassed and unchecked decryption return values collapse to a predictable all-zero encryption key. This makes it possible for unauthenticated attackers to forge arbitrary RPC commands and run them as the connected administrator, such as uploading and activating a malicious plugin, which ultimately leads to remote code execution.
🎖@cveNotify | 123 |
| 11 | 🚨 CVE-2026-9213
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.
🎖@cveNotify | 117 |
| 12 | 🚨 CVE-2026-0420
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.
🎖@cveNotify | 96 |
| 13 | 🚨 CVE-2026-0416
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.
🎖@cveNotify | 79 |
| 14 | 🚨 CVE-2026-0413
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
🎖@cveNotify | 78 |
| 15 | 🚨 CVE-2026-0411
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.
Orbi WiFi Systems without satellite devices are not impacted by this issue.
🎖@cveNotify | 83 |
| 16 | 🚨 CVE-2026-40985
Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions.
Affected versions:
Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1.
🎖@cveNotify | 141 |
| 17 | 🚨 CVE-2026-9212
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.
🎖@cveNotify | 136 |
| 18 | 🚨 CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
🎖@cveNotify | 132 |
| 19 | 🚨 CVE-2026-46444
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELIST_URLS. However, it is also not protected by the main auth middleware when accessed via API key — the route requires API key auth (not whitelisted), but no permission checks exist on any operation. This issue has been patched in version 3.1.2.
🎖@cveNotify | 121 |
| 20 | 🚨 CVE-2026-46443
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is used but fails to do so when a filter is used. This issue has been patched in version 3.1.2.
🎖@cveNotify | 87 |
