FOFA

⚠️⚠️ CVE-2026-20253 (CVSS 9.8): Unauthenticated file create/truncate via Splunk Enterprise PostgreSQL sidecar endpoint. 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯94K+ Results are found on en.fofa.info in the past year. FOFA Query: app="splunk-Enterprise" Deep Dive: labs.watchtowr.com/why-use-app-le… 🔖Refer: advisory.splunk.com/advisories/SVD… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-48062 (CVSS 9.8): ext_in upload validation bypass in CodeIgniter4 may lead to RCE under unsafe upload configs. 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯14.8K+ Results are found on en.fofa.info in the past year. FOFA Query: app="CodeIgniter" Deep Dive: github.com/codeigniter4/C… 🔖Refer: securityonline.info/codeigniter-cv… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ GHSA-ff9g-85jq-r3g3 (CVSS 10.0): Wazuh 5.0 beta enrolled agents can smuggle OpenSearch bulk ops to tamper or wipe SIEM indices. 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯25.1K+ Results are found on en.fofa.info in the past year. FOFA Query: app="Wazuh" Deep Dive: github.com/wazuh/wazuh/se… 🔖Refer: securityonline.info/wazuh-cvss-10-… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-48558 (CVSS 10.0): OIDC auth-bypass in SimpleHelp remote support lets attackers forge identity tokens and seize admin control. 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯106K+ Results are found on en.fofa.info in the past year. FOFA Query: app="SimpleHelp" Deep Dive: horizon3.ai/attack-researc… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-41448 (CVSS 9.4): AdGuard Home instances started with --glinet may allow unauthenticated admin takeover via Admin-Token path traversal (patch: v0.107.77+). 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯122K+ Results are found on en.fofa.info in the past year. FOFA Query: app="ADGUARD-Home" 🔖Refer: github.com/AdguardTeam/Ad… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-50751 (CVSS 9.3): Deprecated IKEv1 Remote/Mobile Access certificate validation flaw may let unauthenticated attackers bypass VPN authentication (active exploitation reported). 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯34.8K+ Results are found on en.fofa.info in the past year. FOFA Query: app="Check_Point-SSL-Network-Extender" 🔖Refer: support.checkpoint.com/results/sk/sk1… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-32625 (CVSS 9.6): Authenticated users can exfiltrate server env secrets via MCP ${VAR} in server URLs 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯14.8K+ Results are found on en.fofa.info in the past year. FOFA Query: app="LibreChat" 🔖Refer: github.com/danny-avila/Li… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-48519 (CVSS 9.6): Unauthenticated RCE via Shareable Playground build_public_tmp code injection 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯30.9K+ Results are found on en.fofa.info in the past year. FOFA Query: app="LOGSPACE-LangFlow" 🔖Refer: github.com/langflow-ai/la… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-0257 (CVSS 9.1): GlobalProtect auth bypass; active exploitation (CISA KEV) 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯1.1M+ Results are found on en.fofa.info in the past year. FOFA Query: app="paloalto-GlobalProtect" 🔖Refer: rapid7.com/blog/post/etr-… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-44962 (CVSS 9.9): Plesk's APS Application Catalog search is vulnerable to XPath injection, exposing the hosting control panel to unauthorized data extraction. 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯1.8M+ Results are found on en.fofa.info in the past year. FOFA Query: app="plesk-Obsidian" 🔖Refer: securityonline.info/plesk-privileg… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-48842 (CVSS 8.1) + CVE-2026-48844 (CVSS 7.5): Pre-auth SQLi in Roundcube virtuser_query plugin; patch to 1.6.16 / 1.7.1. 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯1.1M+ Results are found on en.fofa.info in the past year. FOFA Query: app="Roundcube-Webmail" 🔖Refer: securityonline.info/roundcube-webm… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-39352 (CVSS 8.7): Path traversal may allow unauthenticated arbitrary file read on internet-facing Frappe-based ERP surfaces (e.g. ERPNext). 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯115.7K+ Results are found on en.fofa.info in the past year. FOFA Query: app="ERPNext" 🔖Refer: github.com/frappe/frappe/… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-46725 (CVSS 9.2): Unauthenticated PHP object injection in a TYPO3 extension may lead to RCE — FOFA counts indexed TYPO3 CMS surfaces, not every instance with the vulnerable extension. 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯294.7K+ Results are found on en.fofa.info in the past year. FOFA Query: app="TYPO3" 🔖Refer: securityonline.info/typo3-extensio… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-46376 (CVSS 9.1): FreePBX UCP generic template hardcoded creds enable portal access 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯47.1K+ Results are found on en.fofa.info in the past year. FOFA Query: app="FreePBX" 🔖Refer: securityonline.info/freepbx-ucp-vu… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-45829 (CVSS 10.0): ChromaDB pre-auth RCE via malicious Hugging Face model refs 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯4.5K+ Results are found on en.fofa.info in the past year. FOFA Query: app="Chroma-ChromaDB" 🔖Refer: hiddenlayer.com/research/chrom… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ NGINX 0-Day (nginx-poolslip): RCE reported on NGINX 1.31.0; no upstream patch yet 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯493.1M+ Results are found on en.fofa.info in the past year. FOFA Query: app="NGINX" 🔖Refer: cybersecuritynews.com/nginx-0-day-rc… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-46364 (CVSS 9.8): Unauthenticated SQL injection via malicious User-Agent on /api/captcha 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯1.2K+ Results are found on en.fofa.info in the past year. FOFA Query: app="phpMyFAQ" 🔖Refer: github.com/thorsten/phpMy… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-2652 (CVSS 8.6): Unauthenticated access to some FastAPI routes when basic-auth is enabled under uvicorn 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯9.7K+ Results are found on en.fofa.info in the past year. FOFA Query: app="MLflow" 🔖Refer: huntr.com/bounties/5aeff… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-44551 (CVSS 9.1) + CVE-2026-45672 (CVSS 8.8): LDAP empty-password bind and verified-user code execution bypass on exposed AI consoles 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯137.4K+ Results are found on en.fofa.info in the past year. FOFA Query: app="Open-WebUI" 🔖Refer: github.com/open-webui/ope… #OSINT #FOFA #CyberSecurity #Vulnerability

⚠️⚠️ CVE-2026-44578 (CVSS 8.6): self-hosted Next.js WebSocket SSRF before 15.5.16/16.2.5 🔗FOFA Link: en.fofa.info/result?qbase64… 🎯7M+ Results are found on en.fofa.info in the past year. FOFA Query: app="Next.js" 🔖Refer: nvd.nist.gov/vuln/detail/CV… #OSINT #FOFA #CyberSecurity #Vulnerability