en
Feedback
CVE Notify

CVE Notify

Open in Telegram

Alert on the latest CVEs Partner channel: @malwr

Show more

πŸ“ˆ Analytical overview of Telegram channel CVE Notify

Channel CVE Notify (@cvenotify) in the English language segment is an active participant. Currently, the community unites 19 014 subscribers, ranking 7 017 in the Technologies & Applications category and 2 059 in the USA region.

πŸ“Š Audience metrics and dynamics

Since its creation on Π½Π΅Π²Ρ–Π΄ΠΎΠΌΠΎ, the project has demonstrated rapid growth, gathering an audience of 19 014 subscribers.

According to the latest data from 01 July, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 290 over the last 30 days and by 0 over the last 24 hours, overall reach remains high.

  • Verification status: Not verified
  • Engagement rate (ER): The average audience engagement rate is 0.13%. Within the first 24 hours after publication, content typically collects 0.12% reactions from the total number of subscribers.
  • Post reach: On average, each post receives 25 views. Within the first day, a publication typically gains 23 views.
  • Reactions and interaction: The audience actively supports content: the average number of reactions per post is 1.
  • Thematic interests: Content is focused on key topics such as cve-2026, attack, input, validation, manipulation.

πŸ“ Description and content policy

The author describes the resource as a platform for expressing subjective opinions:
β€œAlert on the latest CVEs Partner channel: @malwr”

Thanks to the high frequency of updates (latest data received on 02 July, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.

19 014
Subscribers
No data24 hours
No data7 days
+29030 days
Attracting Subscribers
June '26
June '26
+314
in 0 channels
May '26
+531
in 2 channels
Get PRO
April '26
+278
in 1 channels
Get PRO
March '26
+266
in 3 channels
Get PRO
February '26
+423
in 1 channels
Get PRO
January '26
+436
in 1 channels
Get PRO
December '25
+713
in 3 channels
Get PRO
November '25
+453
in 1 channels
Get PRO
October '25
+320
in 1 channels
Get PRO
September '25
+190
in 0 channels
Get PRO
August '25
+198
in 0 channels
Get PRO
July '25
+280
in 0 channels
Get PRO
June '25
+178
in 0 channels
Get PRO
May '25
+207
in 0 channels
Get PRO
April '25
+262
in 0 channels
Get PRO
March '25
+207
in 0 channels
Get PRO
February '25
+179
in 0 channels
Get PRO
January '25
+214
in 3 channels
Get PRO
December '24
+299
in 0 channels
Get PRO
November '24
+831
in 1 channels
Get PRO
October '24
+997
in 2 channels
Get PRO
September '24
+1 432
in 1 channels
Get PRO
August '24
+1 728
in 3 channels
Get PRO
July '24
+1 253
in 2 channels
Get PRO
June '24
+1 168
in 2 channels
Get PRO
May '24
+1 342
in 0 channels
Get PRO
April '24
+1 457
in 1 channels
Get PRO
March '24
+1 255
in 2 channels
Get PRO
February '24
+845
in 1 channels
Get PRO
January '24
+462
in 1 channels
Get PRO
December '23
+451
in 1 channels
Get PRO
November '23
+140
in 1 channels
Get PRO
October '23
+194
in 0 channels
Get PRO
September '23
+174
in 0 channels
Get PRO
August '23
+179
in 0 channels
Get PRO
July '23
+114
in 0 channels
Get PRO
June '23
+136
in 0 channels
Get PRO
May '23
+108
in 0 channels
Get PRO
April '23
+147
in 0 channels
Get PRO
March '23
+174
in 0 channels
Get PRO
February '23
+108
in 0 channels
Get PRO
January '23
+107
in 0 channels
Get PRO
December '22
+102
in 0 channels
Get PRO
November '22
+152
in 0 channels
Get PRO
October '22
+74
in 0 channels
Get PRO
September '22
+97
in 0 channels
Get PRO
August '22
+142
in 0 channels
Get PRO
July '22
+93
in 0 channels
Get PRO
June '22
+109
in 0 channels
Get PRO
May '22
+194
in 0 channels
Get PRO
April '22
+94
in 0 channels
Get PRO
March '22
+153
in 0 channels
Get PRO
February '22
+155
in 0 channels
Get PRO
January '22
+160
in 0 channels
Get PRO
December '21
+203
in 0 channels
Get PRO
November '21
+47
in 0 channels
Get PRO
October '21
+76
in 0 channels
Get PRO
September '21
+88
in 0 channels
Get PRO
August '21
+339
in 0 channels
Get PRO
July '21
+92
in 0 channels
Get PRO
June '21
+5
in 0 channels
Get PRO
May '21
+24
in 0 channels
Get PRO
April '21
+18
in 0 channels
Get PRO
March '21
+37
in 0 channels
Get PRO
February '21
+101
in 0 channels
Get PRO
January '21
+324
in 0 channels
Date
Subscriber Growth
Mentions
Channels
24 June+8
23 June+12
22 June+15
21 June+7
20 June+10
19 June+10
18 June+2
17 June+6
16 June+4
15 June+26
14 June+14
13 June+13
12 June+17
11 June+15
10 June+11
09 June+18
08 June+23
07 June+15
06 June+6
05 June+15
04 June+35
03 June+14
02 June+7
01 June+11
Channel Posts
🚨 CVE-2026-9107 The Kali Forms β€” Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'meta[kaliforms_field_components]' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. πŸŽ–@cveNotify

2
🚨 CVE-2026-7840 UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wi_senderr() and wi_replyhdr() in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer (hdrbuf) via unchecked sprintf calls. The HTTP receive buffer accepts URIs up to approximately 150 KB (WI_RXBUFSIZE = 153600), so an unauthenticated attacker who can reach the repeater HTTP port (default TCP 80) can overflow hdrbuf by at least 500 bytes with a single HTTP request containing a URI of 1500 bytes or longer, corrupting adjacent .bss-segment globals. The overflow occurs before any authentication check, making it reachable without credentials. A remote, unauthenticated attacker can achieve arbitrary code execution on the host running the repeater. πŸŽ–@cveNotify
13
3
🚨 CVE-2026-7839 UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpy_s(saved_password, 64, "adminadmi2"). The HTTP Basic-auth handler wi_decode_auth() checks this password without rate-limiting or lockout. Any remote attacker who can reach the repeater HTTP port (default TCP 80) can authenticate as administrator using the well-known default credential on a fresh or unmodified installation, gaining full control of the repeater configuration including allow/deny rules and session visibility. πŸŽ–@cveNotify
8
4
🚨 CVE-2026-7838 UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte network-supplied reasonLen field (type CARD32) is passed as reasonLen+1 to CheckBufferSize(). Because both operands are unsigned 32-bit, a reasonLen of 0xFFFFFFFF overflows to 0, causing CheckBufferSize to allocate only 256 bytes. The subsequent ReadString(m_netbuf, reasonLen) call then performs ReadExact for the original 4 GiB length into that 256-byte heap buffer. This overflow is reachable via rfbConnFailed (auth-scheme negotiation) and rfbVncAuthFailed (post-handshake) message types without successful authentication. A malicious VNC server, or any man-in-the-middle on the RFB stream, can trigger this condition when the victim viewer connects, potentially resulting in remote code execution as the user running the viewer. The crash was confirmed with AddressSanitizer on a portable reproduction harness (heap-buffer-overflow WRITE at offset 256). πŸŽ–@cveNotify
3
5
🚨 CVE-2026-7831 UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message handler. In vncviewer/ClientConnection.cpp, when the server-supplied nameLength equals exactly 2024 the code declares a 2024-byte stack buffer _dn[2024] and calls ReadString(_dn, 2024). ReadString writes the NUL terminator at buf[length], i.e., _dn[2024], one byte past the end of the stack buffer. A malicious VNC server can trigger this condition by advertising a desktop name of length 2024 in its ServerInit message. On release builds without stack canaries the single-byte NUL overwrite adjacent stack data. On builds with /GS stack protection the canary is corrupted and the process terminates, resulting in denial of service. User interaction (connecting the viewer to the malicious server) is required. πŸŽ–@cveNotify
2
6
🚨 CVE-2026-7830 UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme (rfbUltraVNC_MsLogonIIAuth). In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer (DH_MAX_BITS controls the prime size). A 64-bit DH key can be broken by Pollard's rho algorithm in under one second on current hardware. Additionally, the private exponent is generated by the rng() function, which multiplies three libc rand() values seeded from time(NULL). With approximately 31 bits of internal state and a time-based seed, the private exponent is recoverable in under a minute by a passive observer. A network attacker who can observe the MS-Logon II handshake (via sniffing, recording, or man-in-the-middle) can derive the shared DH key and decrypt the encapsulated username and password, resulting in full credential disclosure. This affects legacy MS-Logon II connections; MS-Logon III (X25519 + AES-256-GCM) is unaffected. πŸŽ–@cveNotify
1
7
🚨 CVE-2026-7829 UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpy_s copies a rule token into temp1[rule1] (25-byte destination) or temp2/temp3 (16-byte destination), the code unconditionally writes a NUL terminator at temp1[rule1][len] = 0 without clamping len to the destination size. When an authenticated administrator saves a rule with a token length equal to or greater than the destination size, the NUL byte is written one or more bytes past the end of the stack-allocated array, corrupting adjacent stack data. An attacker who has obtained admin credentials (including via CVE-2026-7839 default password) can trigger this to gain code execution on the repeater host. πŸŽ–@cveNotify
1
8
🚨 CVE-2026-7828 UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the win_log() function allocates list nodes via malloc(sizeof(struct LIST) + strlen(line)), where line is derived from HTTP request URIs. If strlen(line) is sufficiently large, the addition overflows to a value smaller than sizeof(struct LIST), causing a heap allocation smaller than required. The subsequent strcpy of the full string into the undersized allocation produces a heap buffer overflow. In the current implementation this overflow is bounded by the HTTP receive buffer size (WI_RXBUFSIZE = 153600 bytes, well below SIZE_MAX on 32-bit builds), limiting practical exploitability to a partial heap write. A remote unauthenticated attacker can trigger the theoretical overflow path by sending a maximally-sized URI in an HTTP request to the repeater HTTP port. πŸŽ–@cveNotify
1
9
🚨 CVE-2026-7517 The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alg_wc_cpg_input_fields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability is exploitable by unauthenticated guest users submitting a crafted checkout POST request, requiring no custom input fields to be configured in the plugin. πŸŽ–@cveNotify
1
10
🚨 CVE-2026-6070 The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove() method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is accessible without authentication via the plugin's frontend routing system. The _filename parameter is accepted with RAW filter (no sanitization), and the helper function makePathFile() only normalizes directory separator characters without stripping path traversal sequences (../). When combined with the _path_type=2 parameter, which sets the base directory to the plugin's site folder, an attacker can supply a _filename value containing ../ sequences to traverse outside the plugin directory and call PHP's unlink() on arbitrary files β€” including wp-config.php, wp-config-backup.php, or other critical server files accessible to the web server process. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. πŸŽ–@cveNotify
1
11
🚨 CVE-2026-58519 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from * before 3.9.1. πŸŽ–@cveNotify
2
12
🚨 CVE-2026-58518 Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from * before 1.3.3. πŸŽ–@cveNotify
2
13
🚨 CVE-2026-44041 UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb() function passes a caller-supplied WCHAR pointer to wcslen() before any bounds check. If the caller provides a wide-character buffer that is not properly NUL-terminated, wcslen() reads past the end of the buffer until it encounters a NUL wchar, resulting in an out-of-bounds read. Under typical Win32 API usage this requires an abnormal caller contract. Impact is limited to a potential information disclosure from adjacent memory regions or a process crash (denial of service) if the over-read crosses a page boundary. πŸŽ–@cveNotify
2
14
🚨 CVE-2026-44040 UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes() function seeds libc rand() with time(0) + getpid() + rand() and generates a 16-byte challenge. The combined seed space is approximately 31 bits (libc rand() internal state) and is entirely determined by publicly-observable values (wall-clock time and process ID). An attacker who can observe the authentication exchange can enumerate the seed space and predict the challenge within seconds, enabling forgery or offline brute-forcing of responses. Note: on Windows, the active code path may use vncEncryptBytes2.cpp which calls CryptGenRandom; reachability on shipped Windows binaries requires compile-graph verification and is under investigation. πŸŽ–@cveNotify
2
15
🚨 CVE-2026-2387 The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the 'eo_events' shortcode accepting attacker-controlled 'no_events' content and rendering it in event list templates without output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. πŸŽ–@cveNotify
3
16
🚨 CVE-2026-13731 The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'conversation' parameter in all versions up to, and including, 8.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The AJAX nonce required to authenticate the save request is publicly emitted on every frontend page via wp_localize_script, making it freely obtainable by any anonymous visitor and removing any practical barrier to exploitation. πŸŽ–@cveNotify
2
17
🚨 CVE-2026-13468 The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to access and export the contents of any visualizer chart on the site β€” including charts in draft, private, pending, future, or trash status β€” as CSV, Excel, or HTML via the /wp-json/visualizer/v1/action/{chart}/{type}/ REST endpoint. This bypass is particularly impactful because the standard WordPress REST endpoint for the non-public 'visualizer' custom post type correctly enforces capability checks and returns HTTP 401 to unauthenticated callers, whereas this plugin-registered route circumvents that protection entirely. πŸŽ–@cveNotify
3
18
🚨 CVE-2026-13443 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions up to, and including, 3.9.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. πŸŽ–@cveNotify
3
19
🚨 CVE-2026-13246 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_id' (and other) shortcode attributes of the 'givewp_campaign_comments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in CampaignCommentsShortcode::parseAttributes() and BlockRenderController::render(), where the blockId value is interpolated directly into a single-quoted HTML attribute without esc_attr(). This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. πŸŽ–@cveNotify
4
20
🚨 CVE-2026-13015 The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawl_dfs.php, where the $_GET['place'] value is URL-decoded, stripslashes()'d, and echoed directly into an HTML value attribute with no esc_attr() call when the supplied place is not already a stored key in the wprev_google_crawls option. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a specially crafted link. πŸŽ–@cveNotify
4