Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
CVE Notify
Kanalga Telegram’da o‘tish
Alert on the latest CVEs Partner channel: @malwr
Ko'proq ko'rsatish📈 Telegram kanali CVE Notify analitikasi
CVE Notify (@cvenotify) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 18 873 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 7 135-o'rinni va AQSH mintaqasida 2 089-o'rinni egallagan.
📊 Auditoriya ko‘rsatkichlari va dinamika
невідомо sanasidan buyon loyiha tez o‘sib, 18 873 obunachiga ega bo‘ldi.
10 Iyun, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni 425 ga, so‘nggi 24 soatda esa 10 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.
- Tasdiqlash holati: Tasdiqlanmagan
- Jalb etish (ER): Auditoriya o‘rtacha 0.54% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 0.40% ini tashkil etuvchi reaksiyalarni to‘playdi.
- Post qamrovi: Har bir post o‘rtacha 101 marta ko‘riladi; birinchi sutkada odatda 75 ta ko‘rish yig‘iladi.
- Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 1 ta reaksiya keladi.
- Tematik yo‘nalishlar: Kontent cve-2026, attack, input, validation, manipulation kabi asosiy mavzularga jamlangan.
📝 Tavsif va kontent siyosati
Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
“Alert on the latest CVEs
Partner channel: @malwr”
Yuqori yangilanish chastotasi (oxirgi ma’lumot 11 Iyun, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.
18 873
Obunachilar
+1024 soatlar
+1227 kunlar
+42530 kunlar
Ma'lumot yuklanmoqda...
O'xshash kanallar
Taglar buluti
Kirish va chiqish esdaliklari
---
---
---
---
---
---
Obunachilarni jalb qilish
Iyun '26
Iyun '26
+161
0 kanalda
May '26
+531
2 kanalda
Get PRO
Aprel '26
+278
1 kanalda
Get PRO
Mart '26
+266
2 kanalda
Get PRO
Fevral '26
+423
1 kanalda
Get PRO
Yanvar '26
+436
1 kanalda
Get PRO
Dekabr '25
+713
3 kanalda
Get PRO
Noyabr '25
+453
1 kanalda
Get PRO
Oktabr '25
+320
1 kanalda
Get PRO
Sentabr '25
+190
0 kanalda
Get PRO
Avgust '25
+198
0 kanalda
Get PRO
Iyul '25
+280
0 kanalda
Get PRO
Iyun '25
+178
0 kanalda
Get PRO
May '25
+207
0 kanalda
Get PRO
Aprel '25
+262
0 kanalda
Get PRO
Mart '25
+207
0 kanalda
Get PRO
Fevral '25
+179
0 kanalda
Get PRO
Yanvar '25
+214
3 kanalda
Get PRO
Dekabr '24
+299
0 kanalda
Get PRO
Noyabr '24
+831
1 kanalda
Get PRO
Oktabr '24
+997
2 kanalda
Get PRO
Sentabr '24
+1 432
1 kanalda
Get PRO
Avgust '24
+1 728
3 kanalda
Get PRO
Iyul '24
+1 253
2 kanalda
Get PRO
Iyun '24
+1 168
2 kanalda
Get PRO
May '24
+1 342
0 kanalda
Get PRO
Aprel '24
+1 457
1 kanalda
Get PRO
Mart '24
+1 255
2 kanalda
Get PRO
Fevral '24
+845
1 kanalda
Get PRO
Yanvar '24
+462
1 kanalda
Get PRO
Dekabr '23
+451
1 kanalda
Get PRO
Noyabr '23
+140
1 kanalda
Get PRO
Oktabr '23
+194
0 kanalda
Get PRO
Sentabr '23
+174
0 kanalda
Get PRO
Avgust '23
+179
0 kanalda
Get PRO
Iyul '23
+114
0 kanalda
Get PRO
Iyun '23
+136
0 kanalda
Get PRO
May '23
+108
0 kanalda
Get PRO
Aprel '23
+147
0 kanalda
Get PRO
Mart '23
+174
0 kanalda
Get PRO
Fevral '23
+108
0 kanalda
Get PRO
Yanvar '23
+107
0 kanalda
Get PRO
Dekabr '22
+102
0 kanalda
Get PRO
Noyabr '22
+152
0 kanalda
Get PRO
Oktabr '22
+74
0 kanalda
Get PRO
Sentabr '22
+97
0 kanalda
Get PRO
Avgust '22
+142
0 kanalda
Get PRO
Iyul '22
+93
0 kanalda
Get PRO
Iyun '22
+109
0 kanalda
Get PRO
May '22
+194
0 kanalda
Get PRO
Aprel '22
+94
0 kanalda
Get PRO
Mart '22
+153
0 kanalda
Get PRO
Fevral '22
+155
0 kanalda
Get PRO
Yanvar '22
+160
0 kanalda
Get PRO
Dekabr '21
+203
0 kanalda
Get PRO
Noyabr '21
+47
0 kanalda
Get PRO
Oktabr '21
+76
0 kanalda
Get PRO
Sentabr '21
+88
0 kanalda
Get PRO
Avgust '21
+339
0 kanalda
Get PRO
Iyul '21
+92
0 kanalda
Get PRO
Iyun '21
+5
0 kanalda
Get PRO
May '21
+24
0 kanalda
Get PRO
Aprel '21
+18
0 kanalda
Get PRO
Mart '21
+37
0 kanalda
Get PRO
Fevral '21
+101
0 kanalda
Get PRO
Yanvar '21
+324
0 kanalda
| Sana | Obunachilarni jalb qilish | Esdaliklar | Kanallar | |
| 11 Iyun | +6 | |||
| 10 Iyun | +11 | |||
| 09 Iyun | +18 | |||
| 08 Iyun | +23 | |||
| 07 Iyun | +15 | |||
| 06 Iyun | +6 | |||
| 05 Iyun | +15 | |||
| 04 Iyun | +35 | |||
| 03 Iyun | +14 | |||
| 02 Iyun | +7 | |||
| 01 Iyun | +11 |
Kanal postlari
🚨 CVE-2025-7064
Authentication bypass by primary weakness vulnerability in ABB Freelance.
This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.
🎖@cveNotify
| 2 | 🚨 CVE-2022-44630
Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery.
This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0.
🎖@cveNotify | 78 |
| 3 | 🚨 CVE-2022-42479
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Soledad: from n/a through 8.2.5.
🎖@cveNotify | 63 |
| 4 | 🚨 CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
🎖@cveNotify | 57 |
| 5 | 🚨 CVE-2026-53901
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the request through __massageInput(). Because the normalized $input could still contain an id field, a user able to reach an affected add endpoint could supply an identifier that should have been server-controlled.
Successful exploitation could allow creation of objects with attacker-chosen identifiers, potentially causing unauthorized data manipulation, object spoofing, inconsistent references, or disruption through identifier collisions, depending on the affected model and endpoint permissions. The issue was fixed in v1.37 by removing id from the normalized input before entity patching.
🎖@cveNotify | 86 |
| 6 | 🚨 CVE-2024-32110
Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery.
This issue affects WpEvently: from n/a through 4.1.2.
🎖@cveNotify | 77 |
| 7 | 🚨 CVE-2023-40200
Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6.
🎖@cveNotify | 55 |
| 8 | 🚨 CVE-2023-33999
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS.
This issue affects WP Mail Log: from n/a through 1.0.2.
🎖@cveNotify | 46 |
| 9 | 🚨 CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing a manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage of credentials. Remote exploitation of the attack is possible. The exploit is now public and may be used. Upgrading to version 9.0.6 is able to mitigate this issue. It is recommended to upgrade the affected component. The vendor confirms: "The mainstream version ZKBioTime V9.0.6 has fixed this vulnerability. Please update to the latest version as soon as possible. For the Middle East version BioTime 9.5.X, you can contact the local technical support to obtain the fix package."
🎖@cveNotify | 61 |
| 10 | 🚨 CVE-2026-10795
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp_loaded function. This is due to insufficient validation of the remote communications message format, where signature verification can be bypassed and unchecked decryption return values collapse to a predictable all-zero encryption key. This makes it possible for unauthenticated attackers to forge arbitrary RPC commands and run them as the connected administrator, such as uploading and activating a malicious plugin, which ultimately leads to remote code execution.
🎖@cveNotify | 123 |
| 11 | 🚨 CVE-2026-9213
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.
🎖@cveNotify | 117 |
| 12 | 🚨 CVE-2026-0420
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.
🎖@cveNotify | 96 |
| 13 | 🚨 CVE-2026-0416
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.
🎖@cveNotify | 79 |
| 14 | 🚨 CVE-2026-0413
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
🎖@cveNotify | 78 |
| 15 | 🚨 CVE-2026-0411
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.
Orbi WiFi Systems without satellite devices are not impacted by this issue.
🎖@cveNotify | 83 |
| 16 | 🚨 CVE-2026-40985
Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions.
Affected versions:
Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1.
🎖@cveNotify | 141 |
| 17 | 🚨 CVE-2026-9212
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.
🎖@cveNotify | 136 |
| 18 | 🚨 CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
🎖@cveNotify | 132 |
| 19 | 🚨 CVE-2026-46444
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELIST_URLS. However, it is also not protected by the main auth middleware when accessed via API key — the route requires API key auth (not whitelisted), but no permission checks exist on any operation. This issue has been patched in version 3.1.2.
🎖@cveNotify | 121 |
| 20 | 🚨 CVE-2026-46443
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is used but fails to do so when a filter is used. This issue has been patched in version 3.1.2.
🎖@cveNotify | 87 |
