## Updated at UTC 2026-03-20T11:27:25.065948

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-33075 0 0.00% 2 0 2026-03-20T09:16:15.877000 FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fa
CVE-2026-4478 8.1 0.00% 2 0 2026-03-20T07:16:14.713000 A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_201710241
CVE-2026-33024 0 0.00% 2 0 2026-03-20T05:16:15.717000 AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side
CVE-2026-4038 9.8 0.00% 2 0 2026-03-20T04:16:50.300000 The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call th
CVE-2026-32767 9.8 0.00% 2 0 2026-03-20T01:15:55.597000 SiYuan is a personal knowledge management system. Versions 3.6.0 and below conta
CVE-2026-22731 8.2 0.00% 2 0 2026-03-20T00:31:34 Spring Boot applications with Actuator can be vulnerable to an "Authentication B
CVE-2026-32194 9.8 0.00% 4 0 2026-03-20T00:31:34 Improper neutralization of special elements used in a command ('command injectio
CVE-2026-4342 8.8 0.00% 4 0 2026-03-20T00:31:34 A security issue was discovered in ingress-nginx where a combination of Ingress
CVE-2026-32985 9.8 0.00% 2 0 2026-03-20T00:16:18.260000 Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbit
CVE-2026-32721 8.6 0.00% 3 0 2026-03-19T23:16:44.030000 LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and
CVE-2026-22732 9.1 0.00% 4 0 2026-03-19T23:16:41.253000 When applications specify HTTP response headers for servlet applications using S
CVE-2026-32038 None 0.00% 2 0 2026-03-19T22:29:35 ### Summary In `openclaw@2026.2.23`, sandbox network hardening blocks `network=h
CVE-2026-32025 None 0.00% 2 0 2026-03-19T22:25:31 This issue is a browser-origin WebSocket auth chain on local loopback deployment
CVE-2026-32014 8.0 0.00% 2 0 2026-03-19T22:21:10 ## Summary A paired node device could reconnect with spoofed `platform`/`device
CVE-2026-32011 None 0.00% 2 0 2026-03-19T22:20:31 ## Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted an
CVE-2026-32013 8.8 0.00% 2 0 2026-03-19T22:16:34.410000 OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability i
CVE-2026-23658 8.6 0.00% 1 0 2026-03-19T21:30:31 Insufficiently protected credentials in Azure DevOps allows an unauthorized atta
CVE-2026-26138 8.6 0.00% 1 0 2026-03-19T21:30:31 Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized a
CVE-2026-26137 8.9 0.00% 1 0 2026-03-19T21:30:31 Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allo
CVE-2026-3547 7.5 0.00% 1 0 2026-03-19T21:30:31 Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 a
CVE-2026-4428 7.4 0.00% 2 0 2026-03-19T21:17:14.170000 A logic error in CRL distribution point validation in AWS-LC before 1.71.0 cause
CVE-2026-33346 8.7 0.00% 1 0 2026-03-19T21:17:12.180000 OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-32749 7.6 0.00% 1 0 2026-03-19T21:17:10.910000 SiYuan is a personal knowledge management system. In versions 3.6.0 and below, P
CVE-2026-32191 9.8 0.00% 1 0 2026-03-19T21:17:10.400000 Improper neutralization of special elements used in an os command ('os command i
CVE-2026-32169 10.0 0.00% 2 0 2026-03-19T21:17:10.233000 Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized a
CVE-2026-30836 10.0 0.00% 1 0 2026-03-19T21:17:09.783000 Step CA is an online certificate authority for secure, automated certificate man
CVE-2026-26139 8.6 0.00% 1 0 2026-03-19T21:17:08.377000 Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized a
CVE-2026-23659 8.6 0.00% 1 0 2026-03-19T21:16:55.830000 Exposure of sensitive information to an unauthorized actor in Azure Data Factory
CVE-2026-32886 None 0.04% 1 0 2026-03-19T21:12:42 ### Impact Remote clients can crash the Parse Server process by calling a cloud
CVE-2026-32944 None 0.05% 1 0 2026-03-19T21:11:56 ### Impact An unauthenticated attacker can crash the Parse Server process by se
CVE-2026-32609 7.5 0.05% 1 0 2026-03-19T21:06:22 ## Summary The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configu
CVE-2026-32596 None 0.10% 1 0 template 2026-03-19T21:01:58 ### Summary Glances web server runs without authentication by default when start
CVE-2026-32256 7.5 0.01% 1 0 2026-03-19T21:00:51 # Summary music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/Asf
CVE-2026-31938 9.6 0.04% 1 0 2026-03-19T21:00:35 ### Impact User control of the `options` argument of the `output` function allo
CVE-2026-29112 7.5 0.04% 1 0 2026-03-19T21:00:25 ### Impact The `ensureSize()` function in `@dicebear/converter` (versions < 9.4
CVE-2026-4427 7.5 0.00% 1 0 2026-03-19T19:34:30 A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can e
CVE-2026-29856 7.5 0.02% 4 0 2026-03-19T19:23:57.653000 An issue in the VirtualHost configuration handling/parser component of aaPanel v
CVE-2026-29858 7.5 0.02% 2 0 2026-03-19T19:23:51.937000 A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local
CVE-2026-28461 7.5 0.08% 1 0 2026-03-19T19:18:18.730000 OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerabi
CVE-2026-32634 8.1 0.01% 1 0 2026-03-19T19:03:47.010000 Glances is an open-source system cross-platform monitoring tool. Prior to versio
CVE-2026-31898 8.1 0.03% 1 1 2026-03-19T19:01:36 ### Impact User control of arguments of the `createAnnotation` method allows us
CVE-2006-10002 7.5 0.02% 1 0 2026-03-19T18:41:50.647000 XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buff
CVE-2006-10003 9.8 0.02% 1 0 2026-03-19T18:41:18.180000 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflo
CVE-2026-22171 None 0.03% 1 0 2026-03-19T18:34:17 ## Summary OpenClaw’s Feishu media download flow used untrusted Feishu media ke
CVE-2026-27980 None 0.01% 1 0 2026-03-19T18:33:25 ## Summary The default Next.js image optimization disk cache (`/_next/image`) di
CVE-2026-27979 None 0.04% 1 0 2026-03-19T18:31:03 ## Summary A request containing the `next-resume: 1` header (corresponding with
CVE-2025-43520 7.1 0.02% 2 0 2026-03-19T18:16:14.930000 A memory corruption issue was addressed with improved memory handling. This issu
CVE-2026-27811 8.8 0.21% 1 0 2026-03-19T18:00:58.453000 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived se
CVE-2025-15031 8.1 0.03% 1 0 2026-03-19T17:56:47 A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file
CVE-2026-32728 7.6 0.05% 1 0 2026-03-19T17:41:27.567000 Parse Server is an open source backend that can be deployed to any infrastructur
CVE-2026-32878 7.5 0.04% 1 0 2026-03-19T17:28:32.513000 Parse Server is an open source backend that can be deployed to any infrastructur
CVE-2026-30402 9.8 0.00% 1 0 2026-03-19T17:16:23.777000 An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbit
CVE-2026-20643 5.4 0.03% 3 2 2026-03-19T17:16:22.350000 A cross-origin issue in the Navigation API was addressed with improved input val
CVE-2026-20131 10.0 0.57% 6 3 2026-03-19T17:09:34.303000 A vulnerability in the web-based management interface of Cisco Secure Firewall M
CVE-2026-32865 9.8 0.00% 1 0 2026-03-19T16:16:03.260000 OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verificat
CVE-2025-58112 8.8 0.02% 4 0 2026-03-19T15:32:24 Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allow
CVE-2026-30704 9.1 0.02% 4 0 2026-03-19T15:32:23 The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotecte
CVE-2026-29859 9.8 0.02% 2 0 2026-03-19T15:32:23 An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to ex
CVE-2026-22558 7.7 0.00% 1 0 2026-03-19T15:31:27 An Authenticated NoSQL Injection vulnerability found in UniFi Network Applicatio
CVE-2025-71260 8.8 0.00% 1 1 2026-03-19T15:31:27 BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserializa
CVE-2026-22557 10.0 0.00% 5 0 2026-03-19T15:31:22 A malicious actor with access to the network could exploit a Path Traversal vuln
CVE-2026-32692 7.6 0.03% 1 0 2026-03-19T15:23:26.870000 An authorization bypass vulnerability in the Vault secrets back-end implementati
CVE-2026-32693 8.8 0.05% 1 0 2026-03-19T15:17:00.180000 In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set"
CVE-2026-4424 7.5 0.00% 1 0 2026-03-19T15:16:28.300000 A flaw was found in libarchive. This heap out-of-bounds read vulnerability exist
CVE-2026-31963 8.1 0.08% 1 0 2026-03-19T14:50:54.513000 HTSlib is a library for reading and writing bioinformatics file formats. CRAM is
CVE-2026-31966 9.1 0.01% 1 0 2026-03-19T14:44:04.400000 HTSlib is a library for reading and writing bioinformatics file formats. CRAM is
CVE-2026-27065 9.8 0.11% 3 0 2026-03-19T13:25:00.570000 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-27067 9.1 0.04% 2 0 2026-03-19T13:25:00.570000 Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile A
CVE-2025-60237 9.8 0.04% 1 0 2026-03-19T13:25:00.570000 Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object
CVE-2026-25471 8.1 0.07% 1 0 2026-03-19T13:25:00.570000 Authentication Bypass Using an Alternate Path or Channel vulnerability in Themep
CVE-2026-27093 8.1 0.11% 1 0 2026-03-19T13:25:00.570000 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-27542 9.8 0.04% 1 0 2026-03-19T13:25:00.570000 Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommer
CVE-2026-32730 8.1 0.06% 1 0 2026-03-19T13:25:00.570000 ApostropheCMS is an open-source content management framework. Prior to version 4
CVE-2025-55040 8.8 0.02% 1 0 2026-03-19T13:25:00.570000 The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers t
CVE-2026-25873 9.8 0.13% 1 0 2026-03-19T13:25:00.570000 OmniGen2-RL contains an unauthenticated remote code execution vulnerability in t
CVE-2026-24062 7.8 0.01% 1 0 2026-03-19T13:25:00.570000 The "Privileged Helper" component of the Arturia Software Center (MacOS) does no
CVE-2026-27135 7.5 0.01% 1 0 2026-03-19T13:25:00.570000 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C.
CVE-2026-32610 8.1 0.03% 1 0 2026-03-19T13:25:00.570000 Glances is an open-source system cross-platform monitoring tool. Prior to versio
CVE-2026-3658 7.5 0.07% 1 0 2026-03-19T12:30:41 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin p
CVE-2026-3511 8.6 0.04% 1 0 2026-03-19T12:30:41 Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.
CVE-2026-25445 8.8 0.05% 2 0 2026-03-19T09:30:25 Deserialization of Untrusted Data vulnerability in Membership Software WishList
CVE-2025-60233 9.8 0.04% 1 0 2026-03-19T09:30:25 Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object I
CVE-2026-25443 7.5 0.04% 1 0 2026-03-19T09:30:25 Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce
CVE-2026-25312 7.5 0.03% 1 0 2026-03-19T09:30:25 Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly
CVE-2026-27540 9.1 0.04% 3 1 2026-03-19T06:30:33 Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co P
CVE-2026-27413 9.3 0.03% 3 0 2026-03-19T06:30:33 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-27096 8.1 0.04% 2 0 2026-03-19T06:30:33 Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Fre
CVE-2026-32633 9.1 0.05% 1 0 2026-03-18T21:48:49 ## Summary In Central Browser mode, the `/api/4/serverslist` endpoint returns r
CVE-2026-26740 8.2 0.10% 1 0 2026-03-18T21:34:01 Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to caus
CVE-2026-4396 8.3 0.01% 1 0 2026-03-18T21:33:04 Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1
CVE-2026-20963 8.8 9.87% 6 0 2026-03-18T21:32:58 Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
CVE-2026-22729 8.6 0.05% 3 0 2026-03-18T20:20:27 A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConver
CVE-2026-32731 10.0 0.06% 3 1 2026-03-18T19:49:08 **Reported:** 2026-03-08 **Status:** patched and released in version 3.5.3 of
CVE-2026-29056 8.8 0.13% 1 0 2026-03-18T19:40:48.907000 Kanboard is project management software focused on Kanban methodology. Prior to
CVE-2026-2992 8.2 0.04% 1 0 2026-03-18T18:31:24 The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is
CVE-2026-2991 9.8 0.16% 1 1 2026-03-18T18:31:24 The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is
CVE-2026-1463 8.8 0.09% 1 0 2026-03-18T18:31:17 The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for Wor
CVE-2026-24063 8.3 0.01% 1 0 2026-03-18T18:31:16 When a plugin is installed using the Arturia Software Center (MacOS), it also in
CVE-2025-66376 7.2 28.82% 4 0 2026-03-18T18:31:10 Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Clas
CVE-2026-32640 9.8 0.13% 1 0 2026-03-18T18:26:49.927000 SimpleEval is a library for adding evaluatable expressions into python projects.
CVE-2026-22730 8.8 0.04% 3 1 2026-03-18T16:16:26.157000 A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionCon
CVE-2026-32746 9.8 0.06% 11 4 2026-03-18T15:30:44 telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO
CVE-2026-30707 8.1 0.03% 1 0 2026-03-18T14:52:44.227000 An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FE
CVE-2026-25449 9.8 0.04% 1 0 2026-03-18T14:52:44.227000 Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Ob
CVE-2026-30884 9.6 0.02% 2 0 2026-03-18T14:52:44.227000 mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically gene
CVE-2026-30922 7.5 0.04% 1 0 2026-03-18T14:52:44.227000 pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` libra
CVE-2026-31891 7.7 0.03% 1 1 2026-03-18T14:52:44.227000 Cockpit is a headless content management system. Any Cockpit CMS instance runnin
CVE-2025-41258 8.0 0.03% 1 0 2026-03-18T14:52:44.227000 LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechan
CVE-2026-22321 5.3 0.04% 1 0 2026-03-18T14:52:44.227000 A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occur
CVE-2026-22317 7.2 0.06% 1 0 2026-03-18T14:52:44.227000 A command injection vulnerability in the device’s Root CA certificate transfer w
CVE-2026-22319 4.9 0.04% 1 0 2026-03-18T14:52:44.227000 A stack-based buffer overflow in the device's file installation workflow allows
CVE-2026-22316 6.5 0.09% 1 0 2026-03-18T14:52:44.227000 A remote attacker with user privileges for the webUI can use the setting of the
CVE-2026-32606 7.6 0.01% 1 0 2026-03-18T14:52:44.227000 IncusOS is an immutable OS image dedicated to running Incus. Prior to 2026031420
CVE-2026-30405 7.5 0.11% 1 0 2026-03-18T12:58:46 An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of s
CVE-2026-22322 7.1 0.08% 1 0 2026-03-18T09:30:35 A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation config
CVE-2026-22318 4.9 0.04% 1 0 2026-03-18T09:30:34 A stack-based buffer overflow vulnerability in the device's file transfer parame
CVE-2026-22320 6.5 0.04% 1 0 2026-03-18T09:30:34 A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling a
CVE-2026-22323 7.1 0.04% 1 0 2026-03-18T09:30:34 A CSRF vulnerability in the Link Aggregation configuration interface allows an u
CVE-2026-3888 7.9 0.01% 19 3 2026-03-18T06:31:20 Local privilege escalation in snapd on Linux allows local attackers to get root
CVE-2026-28498 7.5 0.01% 1 0 2026-03-17T20:40:37.573000 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior
CVE-2026-4276 7.5 0.06% 1 0 2026-03-17T18:31:38 LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that al
CVE-2026-32292 7.5 0.03% 1 0 2026-03-17T18:30:37 The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enab
CVE-2025-50881 8.8 0.20% 1 1 2026-03-17T15:37:26 The `flow/admin/moniteur.php` script in Use It Flow administration website befor
CVE-2026-4177 9.1 0.01% 1 0 2026-03-17T15:37:26 YAML::Syck versions through 1.36 for Perl has several potential security vulnera
CVE-2025-69783 7.8 0.01% 1 0 2026-03-17T15:37:25 A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming
CVE-2026-32267 None 0.03% 1 0 2026-03-17T15:23:52 ### Summary A low-privilege user (or an unauthenticated user who has been sent a
CVE-2025-66687 7.5 0.36% 1 0 2026-03-17T14:20:01.670000 Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file p
CVE-2025-69902 9.8 0.26% 1 0 2026-03-17T14:20:01.670000 A command injection vulnerability in the minimal_wrapper.py component of kubectl
CVE-2026-32136 9.8 0.79% 1 0 2026-03-12T14:47:49 VULNERABILITY: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass ============
CVE-2025-15576 7.5 0.01% 1 0 2026-03-10T21:33:20 If two sibling jails are restricted to separate filesystem trees, which is to sa
CVE-2026-3630 9.8 0.06% 1 0 2026-03-10T21:32:13 Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.
CVE-2026-3631 7.5 0.06% 1 0 2026-03-09T06:31:19 Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.
CVE-2026-20122 5.4 0.04% 1 0 2026-03-04T21:25:22.193000 A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authe
CVE-2026-25554 6.5 0.07% 1 0 2026-02-27T19:16:07.717000 OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to comm
CVE-2026-20128 7.6 0.02% 1 0 2026-02-25T18:31:45 A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-
CVE-2026-20126 8.8 0.04% 1 0 2026-02-25T18:31:44 A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, l
CVE-2026-27205 4.3 0.03% 1 0 2026-02-24T21:59:52.183000 Flask is a web server gateway interface (WSGI) web application framework. In ver
CVE-2025-62518 8.1 0.02% 1 2 2025-10-21T19:31:25.450000 astral-tokio-tar is a tar archive reading/writing library for async Rust. Versio
CVE-2025-4517 9.4 0.10% 1 10 2025-06-03T21:31:40 Allows arbitrary filesystem writes outside the extraction directory during extra
CVE-2026-24060 0 0.00% 2 0 N/A
CVE-2026-25192 0 0.00% 2 0 N/A
CVE-2026-29103 0 0.00% 2 0 N/A
CVE-2026-32754 0 0.00% 2 0 N/A
CVE-2026-31962 0 0.08% 2 0 N/A
CVE-2026-31965 0 0.04% 2 0 N/A
CVE-2026-31964 0 0.04% 1 0 N/A
CVE-2026-31970 0 0.04% 1 0 N/A
CVE-2026-31969 0 0.08% 1 0 N/A
CVE-2026-31968 0 0.02% 1 0 N/A
CVE-2026-31967 0 0.01% 1 0 N/A
CVE-2026-31971 0 0.15% 1 0 N/A
CVE-2026-31973 0 0.01% 1 0 N/A
CVE-2026-31972 0 0.01% 1 0 N/A
CVE-2026-32238 0 0.00% 1 1 N/A
CVE-2026-33155 0 0.00% 1 0 N/A
CVE-2023-4567 0 0.00% 1 0 N/A
CVE-2026-33058 0 0.02% 2 0 N/A
CVE-2026-32698 0 0.03% 2 0 N/A
CVE-2026-32703 0 0.04% 3 0 N/A
CVE-2026-32255 0 0.09% 1 1 N/A
CVE-2026-28430 0 0.08% 1 0 N/A
CVE-2026-32321 0 0.03% 1 0 N/A
CVE-2026-27894 0 0.06% 1 0 N/A
CVE-2026-0667 0 0.00% 1 0 N/A

CVE-2026-33075
(0 None)

EPSS: 0.00%

updated 2026-03-20T09:16:15.877000

2 posts

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull_request_target (which runs with access to repository secrets) but checks out code from the pull request author's fork, then builds and pushes Docker images using attacker-controll

offseq at 2026-03-20T10:30:29.745Z ##

🚨 CRITICAL: CVE-2026-33075 affects labring FastGPT ≤4.14.8.3. GitHub Actions workflow flaw enables attackers to run code & steal secrets, risking supply chain compromise. No patch — audit workflows & restrict secrets now! radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-20T10:30:29.000Z ##

🚨 CRITICAL: CVE-2026-33075 affects labring FastGPT ≤4.14.8.3. GitHub Actions workflow flaw enables attackers to run code & steal secrets, risking supply chain compromise. No patch — audit workflows & restrict secrets now! radar.offseq.com/threat/cve-20 #OffSeq #Infosec #SupplyChain

##

CVE-2026-4478
(8.1 HIGH)

EPSS: 0.00%

updated 2026-03-20T07:16:14.713000

2 posts

A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be diff

offseq at 2026-03-20T07:30:28.885Z ##

⚠️ CVE-2026-4478 (CRITICAL, CVSS 9.2) hits Yi Home Camera 2 (2.1.1_20171024151200): Improper signature verification in HTTP firmware update handler. Public exploit, no vendor response. Monitor & segment affected devices. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-20T07:30:28.000Z ##

⚠️ CVE-2026-4478 (CRITICAL, CVSS 9.2) hits Yi Home Camera 2 (2.1.1_20171024151200): Improper signature verification in HTTP firmware update handler. Public exploit, no vendor response. Monitor & segment affected devices. radar.offseq.com/threat/cve-20 #OffSeq #IoTSecurity #Vuln

##

CVE-2026-33024
(0 None)

EPSS: 0.00%

updated 2026-03-20T05:16:15.717000

2 posts

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vulnerability (CWE-918) in the public thumbnail endpoints getImage.php and getImageMP4.php. Both endpoints accept a base64Url GET parameter, base64-decode it, and pass the resulting URL to ffmpeg as an input source without any authentication requirement. The prior validation only checked that the URL wa

offseq at 2026-03-20T06:01:27.252Z ##

🚨 CVE-2026-33024: CRITICAL SSRF in WWBN AVideo-Encoder <8.0. Public API allows blind SSRF, risking internal/cloud data exposure. Upgrade to v8.0 or restrict outbound traffic now! radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-20T06:01:27.000Z ##

🚨 CVE-2026-33024: CRITICAL SSRF in WWBN AVideo-Encoder <8.0. Public API allows blind SSRF, risking internal/cloud data exposure. Upgrade to v8.0 or restrict outbound traffic now! radar.offseq.com/threat/cve-20 #OffSeq #SSRF #Vulnerability #InfoSec

##

CVE-2026-4038
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-20T04:16:50.300000

2 posts

The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to call arbitrary WordPress functions such as 'update_option' to update the default role for regist

offseq at 2026-03-20T04:30:27.758Z ##

⚠️ CVE-2026-4038 (CRITICAL): Aimogen Pro WP plugin lets unauthenticated attackers gain admin via missing auth in aiomatic_call_ai_function_realtime. All versions affected. Disable plugin & monitor site integrity! radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-20T04:30:27.000Z ##

⚠️ CVE-2026-4038 (CRITICAL): Aimogen Pro WP plugin lets unauthenticated attackers gain admin via missing auth in aiomatic_call_ai_function_realtime. All versions affected. Disable plugin & monitor site integrity! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE20264038

##

CVE-2026-32767
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-20T01:15:55.597000

2 posts

SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlying SQLite database without any authorization or read-only checks. This allows any authenticated user — i

offseq at 2026-03-20T01:30:29.771Z ##

⚠️ CVE-2026-32767: SiYuan (<3.6.1) has a CRITICAL SQL injection flaw in /api/search/fullTextSearchBlock. Any authenticated user can run SQL, risking full data compromise. Upgrade to 3.6.1+ ASAP. radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-20T01:30:29.000Z ##

⚠️ CVE-2026-32767: SiYuan (<3.6.1) has a CRITICAL SQL injection flaw in /api/search/fullTextSearchBlock. Any authenticated user can run SQL, risking full data compromise. Upgrade to 3.6.1+ ASAP. radar.offseq.com/threat/cve-20 #OffSeq #SiYuan #SQLInjection #Vuln

##

CVE-2026-22731
(8.2 HIGH)

EPSS: 0.00%

updated 2026-03-20T00:31:34

2 posts

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before 4.0.3, from 3.5 before 3.5.11, from 3.4 before 3.4.15. This CVE is similar but not equivalent to CVE-20

thehackerwire@mastodon.social at 2026-03-19T23:23:42.000Z ##

🟠 CVE-2026-22731 - High (8.2)

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T23:23:42.000Z ##

🟠 CVE-2026-22731 - High (8.2)

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32194
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-20T00:31:34

4 posts

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

thehackerwire@mastodon.social at 2026-03-19T22:19:02.000Z ##

🔴 CVE-2026-32194 - Critical (9.8)

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:18:02.000Z ##

🔴 CVE-2026-32194 - Critical (9.8)

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:19:02.000Z ##

🔴 CVE-2026-32194 - Critical (9.8)

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:18:02.000Z ##

🔴 CVE-2026-32194 - Critical (9.8)

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4342
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-20T00:31:34

4 posts

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

thehackerwire@mastodon.social at 2026-03-19T22:18:53.000Z ##

🟠 CVE-2026-4342 - High (8.8)

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:17:53.000Z ##

🟠 CVE-2026-4342 - High (8.8)

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:18:53.000Z ##

🟠 CVE-2026-4342 - High (8.8)

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:17:53.000Z ##

🟠 CVE-2026-4342 - High (8.8)

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32985
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-20T00:16:18.260000

2 posts

Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality. The issue exists in /website_code/php/import/import.php where missing authentication checks allow an attacker to upload a crafted ZIP archive disguised as a project template. The archive can contain a malicious PHP payload placed in the media/ directo

offseq at 2026-03-20T03:00:25.976Z ##

🔴 CRITICAL: CVE-2026-32985 in Xerte Online Toolkits ≤3.14 lets attackers upload PHP via import.php and gain RCE — no auth needed! Patch ASAP or restrict access, disable PHP in user dirs. Details: radar.offseq.com/threat/cve-20

##
offseq@infosec.exchange at 2026-03-20T03:00:25.000Z ##

🔴 CRITICAL: CVE-2026-32985 in Xerte Online Toolkits ≤3.14 lets attackers upload PHP via import.php and gain RCE — no auth needed! Patch ASAP or restrict access, disable PHP in user dirs. Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE202632985 #infosec #RCE

##

CVE-2026-32721
(8.6 HIGH)

EPSS: 0.00%

updated 2026-03-19T23:16:44.030000

3 posts

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passes SSIDs via a template literal to dom.append(), which processes them through innerHTML, allowing an att

thehackerwire@mastodon.social at 2026-03-19T23:23:23.000Z ##

🟠 CVE-2026-32721 - High (8.6)

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wire...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T23:23:23.000Z ##

🟠 CVE-2026-32721 - High (8.6)

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wire...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
lobsters@mastodon.social at 2026-03-19T15:20:15.000Z ##

Root from the parking lot: OpenWRT XSS through SSID scanning (CVE-2026-32721) lobste.rs/s/vteijd #security
mxsasha.eu/posts/openwrt-ssid-

##

CVE-2026-22732
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-03-19T23:16:41.253000

4 posts

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.  This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.

offseq at 2026-03-20T00:00:54.555Z ##

🚨 CVE-2026-22732 (CRITICAL, CVSS 9.1): Spring Security 5.7.0 – 7.0.3 vulnerability lets HTTP headers go unwritten, risking CSP/HSTS bypass. No auth needed, remote exploit possible. Upgrade urgently & enforce headers via WAF/CDN! radar.offseq.com/threat/cve-20

##
thehackerwire@mastodon.social at 2026-03-19T23:25:14.000Z ##

🔴 CVE-2026-22732 - Critical (9.1)

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. 
This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-20T00:00:54.000Z ##

🚨 CVE-2026-22732 (CRITICAL, CVSS 9.1): Spring Security 5.7.0 – 7.0.3 vulnerability lets HTTP headers go unwritten, risking CSP/HSTS bypass. No auth needed, remote exploit possible. Upgrade urgently & enforce headers via WAF/CDN! radar.offseq.com/threat/cve-20 #OffSeq #SpringSecurity #CVE202622732

##
thehackerwire@mastodon.social at 2026-03-19T23:25:14.000Z ##

🔴 CVE-2026-22732 - Critical (9.1)

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. 
This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32038(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-03-19T22:29:35

2 posts

### Summary In `openclaw@2026.2.23`, sandbox network hardening blocks `network=host` but still allows `network=container:<id>`. This can let a sandbox join another container's network namespace and reach services available in that namespace. ### Preconditions and Trust Model Context This issue requires a trusted-operator configuration path (for example setting `agents.defaults.sandbox.docker.net

thehackerwire@mastodon.social at 2026-03-19T22:19:12.000Z ##

🔴 CVE-2026-32038 - Critical (9.8)

OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:19:12.000Z ##

🔴 CVE-2026-32038 - Critical (9.8)

OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach s...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32025(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-03-19T22:25:31

2 posts

This issue is a browser-origin WebSocket auth chain on local loopback deployments using password auth. It is serious, but conditional: an attacker must get the user to open a malicious page and then successfully guess the gateway password. ## Context and Preconditions OpenClaw’s web/gateway surface is designed for local use and trusted-operator workflows. In affected versions, a browser-origin c

thehackerwire@mastodon.social at 2026-03-19T23:00:23.000Z ##

🟠 CVE-2026-32025 - High (7.5)

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T23:00:23.000Z ##

🟠 CVE-2026-32025 - High (7.5)

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32014
(8.0 HIGH)

EPSS: 0.00%

updated 2026-03-19T22:21:10

2 posts

## Summary A paired node device could reconnect with spoofed `platform`/`deviceFamily` metadata and broaden node command policy eligibility because reconnect metadata was accepted from the client while these fields were not bound into the device-auth signature. ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `<= 2026.2.25` - Latest published version at update ti

thehackerwire@mastodon.social at 2026-03-19T23:01:02.000Z ##

🟠 CVE-2026-32014 - High (8)

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T23:01:02.000Z ##

🟠 CVE-2026-32014 - High (8)

OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32011(CVSS UNKNOWN)

EPSS: 0.00%

updated 2026-03-19T22:20:31

2 posts

## Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on vulnerable releases. This allowed unauthenticated clients to hold parser work open with slow/oversized request bodies and degrade availability (slow-request DoS). ## Affected Packages / Versions - Package: `openclaw` (npm) - Affected releases: `<=

thehackerwire@mastodon.social at 2026-03-19T23:00:33.000Z ##

🟠 CVE-2026-32011 - High (7.5)

OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that parse request bodies before performing authentication and signature validation. Unauthenticated attackers can ex...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T23:00:33.000Z ##

🟠 CVE-2026-32011 - High (7.5)

OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that parse request bodies before performing authentication and signature validation. Unauthenticated attackers can ex...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32013
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-19T22:16:34.410000

2 posts

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway process permissions, potentially enabling code execution through file overwrite attacks.

thehackerwire@mastodon.social at 2026-03-19T23:00:42.000Z ##

🟠 CVE-2026-32013 - High (8.8)

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted file...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T23:00:42.000Z ##

🟠 CVE-2026-32013 - High (8.8)

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted file...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-23658
(8.6 HIGH)

EPSS: 0.00%

updated 2026-03-19T21:30:31

1 posts

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-03-19T21:33:36.000Z ##

🟠 CVE-2026-23658 - High (8.6)

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26138
(8.6 HIGH)

EPSS: 0.00%

updated 2026-03-19T21:30:31

1 posts

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-03-19T21:31:23.000Z ##

🟠 CVE-2026-26138 - High (8.6)

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26137
(8.9 HIGH)

EPSS: 0.00%

updated 2026-03-19T21:30:31

1 posts

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-03-19T21:23:32.000Z ##

🟠 CVE-2026-26137 - High (8.9)

Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3547
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-19T21:30:31

1 posts

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party comp

thehackerwire@mastodon.social at 2026-03-19T21:22:19.000Z ##

🟠 CVE-2026-3547 - High (7.5)

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4428
(7.4 HIGH)

EPSS: 0.00%

updated 2026-03-19T21:17:14.170000

2 posts

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.

hackerworkspace at 2026-03-20T05:33:22.431Z ##

CVE-2026-4428: Issues with AWS-LC - CRL Distribution Point Scope Check Logic Error

aws.amazon.com/security/securi

Short summary: hackerworkspace.com/article/cv

##
hackerworkspace@infosec.exchange at 2026-03-20T05:33:22.000Z ##

CVE-2026-4428: Issues with AWS-LC - CRL Distribution Point Scope Check Logic Error

aws.amazon.com/security/securi

Short summary: hackerworkspace.com/article/cv

#cybersecurity #vulnerability #securitypatch

##

CVE-2026-33346
(8.7 HIGH)

EPSS: 0.00%

updated 2026-03-19T21:17:12.180000

1 posts

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser of a staff member who reviews the payment submission. The payload is stored via `portal/lib/paylib.php

thehackerwire@mastodon.social at 2026-03-19T21:21:31.000Z ##

🟠 CVE-2026-33346 - High (8.7)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal payment flow allows a patient portal user to persist...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32749
(7.6 HIGH)

EPSS: 0.00%

updated 2026-03-19T21:17:10.910000

1 posts

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. This can lead to aata destruction by ov

thehackerwire@mastodon.social at 2026-03-19T21:23:13.000Z ##

🟠 CVE-2026-32749 - High (7.6)

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32191
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-19T21:17:10.400000

1 posts

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

thehackerwire@mastodon.social at 2026-03-19T21:22:38.000Z ##

🔴 CVE-2026-32191 - Critical (9.8)

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32169
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-03-19T21:17:10.233000

2 posts

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

Matchbook3469@mastodon.social at 2026-03-20T07:29:46.000Z ##

🔴 New security advisory:

CVE-2026-32169 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
yazoul.net/advisory/cve/cve-20

#Cybersecurity #VulnerabilityManagement #CyberSec

##
thehackerwire@mastodon.social at 2026-03-19T21:22:28.000Z ##

🔴 CVE-2026-32169 - Critical (10)

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30836
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-03-19T21:17:09.783000

1 posts

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0.

thehackerwire@mastodon.social at 2026-03-19T21:23:22.000Z ##

🔴 CVE-2026-30836 - Critical (10)

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed i...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26139
(8.6 HIGH)

EPSS: 0.00%

updated 2026-03-19T21:17:08.377000

1 posts

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-03-19T21:31:32.000Z ##

🟠 CVE-2026-26139 - High (8.6)

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-23659
(8.6 HIGH)

EPSS: 0.00%

updated 2026-03-19T21:16:55.830000

1 posts

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.

thehackerwire@mastodon.social at 2026-03-19T21:31:41.000Z ##

🟠 CVE-2026-23659 - High (8.6)

Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32886(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-03-19T21:12:42

1 posts

### Impact Remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype chain of a registered cloud function handler, causing a stack overflow. ### Patches The fix restricts property lookups during cloud function name resolution to own properties only, preventing prototype chain traversal from stored

thehackerwire@mastodon.social at 2026-03-19T20:24:59.000Z ##

🟠 CVE-2026-32886 - High (7.5)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted funct...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32944(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-03-19T21:11:56

1 posts

### Impact An unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the server and denies service to all connected clients. ### Patches A depth limit for query condition operator nesting has been added via the `requestComplexity.queryDepth` server option. The option is disabled by default to avoid a

thehackerwire@mastodon.social at 2026-03-19T20:25:09.000Z ##

🟠 CVE-2026-32944 - High (7.5)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nest...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32609
(7.5 HIGH)

EPSS: 0.05%

updated 2026-03-19T21:06:22

1 posts

## Summary The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configuration secrets exposure on the `/api/v4/config` endpoints by introducing `as_dict_secure()` redaction. However, the `/api/v4/args` and `/api/v4/args/{item}` endpoints were not addressed by this fix. These endpoints return the complete command-line arguments namespace via `vars(self.args)`, which includes the password h

thehackerwire@mastodon.social at 2026-03-18T20:00:14.000Z ##

🟠 CVE-2026-32609 - High (7.5)

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configuration secrets exposure on the `/api/v4/config` endpoints by introducing `as_dict_secure()` redaction. However, th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32596(CVSS UNKNOWN)

EPSS: 0.10%

updated 2026-03-19T21:01:58

1 posts

### Summary Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process command-lines containing credentials (passwords, API keys, tokens) to any network client. ### Details Root Cause: Authentication is optional and disabled by default. When no password is provided, the API router initializes with

Nuclei template

thehackerwire@mastodon.social at 2026-03-18T20:00:34.000Z ##

🟠 CVE-2026-32596 - High (7.5)

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process comman...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32256
(7.5 HIGH)

EPSS: 0.01%

updated 2026-03-19T21:00:51

1 posts

# Summary music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infinite loop when a sub-object inside the ASF Header Extension Object has `objectSize = 0`. ## Root Cause When objectSize is 0: 1. `remaining = 0 - 24 = -24` 2. `tokenizer.ignore(-24)` moves the read position backward by 24 bytes 3. `extensionSize -= 0` (loop counter never decreases) 4.

thehackerwire@mastodon.social at 2026-03-18T12:39:42.000Z ##

🟠 CVE-2026-32256 - High (7.5)

music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infinite loop when a sub-object inside the ASF Header...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31938
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-03-19T21:00:35

1 posts

### Impact User control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is opened in. The affected overloads and options are: * `"pdfobjectnewwindow"`: the `pdfObjectUrl` option and the entire options object, which is JSON-serialized and included verbatim in the generated HTML-string. * `"pdfj

thehackerwire@mastodon.social at 2026-03-18T12:39:51.000Z ##

🔴 CVE-2026-31938 - Critical (9.6)

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is open...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-29112
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-19T21:00:25

1 posts

### Impact The `ensureSize()` function in `@dicebear/converter` (versions < 9.4.0) read the `width` and `height` attributes from the input SVG to determine the output canvas size for rasterization (PNG, JPEG, WebP, AVIF). An attacker who can supply a crafted SVG with extremely large dimensions (e.g. `width="999999999"`) could force the server to allocate excessive memory, leading to denial of ser

thehackerwire@mastodon.social at 2026-03-18T12:41:44.000Z ##

🟠 CVE-2026-29112 - High (7.5)

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to determine the output canvas size for rasterizat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4427
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-19T19:34:30

1 posts

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.

thehackerwire@mastodon.social at 2026-03-19T20:00:10.000Z ##

🟠 CVE-2026-4427 - High (7.5)

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-29856
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-19T19:23:57.653000

4 posts

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.

thehackerwire@mastodon.social at 2026-03-19T22:00:31.000Z ##

🟠 CVE-2026-29856 - High (7.5)

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T21:58:25.000Z ##

🟠 CVE-2026-29856 - High (7.5)

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:00:31.000Z ##

🟠 CVE-2026-29856 - High (7.5)

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T21:58:25.000Z ##

🟠 CVE-2026-29856 - High (7.5)

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-29858
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-19T19:23:51.937000

2 posts

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.

thehackerwire@mastodon.social at 2026-03-19T21:58:32.000Z ##

🟠 CVE-2026-29858 - High (7.5)

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T21:58:32.000Z ##

🟠 CVE-2026-29858 - High (7.5)

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28461
(7.5 HIGH)

EPSS: 0.08%

updated 2026-03-19T19:18:18.730000

1 posts

OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo webhook endpoint that allows unauthenticated attackers to trigger in-memory key accumulation by varying query strings. Remote attackers can exploit this by sending repeated requests with different query parameters to cause memory pressure, process instability, or out-of-memory conditions that degrade s

thehackerwire@mastodon.social at 2026-03-19T03:05:27.000Z ##

🟠 CVE-2026-28461 - High (7.5)

OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo webhook endpoint that allows unauthenticated attackers to trigger in-memory key accumulation by varying query strings. Remote attackers can exploit th...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32634
(8.1 HIGH)

EPSS: 0.01%

updated 2026-03-19T19:03:47.010000

1 posts

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances also uses that same un

thehackerwire@mastodon.social at 2026-03-18T18:40:20.000Z ##

🟠 CVE-2026-32634 - High (8.1)

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connectio...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31898
(8.1 HIGH)

EPSS: 0.03%

updated 2026-03-19T19:01:36

1 posts

### Impact User control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with.. * `createAnnotation`: `color` parameter Exa

1 repos

https://github.com/CryptoGhost1/MangoPunch-CVE-2022-31898

thehackerwire@mastodon.social at 2026-03-18T12:40:51.000Z ##

🟠 CVE-2026-31898 - High (8.1)

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsani...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2006-10002
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-19T18:41:50.647000

1 posts

XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause hea

harrysintonen@infosec.exchange at 2026-03-19T15:35:07.000Z ##

Two 20-year-old vulnerabilities fixed in XML::Parser 2.48:

- CVE-2006-10002: XML::Parser versions through 2.47 for Perl could
overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes openwall.com/lists/oss-securit

- CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack openwall.com/lists/oss-securit

The patch fixing these has been available since 2006 but it's nice to see the fix in actual release, too.

#CVE_2006_10002 #CVE_2006_10003

##

CVE-2006-10003
(9.8 CRITICAL)

EPSS: 0.02%

updated 2026-03-19T18:41:18.180000

1 posts

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

harrysintonen@infosec.exchange at 2026-03-19T15:35:07.000Z ##

Two 20-year-old vulnerabilities fixed in XML::Parser 2.48:

- CVE-2006-10002: XML::Parser versions through 2.47 for Perl could
overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes openwall.com/lists/oss-securit

- CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack openwall.com/lists/oss-securit

The patch fixing these has been available since 2006 but it's nice to see the fix in actual release, too.

#CVE_2006_10002 #CVE_2006_10003

##

CVE-2026-22171(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-03-19T18:34:17

1 posts

## Summary OpenClaw’s Feishu media download flow used untrusted Feishu media keys (`imageKey` / `fileKey`) when building temporary file paths in `extensions/feishu/src/media.ts`. Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redirect writes outside `os.tmpdir()`. ## Impact This is an arbitrary file write issue (within

thehackerwire@mastodon.social at 2026-03-18T12:41:53.000Z ##

🟠 CVE-2026-22171 - High (8.2)

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can con...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27980(CVSS UNKNOWN)

EPSS: 0.01%

updated 2026-03-19T18:33:25

1 posts

## Summary The default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. ## Impact An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impact platforms that have their own image optimization capabilities, such as Vercel. ## Patch

thehackerwire@mastodon.social at 2026-03-18T20:01:08.000Z ##

🟠 CVE-2026-27980 - High (7.5)

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unb...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27979(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-03-19T18:31:03

1 posts

## Summary A request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies without consistently enforcing `maxPostponedStateSize` in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments remained vulnerable to the same unbounded postponed resume-body buffering behavior. ## Impact In

thehackerwire@mastodon.social at 2026-03-18T20:16:27.000Z ##

🟠 CVE-2026-27979 - High (7.5)

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-43520
(7.1 HIGH)

EPSS: 0.02%

updated 2026-03-19T18:16:14.930000

2 posts

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.

fmarini@mastodon.social at 2026-03-18T15:43:31.000Z ##

As usual, Wired is… not great 🙄

Regarding DarkSword, the latest objectively bad exploit affecting iOS and Safari, Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.

TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).

wired.com/story/hundreds-of-mi

##
fmarini@mastodon.social at 2026-03-18T15:40:31.000Z ##

@agreenberg more in depth analysis from Google.

It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).

wired.com/story/hundreds-of-mi

##

CVE-2026-27811
(8.8 HIGH)

EPSS: 0.21%

updated 2026-03-19T18:00:58.453000

1 posts

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the `/config/compare/<service>/<server_ip>/show` endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability exists in `app/modules/config/config.py` on line 362, where user input is directly f

thehackerwire@mastodon.social at 2026-03-18T20:01:18.000Z ##

🟠 CVE-2026-27811 - High (8.8)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the `/config/compare///show` endpoint, allowed authenticated users to execute arbitrary sy...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-15031
(8.1 HIGH)

EPSS: 0.03%

updated 2026-03-19T17:56:47

1 posts

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `..` or absolute paths to escape the intended extraction directory. This issue affects the latest version of MLflow and poses a high/critical risk in scen

thehackerwire@mastodon.social at 2026-03-18T23:19:52.000Z ##

🟠 CVE-2025-15031 - High (8.1)

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32728
(7.6 HIGH)

EPSS: 0.05%

updated 2026-03-19T17:41:27.567000

1 posts

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter (e.g. `;charset=utf-8`) to the `Content-Type` header. This causes the extension validation to fail matching against the blocklist, allowing active con

thehackerwire@mastodon.social at 2026-03-19T20:25:19.000Z ##

🟠 CVE-2026-32728 - High (7.6)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME paramet...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32878
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-19T17:28:32.513000

1 posts

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that exploits prototype pollution in the deep copy mechanism. This allows injecting fields into class schemas t

thehackerwire@mastodon.social at 2026-03-19T20:19:01.000Z ##

🟠 CVE-2026-32878 - High (7.5)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30402
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-19T17:16:23.777000

1 posts

An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function

thehackerwire@mastodon.social at 2026-03-19T20:00:21.000Z ##

🔴 CVE-2026-30402 - Critical (9.8)

An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20643
(5.4 MEDIUM)

EPSS: 0.03%

updated 2026-03-19T17:16:22.350000

3 posts

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy.

2 repos

https://github.com/zeroxjf/WebKit-NavigationAPI-SOP-Bypass

https://github.com/Fliv/CVE-2026-20643

oversecurity@mastodon.social at 2026-03-19T11:20:12.000Z ##

Apple Patches WebKit Vulnerability CVE-2026-20643 Across iOS, macOS

Apple has released a new security update to address a critical WebKit vulnerability tracked as CVE-2026-20643. The vulnerability was identified

🔗️ [Thecyberexpress] link.is.it/lPLEWn

##
jbhall56@infosec.exchange at 2026-03-18T12:08:51.000Z ##

The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. thehackernews.com/2026/03/appl

##
teezeh@ieji.de at 2026-03-18T06:54:00.000Z ##

“Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.”

bleepingcomputer.com/news/secu

##

CVE-2026-20131
(10.0 CRITICAL)

EPSS: 0.57%

updated 2026-03-19T17:09:34.303000

6 posts

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java ob

3 repos

https://github.com/p3Nt3st3r-sTAr/CVE-2026-20131-POC

https://github.com/sak110/CVE-2026-20131

https://github.com/Sushilsin/CVE-2026-20131

jbz@indieweb.social at 2026-03-19T21:55:01.000Z ##

⚠️ Ransomware crims abused Cisco 0-day weeks before disclosure

「 Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses 」
theregister.com/2026/03/18/ama

#cisco #0day #Ransomware #infosec

##
secdb@infosec.exchange at 2026-03-19T18:00:17.000Z ##

🚨 [CISA-2026:0319] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-20131 (secdb.nttzen.cloud/cve/detail/)
- Name: Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Known
- Vendor: Cisco
- Product: Secure Firewall Management Center (FMC)
- Notes: sec.cloudapps.cisco.com/securi ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260319 #cisa20260319 #cve_2026_20131 #cve202620131

##
cisakevtracker@mastodon.social at 2026-03-19T16:00:49.000Z ##

CVE ID: CVE-2026-20131
Vendor: Cisco
Product: Secure Firewall Management Center (FMC)
Date Added: 2026-03-19
Notes: sec.cloudapps.cisco.com/securi ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##
patrickcmiller@infosec.exchange at 2026-03-19T11:42:00.000Z ##

Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure securityaffairs.com/189636/mal

##
technadu@infosec.exchange at 2026-03-19T11:31:28.000Z ##

Interlock ransomware exploited Cisco firewall zero-day (CVE-2026-20131) before disclosure.
• Unauth RCE → root
• Memory webshells
• WebSocket C2
technadu.com/interlock-ransomw

#Cybersecurity #ZeroDay #Ransomware

##
youranonnewsirc@nerdculture.de at 2026-03-19T07:56:33.000Z ##

Cybersecurity: Interlock ransomware is exploiting a critical Cisco FMC zero-day (CVE-2026-20131, CVSS 10.0) for root access, active since January 2026. CISA added a Microsoft SharePoint vulnerability (CVE-2026-20963) to its Known Exploited Vulnerabilities Catalog. Geopolitical: Tensions in the Gulf region are escalating, with Iran reportedly targeting energy sites, leading to a sharp spike in oil prices. These events underscore the urgent need for enhanced digital resilience and geopolitical stability.

#Cybersecurity #Geopolitics #AnonNews_irc

##

CVE-2026-32865
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-19T16:16:03.260000

1 posts

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process.

thehackerwire@mastodon.social at 2026-03-19T19:47:05.000Z ##

🔴 CVE-2026-32865 - Critical (9.8)

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-58112
(8.8 HIGH)

EPSS: 0.02%

updated 2026-03-19T15:32:24

4 posts

Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting Services Reports can upload a malicious rdl file. If the malicious rdl file is already loaded and i

thehackerwire@mastodon.social at 2026-03-19T22:00:12.000Z ##

🟠 CVE-2025-58112 - High (8.8)

Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T21:58:06.000Z ##

🟠 CVE-2025-58112 - High (8.8)

Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:00:12.000Z ##

🟠 CVE-2025-58112 - High (8.8)

Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T21:58:06.000Z ##

🟠 CVE-2025-58112 - High (8.8)

Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30704
(9.1 CRITICAL)

EPSS: 0.02%

updated 2026-03-19T15:32:23

4 posts

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB

thehackerwire@mastodon.social at 2026-03-19T22:00:22.000Z ##

🔴 CVE-2026-30704 - Critical (9.1)

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T21:58:16.000Z ##

🔴 CVE-2026-30704 - Critical (9.1)

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:00:22.000Z ##

🔴 CVE-2026-30704 - Critical (9.1)

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T21:58:16.000Z ##

🔴 CVE-2026-30704 - Critical (9.1)

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an unprotected UART interface through accessible hardware pads on the PCB

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-29859
(9.8 CRITICAL)

EPSS: 0.02%

updated 2026-03-19T15:32:23

2 posts

An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.

thehackerwire@mastodon.social at 2026-03-19T21:58:42.000Z ##

🔴 CVE-2026-29859 - Critical (9.8)

An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T21:58:42.000Z ##

🔴 CVE-2026-29859 - Critical (9.8)

An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22558
(7.7 HIGH)

EPSS: 0.00%

updated 2026-03-19T15:31:27

1 posts

An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

thehackerwire@mastodon.social at 2026-03-19T20:18:52.000Z ##

🟠 CVE-2026-22558 - High (7.7)

An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-71260
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-19T15:31:27

1 posts

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE parameter to achieve remote code execution and fully compromise the application. The following hotfixes remedia

1 repos

https://github.com/watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260

thehackerwire@mastodon.social at 2026-03-19T14:17:09.000Z ##

🟠 CVE-2025-71260 - High (8.8)

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply cr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22557
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-03-19T15:31:22

5 posts

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

youranonnewsirc@nerdculture.de at 2026-03-19T23:56:20.000Z ##

Geopolitical tensions surged as Iran targeted Gulf energy after Israeli strikes, spiking oil prices to $118/barrel (March 18-19). In cybersecurity, CISA warned of actively exploited SharePoint flaws (CVE-2026-20963), critical Ubiquiti UniFi (CVE-2026-22557), and Telnetd root-access vulnerabilities (CVE-2026-32746). NVIDIA forecasts $1T AI demand by 2027.
#AnonNews_irc #Cybersecurity #News

##
youranonnewsirc@nerdculture.de at 2026-03-19T23:56:20.000Z ##

Geopolitical tensions surged as Iran targeted Gulf energy after Israeli strikes, spiking oil prices to $118/barrel (March 18-19). In cybersecurity, CISA warned of actively exploited SharePoint flaws (CVE-2026-20963), critical Ubiquiti UniFi (CVE-2026-22557), and Telnetd root-access vulnerabilities (CVE-2026-32746). NVIDIA forecasts $1T AI demand by 2027.
#AnonNews_irc #Cybersecurity #News

##
thehackerwire@mastodon.social at 2026-03-19T20:00:30.000Z ##

🔴 CVE-2026-22557 - Critical (10)

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
chirpbirb@meow.social at 2026-03-19T18:47:09.000Z ##

just like cve-2026-22557, i think you're a 10/10 :neocat_sillycat_kisser:

##
marzlberger@neander.social at 2026-03-19T15:30:30.000Z ##

@agitatra

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE: CVE-2026-22557 (n00r3(@izn0u))

##

CVE-2026-32692
(7.6 HIGH)

EPSS: 0.03%

updated 2026-03-19T15:23:26.870000

1 posts

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within the scope of that Vault secret back-end.

thehackerwire@mastodon.social at 2026-03-18T13:41:15.000Z ##

🟠 CVE-2026-32692 - High (7.6)

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attack...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32693
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-19T15:17:00.180000

1 posts

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the gran

thehackerwire@mastodon.social at 2026-03-18T13:41:25.000Z ##

🟠 CVE-2026-32693 - High (8.8)

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool lo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4424
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-19T15:16:28.300000

1 posts

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication

thehackerwire@mastodon.social at 2026-03-19T19:47:16.000Z ##

🟠 CVE-2026-4424 - High (7.5)

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can e...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31963
(8.1 HIGH)

EPSS: 0.08%

updated 2026-03-19T14:50:54.513000

1 posts

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it stores a location in an external reference sequence along with a list of differences to the reference a

thehackerwire@mastodon.social at 2026-03-19T21:56:44.000Z ##

🟠 CVE-2026-31963 - High (8.1)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of stori...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31966
(9.1 CRITICAL)

EPSS: 0.01%

updated 2026-03-19T14:44:04.400000

1 posts

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it stores a location in an external reference sequence along with a list of differences to the reference a

thehackerwire@mastodon.social at 2026-03-19T21:12:33.000Z ##

🔴 CVE-2026-31966 - Critical (9.1)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of stori...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27065
(9.8 CRITICAL)

EPSS: 0.11%

updated 2026-03-19T13:25:00.570000

3 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1.

offseq@infosec.exchange at 2026-03-19T12:30:30.000Z ##

🚨 CRITICAL: CVE-2026-27065 in ThimPress BuilderPress (≤2.0.1) lets attackers perform unauthenticated RFI, risking full WordPress compromise. Disable plugin & harden PHP configs immediately! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #RFI #CVE202627065

##
thehackerwire@mastodon.social at 2026-03-19T09:24:30.000Z ##

🔴 CVE-2026-27065 - Critical (9.8)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T09:23:16.000Z ##

🔴 CVE-2026-27065 - Critical (9.8)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27067
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-03-19T13:25:00.570000

2 posts

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1.

offseq@infosec.exchange at 2026-03-19T09:30:33.000Z ##

🚨 CRITICAL (CVSS 9.1): Syarif Mobile App Editor ≤1.3.1 hit by CWE-434 unrestricted file upload (CVE-2026-27067). Allows web shell deployment & full compromise. Enforce strict validation, monitor uploads, patch ASAP! radar.offseq.com/threat/cve-20 #OffSeq #CVE202627067 #Infosec

##
thehackerwire@mastodon.social at 2026-03-19T09:23:26.000Z ##

🔴 CVE-2026-27067 - Critical (9.1)

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-60237
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-03-19T13:25:00.570000

1 posts

Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0.

thehackerwire@mastodon.social at 2026-03-19T09:23:45.000Z ##

🔴 CVE-2025-60237 - Critical (9.8)

Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25471
(8.1 HIGH)

EPSS: 0.07%

updated 2026-03-19T13:25:00.570000

1 posts

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through 1.2.6.

thehackerwire@mastodon.social at 2026-03-19T08:23:07.000Z ##

🟠 CVE-2026-25471 - High (8.1)

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through 1.2.6.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27093
(8.1 HIGH)

EPSS: 0.11%

updated 2026-03-19T13:25:00.570000

1 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ovatheme Tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a before 1.5.6.

thehackerwire@mastodon.social at 2026-03-19T07:17:58.000Z ##

🟠 CVE-2026-27093 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ovatheme Tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a before 1.5.6.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27542
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-03-19T13:25:00.570000

1 posts

Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1.

thehackerwire@mastodon.social at 2026-03-19T06:36:24.000Z ##

🔴 CVE-2026-27542 - Critical (9.8)

Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32730
(8.1 HIGH)

EPSS: 0.06%

updated 2026-03-19T13:25:00.570000

1 posts

ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js` (lines 386-389) contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA requirements were NOT — to be used as fully authenticated bearer tokens. This completely bypasses

thehackerwire@mastodon.social at 2026-03-18T23:19:33.000Z ##

🟠 CVE-2026-32730 - High (8.1)

ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js` (lines 386-389) contains an incorrect MongoDB query that allows incomplete login...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-55040
(8.8 HIGH)

EPSS: 0.02%

updated 2026-03-19T13:25:00.570000

1 posts

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install attacker-controlled forms when an authenticated administrator visits a crafted webpage. Full exploitation of

thehackerwire@mastodon.social at 2026-03-18T21:37:03.000Z ##

🟠 CVE-2025-55040 - High (8.8)

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious website...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25873
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-03-19T13:25:00.570000

1 posts

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code execution on the host system running the exposed service.

thehackerwire@mastodon.social at 2026-03-18T21:35:42.000Z ##

🔴 CVE-2026-25873 - Critical (9.8)

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle de...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24062
(7.8 HIGH)

EPSS: 0.01%

updated 2026-03-19T13:25:00.570000

1 posts

The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation.

thehackerwire@mastodon.social at 2026-03-18T19:30:40.000Z ##

🟠 CVE-2026-24062 - High (7.8)

The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged act...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27135
(7.5 HIGH)

EPSS: 0.01%

updated 2026-03-19T13:25:00.570000

1 posts

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection er

thehackerwire@mastodon.social at 2026-03-18T18:41:34.000Z ##

🟠 CVE-2026-27135 - High (7.5)

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_termin...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32610
(8.1 HIGH)

EPSS: 0.03%

updated 2026-03-19T13:25:00.570000

1 posts

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets `allow_origins=["*"]` combined with `allow_credentials=True`. When both of these options are enabled together, Starlette's `CORSMiddleware` reflects the requesting `Origin` header value in the `Access-Control-Allow-Origin` respon

thehackerwire@mastodon.social at 2026-03-18T17:28:08.000Z ##

🟠 CVE-2026-32610 - High (8.1)

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets `allow_origins=["*"]` combined with `allow_credentials=True`. When both of t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3658
(7.5 HIGH)

EPSS: 0.07%

updated 2026-03-19T12:30:41

1 posts

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional

thehackerwire@mastodon.social at 2026-03-19T12:39:48.000Z ##

🟠 CVE-2026-3658 - High (7.5)

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3511
(8.6 HIGH)

EPSS: 0.04%

updated 2026-03-19T12:30:41

1 posts

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends req

thehackerwire@mastodon.social at 2026-03-19T12:39:39.000Z ##

🟠 CVE-2026-3511 - High (8.6)

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25445
(8.8 HIGH)

EPSS: 0.05%

updated 2026-03-19T09:30:25

2 posts

Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0.

thehackerwire@mastodon.social at 2026-03-19T09:24:19.000Z ##

🟠 CVE-2026-25445 - High (8.8)

Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T09:23:07.000Z ##

🟠 CVE-2026-25445 - High (8.8)

Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-60233
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-03-19T09:30:25

1 posts

Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2.

thehackerwire@mastodon.social at 2026-03-19T09:23:35.000Z ##

🔴 CVE-2025-60233 - Critical (9.8)

Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25443
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-19T09:30:25

1 posts

Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3.

thehackerwire@mastodon.social at 2026-03-19T09:22:58.000Z ##

🟠 CVE-2026-25443 - High (7.5)

Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25312
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-19T09:30:25

1 posts

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.2.8.3.

thehackerwire@mastodon.social at 2026-03-19T08:23:17.000Z ##

🟠 CVE-2026-25312 - High (7.5)

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.2.8.3.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27540
(9.1 CRITICAL)

EPSS: 0.04%

updated 2026-03-19T06:30:33

3 posts

Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1.

1 repos

https://github.com/DeadExpl0it/CVE-2026-27540-WordPress-Exploit-PoC

offseq@infosec.exchange at 2026-03-19T08:00:27.000Z ##

🚨 CVE-2026-27540 (CVSS 9.0): Woocommerce Wholesale Lead Capture plugin lets unauthenticated attackers upload malicious files — remote code execution & full compromise possible. Disable plugin, enforce file type restrictions! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln

##
thehackerwire@mastodon.social at 2026-03-19T06:53:37.000Z ##

🔴 CVE-2026-27540 - Critical (9)

Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T06:36:18.000Z ##

🔴 CVE-2026-27540 - Critical (9)

Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27413
(9.3 CRITICAL)

EPSS: 0.03%

updated 2026-03-19T06:30:33

3 posts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through 3.13.9.

thehackerwire@mastodon.social at 2026-03-19T06:53:28.000Z ##

🔴 CVE-2026-27413 - Critical (9.3)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through 3.13.9.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T06:36:09.000Z ##

🔴 CVE-2026-27413 - Critical (9.3)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through 3.13.9.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-19T06:30:27.000Z ##

🔴 CVE-2026-27413: CRITICAL Blind SQL Injection in Cozmoslabs Profile Builder Pro (≤3.13.9) allows unauthenticated data exfiltration. No patch yet — restrict access, monitor logs. Details: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #SQLi #Infosec

##

CVE-2026-27096
(8.1 HIGH)

EPSS: 0.04%

updated 2026-03-19T06:30:33

2 posts

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3.

thehackerwire@mastodon.social at 2026-03-19T06:40:45.000Z ##

🟠 CVE-2026-27096 - High (8.1)

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T06:36:00.000Z ##

🟠 CVE-2026-27096 - High (8.1)

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32633
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-03-18T21:48:49

1 posts

## Summary In Central Browser mode, the `/api/4/serverslist` endpoint returns raw server objects from `GlancesServersList.get_servers_list()`. Those objects are mutated in-place during background polling and can contain a `uri` field with embedded HTTP Basic credentials for downstream Glances servers, using the reusable pbkdf2-derived Glances authentication secret. If the front Glances Browser/A

thehackerwire@mastodon.social at 2026-03-18T18:41:24.000Z ##

🔴 CVE-2026-32633 - Critical (9.1)

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/api/4/serverslist` endpoint returns raw server objects from `GlancesServersList.get_servers_list()`. Those objects are mutated ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-26740
(8.2 HIGH)

EPSS: 0.10%

updated 2026-03-18T21:34:01

1 posts

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

thehackerwire@mastodon.social at 2026-03-18T19:30:31.000Z ##

🟠 CVE-2026-26740 - High (8.2)

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4396
(8.3 HIGH)

EPSS: 0.01%

updated 2026-03-18T21:33:04

1 posts

Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification.

thehackerwire@mastodon.social at 2026-03-18T21:35:51.000Z ##

🟠 CVE-2026-4396 - High (8.3)

Improper certificate validation in Devolutions Hub Reporting Service
2025.3.1.1 and earlier allows a network attacker to perform a
man-in-the-middle attack via disabled TLS certificate verification.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20963
(8.8 HIGH)

EPSS: 9.87%

updated 2026-03-18T21:32:58

6 posts

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

youranonnewsirc@nerdculture.de at 2026-03-19T23:56:20.000Z ##

Geopolitical tensions surged as Iran targeted Gulf energy after Israeli strikes, spiking oil prices to $118/barrel (March 18-19). In cybersecurity, CISA warned of actively exploited SharePoint flaws (CVE-2026-20963), critical Ubiquiti UniFi (CVE-2026-22557), and Telnetd root-access vulnerabilities (CVE-2026-32746). NVIDIA forecasts $1T AI demand by 2027.
#AnonNews_irc #Cybersecurity #News

##
youranonnewsirc@nerdculture.de at 2026-03-19T23:56:20.000Z ##

Geopolitical tensions surged as Iran targeted Gulf energy after Israeli strikes, spiking oil prices to $118/barrel (March 18-19). In cybersecurity, CISA warned of actively exploited SharePoint flaws (CVE-2026-20963), critical Ubiquiti UniFi (CVE-2026-22557), and Telnetd root-access vulnerabilities (CVE-2026-32746). NVIDIA forecasts $1T AI demand by 2027.
#AnonNews_irc #Cybersecurity #News

##
AAKL@infosec.exchange at 2026-03-19T14:56:46.000Z ##

If you missed this yesterday, CISA added two vulnerabilities to the KEV catalogue.

- CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability cve.org/CVERecord?id=CVE-2025- #CISA #infosec #Zimbra #Microsoft #vulnerability

##
offseq@infosec.exchange at 2026-03-19T11:00:27.000Z ##

⚠️ CRITICAL: CISA reports active exploits of CVE-2026-20963 in Microsoft SharePoint. Remote code execution allows full server compromise. Patch now, monitor logs, segment networks! radar.offseq.com/threat/cisa-w #OffSeq #SharePoint #Vuln #RCE

##
youranonnewsirc@nerdculture.de at 2026-03-19T07:56:33.000Z ##

Cybersecurity: Interlock ransomware is exploiting a critical Cisco FMC zero-day (CVE-2026-20131, CVSS 10.0) for root access, active since January 2026. CISA added a Microsoft SharePoint vulnerability (CVE-2026-20963) to its Known Exploited Vulnerabilities Catalog. Geopolitical: Tensions in the Gulf region are escalating, with Iran reportedly targeting energy sites, leading to a sharp spike in oil prices. These events underscore the urgent need for enhanced digital resilience and geopolitical stability.

#Cybersecurity #Geopolitics #AnonNews_irc

##
cisakevtracker@mastodon.social at 2026-03-18T21:00:54.000Z ##

CVE ID: CVE-2026-20963
Vendor: Microsoft
Product: SharePoint
Date Added: 2026-03-18
Notes: msrc.microsoft.com/update-guid ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-22729
(8.6 HIGH)

EPSS: 0.05%

updated 2026-03-18T20:20:27

3 posts

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents. Thi

_r_netsec@infosec.exchange at 2026-03-19T12:43:05.000Z ##

CVE-2026-22729: JSONPath Injection in Spring AI’s PgVectorStore blog.securelayer7.net/cve-2026

##
thehackerwire@mastodon.social at 2026-03-18T10:00:27.000Z ##

🟠 CVE-2026-22729 - High (8.6)

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
offseq@infosec.exchange at 2026-03-18T09:00:31.000Z ##

🔒 HIGH: CVE-2026-22729 in VMware Spring AI (1.0.x, 1.1.x) enables JSONPath injection, letting authenticated users bypass access controls and access sensitive docs. Patch or sanitize input! radar.offseq.com/threat/cve-20 #OffSeq #SpringAI #CVE202622729 #AppSec

##

CVE-2026-32731
(10.0 CRITICAL)

EPSS: 0.06%

updated 2026-03-18T19:49:08

3 posts

**Reported:** 2026-03-08 **Status:** patched and released in version 3.5.3 of `@apostrophecms/import-export` --- ## Product | Field | Value | |---|---| | Repository | `apostrophecms/apostrophe` (monorepo) | | Affected Package | `@apostrophecms/import-export` | | Affected File | `packages/import-export/lib/formats/gzip.js` | | Affected Function | `extract(filepath, exportPath)` — lines ~132–15

1 repos

https://github.com/0xEr3n/CVE-2026-32731

offseq@infosec.exchange at 2026-03-19T02:00:32.000Z ##

🔎 CVE-2026-32731 (CRITICAL, CVSS 10): Path traversal in ApostropheCMS import-export <3.5.3 lets attackers write files as Node.js user via crafted archives. Upgrade to 3.5.3+ and restrict permissions now! Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE202632731 #infosec #cms

##
offseq@infosec.exchange at 2026-03-19T00:00:39.000Z ##

🚨 CRITICAL: CVE-2026-32731 in ApostropheCMS import-export (<3.5.3) allows path traversal via crafted .tar.gz uploads — attackers can write files anywhere the Node.js process can. Upgrade to 3.5.3+ ASAP! radar.offseq.com/threat/cve-20 #OffSeq #CVE202632731 #ApostropheCMS #infosec

##
thehackerwire@mastodon.social at 2026-03-18T23:19:42.000Z ##

🔴 CVE-2026-32731 - Critical (9.9)

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`,
The `extract()` function in `gzip.js` constructs file-write paths using `fs.createWriteStream(path.join(exportPath, header.name...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-29056
(8.8 HIGH)

EPSS: 0.13%

updated 2026-03-18T19:40:48.907000

1 posts

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()` without filtering out the `role` field. An attacker who receives an invite link can inject `role=app-admin` in the registration form to create an administrator a

thehackerwire@mastodon.social at 2026-03-18T20:00:58.000Z ##

🟠 CVE-2026-29056 - High (8.8)

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()` without ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2992
(8.2 HIGH)

EPSS: 0.04%

updated 2026-03-18T18:31:24

1 posts

The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the `/wp-json/kivicare/v1/setup-wizard/clinic` REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to create a new clinic and a WordPress user with clinic admin privileges.

thehackerwire@mastodon.social at 2026-03-18T18:41:44.000Z ##

🟠 CVE-2026-2992 - High (8.2)

The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the `/wp-json/kivicare/v1/setup-wizard/clinic` REST API endpoint in all versions up to, and includ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2991
(9.8 CRITICAL)

EPSS: 0.16%

updated 2026-03-18T18:31:24

1 posts

The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the `patientSocialLogin()` function not verifying the social provider access token before authenticating a user. This makes it possible for unauthenticated attackers to log in as any patient registered on the system by provi

1 repos

https://github.com/joshuavanderpoll/CVE-2026-2991

thehackerwire@mastodon.social at 2026-03-18T17:28:27.000Z ##

🔴 CVE-2026-2991 - Critical (9.8)

The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the `patientSocialLogin()` function not verifying the social provider...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1463
(8.8 HIGH)

EPSS: 0.09%

updated 2026-03-18T18:31:17

1 posts

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PH

thehackerwire@mastodon.social at 2026-03-18T17:28:18.000Z ##

🟠 CVE-2026-1463 - High (8.8)

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24063
(8.3 HIGH)

EPSS: 0.01%

updated 2026-03-18T18:31:16

1 posts

When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an at

thehackerwire@mastodon.social at 2026-03-18T19:30:50.000Z ##

🟠 CVE-2026-24063 - High (8.2)

When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninsta...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-66376
(7.2 HIGH)

EPSS: 28.82%

updated 2026-03-18T18:31:10

4 posts

Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

technadu@infosec.exchange at 2026-03-19T15:11:27.000Z ##

CISA adds Zimbra XSS (CVE-2025-66376) to KEV.
Actively exploited.
Patch immediately.

Source: cisa.gov/news-events/alerts/20

Follow TechNadu.

#InfoSec #VulnMgmt

##
AAKL@infosec.exchange at 2026-03-19T14:56:46.000Z ##

If you missed this yesterday, CISA added two vulnerabilities to the KEV catalogue.

- CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability cve.org/CVERecord?id=CVE-2025- #CISA #infosec #Zimbra #Microsoft #vulnerability

##
secdb@infosec.exchange at 2026-03-18T20:00:20.000Z ##

🚨 [CISA-2026:0318] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-66376 (secdb.nttzen.cloud/cve/detail/)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: wiki.zimbra.com/wiki/Zimbra_Se ; nvd.nist.gov/vuln/detail/CVE-2

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260318 #cisa20260318 #cve_2025_66376 #cve202566376

##
cisakevtracker@mastodon.social at 2026-03-18T18:00:52.000Z ##

CVE ID: CVE-2025-66376
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Date Added: 2026-03-18
Notes: wiki.zimbra.com/wiki/Zimbra_Se ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-32640
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-03-18T18:26:49.927000

1 posts

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing t

thehackerwire@mastodon.social at 2026-03-18T22:14:25.000Z ##

🔴 CVE-2026-32640 - Critical (9.8)

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to Simple...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22730
(8.8 HIGH)

EPSS: 0.04%

updated 2026-03-18T16:16:26.157000

3 posts

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.

1 repos

https://github.com/NULL200OK/CVE-2026-22730-Scanner

_r_netsec@infosec.exchange at 2026-03-19T08:58:05.000Z ##

CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector Store blog.securelayer7.net/cve-2026

##
offseq@infosec.exchange at 2026-03-18T10:30:29.000Z ##

🚨 CVE-2026-22730: HIGH-severity SQL injection in VMware Spring AI (1.0.x, 1.1.x) lets users with limited privileges run arbitrary SQL via MariaDBFilterExpressionConverter. Patch ASAP & harden input validation! radar.offseq.com/threat/cve-20 #OffSeq #VMware #SQLi #Infosec

##
thehackerwire@mastodon.social at 2026-03-18T10:00:37.000Z ##

🟠 CVE-2026-22730 - High (8.8)

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.

The vulnerability exists due to missing input sanitization.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32746
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-03-18T15:30:44

11 posts

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

4 repos

https://github.com/jeffaf/cve-2026-32746

https://github.com/chosenonehacks/CVE-2026-32746

https://github.com/danindiana/cve-2026-32746-mitigation

https://github.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746

youranonnewsirc@nerdculture.de at 2026-03-19T23:56:20.000Z ##

Geopolitical tensions surged as Iran targeted Gulf energy after Israeli strikes, spiking oil prices to $118/barrel (March 18-19). In cybersecurity, CISA warned of actively exploited SharePoint flaws (CVE-2026-20963), critical Ubiquiti UniFi (CVE-2026-22557), and Telnetd root-access vulnerabilities (CVE-2026-32746). NVIDIA forecasts $1T AI demand by 2027.
#AnonNews_irc #Cybersecurity #News

##
glitterbean@wehavecookies.social at 2026-03-19T22:19:24.000Z ##

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE) labs.watchtowr.com/a-32-year-o

##
youranonnewsirc@nerdculture.de at 2026-03-19T23:56:20.000Z ##

Geopolitical tensions surged as Iran targeted Gulf energy after Israeli strikes, spiking oil prices to $118/barrel (March 18-19). In cybersecurity, CISA warned of actively exploited SharePoint flaws (CVE-2026-20963), critical Ubiquiti UniFi (CVE-2026-22557), and Telnetd root-access vulnerabilities (CVE-2026-32746). NVIDIA forecasts $1T AI demand by 2027.
#AnonNews_irc #Cybersecurity #News

##
_r_netsec@infosec.exchange at 2026-03-19T20:28:05.000Z ##

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746) - watchTowr Labs labs.watchtowr.com/a-32-year-o

##
_r_netsec@infosec.exchange at 2026-03-19T00:28:05.000Z ##

CVE-2026-32746 GNU telnetd Buffer Overflow PoC - Critical (9.8) pwn.guide/free/other/cve-2026-

##
beyondmachines1@infosec.exchange at 2026-03-18T20:01:48.000Z ##

Critical Unpatched Telnetd Flaw Enables Unauthenticated Root Remote Code Execution

GNU InetUtils telnetd contains a critical unpatched buffer overflow (CVE-2026-32746) that allow unauthenticated remote code execution.

**Another critical and trivial flaw in Telnet. Check if you are using Telnet anywhere in your network. It's urgent. Stop using Telnet and switch to SSH. Naturally, as a first step make sure to isolate the Telnet interface to trusted networks. But that's not a good long term approach, Telnet is inherently a lot less secure than SSH.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##
linux@activitypub.awakari.com at 2026-03-18T11:40:06.000Z ## A Ghost From the 1990s: How a Decades-Old Telnet Daemon Is Now a Gateway Into Modern Linux Systems A critical buffer overflow in the BSD-derived telnetd daemon (CVE-2026-32746, CVSS 9.8) enables un...

#CybersecurityUpdate #NetSecPro #buffer #overflow #CVE-2026-32746 #inetutils-telnetd #Linux #security #remote #code #execution

Origin | Interest | Match ##
sambowne@infosec.exchange at 2026-03-18T12:50:36.000Z ##

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE thehackernews.com/2026/03/crit

##
benzogaga33@mamot.fr at 2026-03-18T10:40:04.000Z ##

CVE-2026-32746 : les serveurs Linux menacés par une nouvelle faille Telnet it-connect.fr/cve-2026-32746-l #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux

##
patrickcmiller@infosec.exchange at 2026-03-18T09:42:00.000Z ##

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23 thehackernews.com/2026/03/crit

##
hackerworkspace@infosec.exchange at 2026-03-18T06:42:05.000Z ##

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

thehackernews.com/2026/03/crit

Short summary: hackerworkspace.com/article/cr

#cybersecurity #threatintelligence #vulnerability

##

CVE-2026-30707
(8.1 HIGH)

EPSS: 0.03%

updated 2026-03-18T14:52:44.227000

1 posts

An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this method directly to retrieve the full answer key

thehackerwire@mastodon.social at 2026-03-18T20:16:47.000Z ##

🟠 CVE-2026-30707 - High (8.1)

An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this meth...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25449
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-03-18T14:52:44.227000

1 posts

Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1.

thehackerwire@mastodon.social at 2026-03-18T20:00:24.000Z ##

🔴 CVE-2026-25449 - Critical (9.8)

Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30884
(9.6 CRITICAL)

EPSS: 0.02%

updated 2026-03-18T14:52:44.227000

2 posts

mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course can read and silently overwrite certificate elements belonging to any other course in the Moodle installation. The `core_get_fragment` callback `editele

thehackerwire@mastodon.social at 2026-03-18T13:41:34.000Z ##

🔴 CVE-2026-30884 - Critical (9.6)

mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-18T12:41:11.000Z ##

🔴 CVE-2026-30884 - Critical (9.6)

mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30922
(7.5 HIGH)

EPSS: 0.04%

updated 2026-03-18T14:52:44.227000

1 posts

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the deco

thehackerwire@mastodon.social at 2026-03-18T12:41:34.000Z ##

🟠 CVE-2026-30922 - High (7.5)

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31891
(7.7 HIGH)

EPSS: 0.03%

updated 2026-03-18T14:52:44.227000

1 posts

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the `/api/content/aggregate/{model}` endpoint is publicly accessible or reachable by untrusted users may be vulnerable, and attackers in possession

1 repos

https://github.com/ffasterss/CVE-2026-31891

thehackerwire@mastodon.social at 2026-03-18T12:41:01.000Z ##

🟠 CVE-2026-31891 - High (7.7)

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment w...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-41258
(8.0 HIGH)

EPSS: 0.03%

updated 2026-03-18T14:52:44.227000

1 posts

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

thehackerwire@mastodon.social at 2026-03-18T12:39:33.000Z ##

🟠 CVE-2025-41258 - High (8)

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22321
(5.3 MEDIUM)

EPSS: 0.04%

updated 2026-03-18T14:52:44.227000

1 posts

A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a low‑severity availability disruption.

certvde@infosec.exchange at 2026-03-18T07:36:34.000Z ##

#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware

Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318

certvde.com/en/advisories/vde-

#CSAF phoenixcontact.csaf-tp.certvde

##

CVE-2026-22317
(7.2 HIGH)

EPSS: 0.06%

updated 2026-03-18T14:52:44.227000

1 posts

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges.

certvde@infosec.exchange at 2026-03-18T07:36:34.000Z ##

#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware

Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318

certvde.com/en/advisories/vde-

#CSAF phoenixcontact.csaf-tp.certvde

##

CVE-2026-22319
(4.9 MEDIUM)

EPSS: 0.04%

updated 2026-03-18T14:52:44.227000

1 posts

A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack.

certvde@infosec.exchange at 2026-03-18T07:36:34.000Z ##

#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware

Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318

certvde.com/en/advisories/vde-

#CSAF phoenixcontact.csaf-tp.certvde

##

CVE-2026-22316
(6.5 MEDIUM)

EPSS: 0.09%

updated 2026-03-18T14:52:44.227000

1 posts

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.

certvde@infosec.exchange at 2026-03-18T07:36:34.000Z ##

#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware

Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318

certvde.com/en/advisories/vde-

#CSAF phoenixcontact.csaf-tp.certvde

##

CVE-2026-32606
(7.6 HIGH)

EPSS: 0.01%

updated 2026-03-18T14:52:44.227000

1 posts

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel (UKI) boot image. That's because in this c

thehackerwire@mastodon.social at 2026-03-18T06:59:22.000Z ##

🟠 CVE-2026-32606 - High (7.6)

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypte...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30405
(7.5 HIGH)

EPSS: 0.11%

updated 2026-03-18T12:58:46

1 posts

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute.

thehackerwire@mastodon.social at 2026-03-18T22:00:23.000Z ##

🟠 CVE-2026-30405 - High (7.5)

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22322
(7.1 HIGH)

EPSS: 0.08%

updated 2026-03-18T09:30:35

1 posts

A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, enabling unauthorized actions such as interface manipulation. The session cookie is secure

certvde@infosec.exchange at 2026-03-18T07:36:34.000Z ##

#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware

Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318

certvde.com/en/advisories/vde-

#CSAF phoenixcontact.csaf-tp.certvde

##

CVE-2026-22318
(4.9 MEDIUM)

EPSS: 0.04%

updated 2026-03-18T09:30:34

1 posts

A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack.

certvde@infosec.exchange at 2026-03-18T07:36:34.000Z ##

#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware

Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318

certvde.com/en/advisories/vde-

#CSAF phoenixcontact.csaf-tp.certvde

##

CVE-2026-22320
(6.5 MEDIUM)

EPSS: 0.04%

updated 2026-03-18T09:30:34

1 posts

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service.

certvde@infosec.exchange at 2026-03-18T07:36:34.000Z ##

#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware

Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318

certvde.com/en/advisories/vde-

#CSAF phoenixcontact.csaf-tp.certvde

##

CVE-2026-22323
(7.1 HIGH)

EPSS: 0.04%

updated 2026-03-18T09:30:34

1 posts

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the

certvde@infosec.exchange at 2026-03-18T07:36:34.000Z ##

#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware

Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318

certvde.com/en/advisories/vde-

#CSAF phoenixcontact.csaf-tp.certvde

##

CVE-2026-3888
(7.9 HIGH)

EPSS: 0.01%

updated 2026-03-18T06:31:20

19 posts

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

3 repos

https://github.com/Many-Hat-Group/Ubuntu-CVE-2026-3888-patcher

https://github.com/netw0rk7/CVE-2026-3888-PoC

https://github.com/fevar54/CVE-2026-3888-POC-all-from-the-Qualys-platform.

patrickcmiller at 2026-03-19T22:42:00.823Z ##

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit thehackernews.com/2026/03/ubun

##
linux@activitypub.awakari.com at 2026-03-19T22:32:26.000Z ## Debian DSA-6170-1 snapd Local Escalation CVE-2026-3888 Advisory The Qualys Threat Research Unit (TRU) discovered a local privilege escalation vulnerability in snapd, a daemon and tooling that enabl...

#Debian #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##
patrickcmiller@infosec.exchange at 2026-03-19T22:42:00.000Z ##

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit thehackernews.com/2026/03/ubun

##
magi@mastodon.uno at 2026-03-19T21:37:51.000Z ##

Ubuntu a rischio: bug di Snap permette accesso root (CVE-2026-3888)
#Ubuntu
Scoperta una vulnerabilità critica in Ubuntu (CVE-2026-3888): il sistema Snap permette escalation a root.

marcosbox.com/2026/03/19/ubunt

@sicurezza

##
jbz@indieweb.social at 2026-03-19T20:55:01.000Z ##

「 Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles. 」
blog.qualys.com/vulnerabilitie

#ubuntu #snap #infosec

##
lobsters@mastodon.social at 2026-03-19T15:35:13.000Z ##

snap-confine + systemd-tmpfiles = root (CVE-2026-3888) lobste.rs/s/deodzu #linux #security
cdn2.qualys.com/advisory/2026/

##
AAKL@infosec.exchange at 2026-03-19T15:02:00.000Z ##

Qualys, posted yesterday: CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root blog.qualys.com/vulnerabilitie

More:

Infosesecurity-Magazine: New Flaw Affecting Ubuntu Enables Local Attackers to Gain Root Access infosecurity-magazine.com/news #Ubuntu #Linux #infosec #vulnerability

##
devuan@toot.community at 2026-03-19T11:31:38.000Z ##

Found yet another high severity #systemd bug in Ubuntu: local root privilege escalation (CVE-2026-3888)

cybersecurity88.com/news/ubunt

Let us wish all #Devuan users a wonderful day out with their family for a merry father's day, instead of shoveling unicorn shit.

##
lobsters@mastodon.social at 2026-03-19T03:40:19.000Z ##

CVE-2026-3888: Snap Flaw, Local Privilege Escalation to Root via @RunxiYu lobste.rs/s/ccys1t #security
blog.qualys.com/vulnerabilitie

##
hn100@social.lansky.name at 2026-03-19T02:25:10.000Z ##

CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root

Link: blog.qualys.com/vulnerabilitie
Discussion: news.ycombinator.com/item?id=4

##
_r_netsec@infosec.exchange at 2026-03-19T00:43:05.000Z ##

Ubtuntu 24.04+ Snapd Local Privilege Escalation (CVE-2026-3888) blog.qualys.com/vulnerabilitie

##
hn50@social.lansky.name at 2026-03-18T21:10:07.000Z ##

CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root

Link: blog.qualys.com/vulnerabilitie
Discussion: news.ycombinator.com/item?id=4

##
hackerworkspace@infosec.exchange at 2026-03-18T18:50:08.000Z ##

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

thehackernews.com/2026/03/ubun

Short summary: hackerworkspace.com/article/ub

#cybersecurity #vulnerability #exploit

##
threatcodex@infosec.exchange at 2026-03-18T16:25:46.000Z ##

CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
#CVE_2026_3888
blog.qualys.com/vulnerabilitie

##
youranonnewsirc@nerdculture.de at 2026-03-18T15:56:29.000Z ##

Global tensions heighten as the US-Iran conflict escalates, impacting oil markets via the Strait of Hormuz (March 18). Technology sees continued rapid AI advancement, with OpenAI's GPT-5.4 and Anthropic's Claude Sonnet 4.6 released (March 17). In cybersecurity, the EU sanctioned private cyber offensive groups (March 17), and a critical Ubuntu privilege escalation flaw (CVE-2026-3888) was discovered (March 18). AI-driven threats also increasingly impact M&A security.

#Geopolitics #Cybersecurity #AINews

##
sambowne@infosec.exchange at 2026-03-18T13:02:32.000Z ##

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit thehackernews.com/2026/03/ubun

##
technadu@infosec.exchange at 2026-03-18T12:58:09.000Z ##

Critical Ubuntu flaw (CVE-2026-3888) enables local root escalation via Snap.

Delayed exploit (10–30 days) makes detection harder.

Patch snapd immediately.
technadu.com/critical-cve-2026

#Cybersecurity #Linux #Ubuntu

##
patrickcmiller@infosec.exchange at 2026-03-18T12:12:00.000Z ##

CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit securityaffairs.com/189614/sec

##
benzogaga33@mamot.fr at 2026-03-18T10:40:04.000Z ##

CVE-2026-3888 : quand le nettoyage système d’Ubuntu offre un accès root it-connect.fr/cve-2026-3888-qu #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux

##

CVE-2026-28498
(7.5 HIGH)

EPSS: 0.01%

updated 2026-03-17T20:40:37.573000

1 posts

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) cl

thehackerwire@mastodon.social at 2026-03-18T21:46:07.000Z ##

🟠 CVE-2026-28498 - High (7.5)

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specificall...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4276
(7.5 HIGH)

EPSS: 0.06%

updated 2026-03-17T18:31:38

1 posts

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.

thehackerwire@mastodon.social at 2026-03-18T22:00:33.000Z ##

🟠 CVE-2026-4276 - High (7.5)

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32292
(7.5 HIGH)

EPSS: 0.03%

updated 2026-03-17T18:30:37

1 posts

The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.

offseq@infosec.exchange at 2026-03-18T07:30:28.000Z ##

⚠️ CVE-2026-32292: CRITICAL vuln in GL-iNet Comet KVM (CVSS 9.3) — web UI lacks brute-force protections. No patch yet. Restrict access, use strong creds, monitor logs! Details: radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Cybersecurity #BruteForce

##

CVE-2025-50881
(8.8 HIGH)

EPSS: 0.20%

updated 2026-03-17T15:37:26

1 posts

The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficient validation, and incorporates this input into a string that is subsequently executed by the `eval()` function. Although a `method_exists()` check is per

1 repos

https://github.com/0xdeadbit/CVE-2025-50881

thehackerwire@mastodon.social at 2026-03-18T21:00:39.000Z ##

🟠 CVE-2025-50881 - High (8.8)

The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficien...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4177
(9.1 CRITICAL)

EPSS: 0.01%

updated 2026-03-17T15:37:26

1 posts

YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurr

thehackerwire@mastodon.social at 2026-03-18T21:00:18.000Z ##

🔴 CVE-2026-4177 - Critical (9.1)

YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.

The heap overflow occurs when class names exceed the initial 512-byte allocation.

The ba...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-69783
(7.8 HIGH)

EPSS: 0.01%

updated 2026-03-17T15:37:25

1 posts

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe). This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as configuration changes, process monitoring, and IOCTL communication that should be restricted to trus

thehackerwire@mastodon.social at 2026-03-18T22:14:16.000Z ##

🟠 CVE-2025-69783 - High (7.8)

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe). This allows unauthorized interaction with the OpenEDR kernel driver,...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32267(CVSS UNKNOWN)

EPSS: 0.03%

updated 2026-03-17T15:23:52

1 posts

### Summary A low-privilege user (or an unauthenticated user who has been sent a shared URL) can escalate their privileges to admin by abusing `UsersController->actionImpersonateWithToken`. Affected users should update to Craft 4.17.6 and 5.9.12 to mitigate the issue. ### Details This vulnerability allows any low-privilege user to escalate their privileges and become an admin, or, in extreme cir

thehackerwire@mastodon.social at 2026-03-18T21:45:48.000Z ##

🔴 CVE-2026-32267 - Critical (9.8)

Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user (or an unauthenticated user who has been sent a shared URL) can escalate thei...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-66687
(7.5 HIGH)

EPSS: 0.36%

updated 2026-03-17T14:20:01.670000

1 posts

Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files

thehackerwire@mastodon.social at 2026-03-18T22:00:14.000Z ##

🟠 CVE-2025-66687 - High (7.5)

Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-69902
(9.8 CRITICAL)

EPSS: 0.26%

updated 2026-03-17T14:20:01.670000

1 posts

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

thehackerwire@mastodon.social at 2026-03-18T21:00:28.000Z ##

🔴 CVE-2025-69902 - Critical (9.8)

A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32136
(9.8 CRITICAL)

EPSS: 0.79%

updated 2026-03-12T14:47:49

1 posts

VULNERABILITY: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass ======================================================================== Severity:  CRITICAL CVSS 3.1:  9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CWE:       CWE-287 (Improper Authentication) Component: internal/home/web.go Affected:  AdGuardHome (tested on v0.107.72) ---------------------------------------------------------------

benzogaga33@mamot.fr at 2026-03-18T10:40:03.000Z ##

Votre AdGuard Home est vulnérable à une compromission totale : CVE-2026-32136 it-connect.fr/votre-adguard-ho #ActuCybersécurité #Cybersécurité #Vulnérabilité

##

CVE-2025-15576
(7.5 HIGH)

EPSS: 0.01%

updated 2026-03-10T21:33:20

1 posts

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this case, cooperating processes in the two jails may establish a connection using a unix domain socket and

ricardo@bsd.cafe at 2026-03-18T07:01:01.000Z ##

Jail chroot escape via fd exchange with a different jail
CVE-2025-15576

"Note that in order to exploit this problem, an attacker requires control over processes in two jails which share a nullfs mount in which a unix socket can be installed."

freebsd.org/security/advisorie

#freebsd #jails #security

##

CVE-2026-3630
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-03-10T21:32:13

1 posts

Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.

beyondmachines1@infosec.exchange at 2026-03-19T16:01:48.000Z ##

Critical RCE Vulnerability Patched in Delta Electronics COMMGR 2

Delta Electronics patched a critical stack-based buffer overflow (CVE-2026-3630) and an out-of-bounds read (CVE-2026-3631) in its COMMGR 2 software that could allow unauthenticated attackers to execute remote code or leak sensitive data.

**Make sure all industrial devices are isolated from the internet and accessible from trusted networks only. Update Delta Electronics COMMGR 2 software to version 2.11.1 as soon as possible. In the meantime make sure they are isolated from the internet.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-3631
(7.5 HIGH)

EPSS: 0.06%

updated 2026-03-09T06:31:19

1 posts

Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.

beyondmachines1@infosec.exchange at 2026-03-19T16:01:48.000Z ##

Critical RCE Vulnerability Patched in Delta Electronics COMMGR 2

Delta Electronics patched a critical stack-based buffer overflow (CVE-2026-3630) and an out-of-bounds read (CVE-2026-3631) in its COMMGR 2 software that could allow unauthenticated attackers to execute remote code or leak sensitive data.

**Make sure all industrial devices are isolated from the internet and accessible from trusted networks only. Update Delta Electronics COMMGR 2 software to version 2.11.1 as soon as possible. In the meantime make sure they are isolated from the internet.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-20122
(5.4 MEDIUM)

EPSS: 0.04%

updated 2026-03-04T21:25:22.193000

1 posts

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could

AAKL@infosec.exchange at 2026-03-18T15:19:48.000Z ##

New advisory from Cisco addressing critical February 25 vulnerabilities:

"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."

CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-25554
(6.5 MEDIUM)

EPSS: 0.07%

updated 2026-02-27T19:16:07.717000

1 posts

OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c when db_mode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT without prior signature verification and incorporates the unescaped value directly into a SQL qu

_r_netsec@infosec.exchange at 2026-03-19T13:58:05.000Z ##

OpenSIPS SQL Injection to Authentication Bypass (CVE-2026-25554) aisle.com/blog/opensips-sql-in

##

CVE-2026-20128
(7.6 HIGH)

EPSS: 0.02%

updated 2026-02-25T18:31:45

1 posts

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid&nbsp;vmanage credentials on the affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system.

AAKL@infosec.exchange at 2026-03-18T15:19:48.000Z ##

New advisory from Cisco addressing critical February 25 vulnerabilities:

"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."

CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-20126
(8.8 HIGH)

EPSS: 0.04%

updated 2026-02-25T18:31:44

1 posts

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could

AAKL@infosec.exchange at 2026-03-18T15:19:48.000Z ##

New advisory from Cisco addressing critical February 25 vulnerabilities:

"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."

CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-27205
(4.3 MEDIUM)

EPSS: 0.03%

updated 2026-02-24T21:59:52.183000

1 posts

Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache the response, as it may contain information specific to a logged in user. This is handled in most cas

linux@activitypub.awakari.com at 2026-03-18T11:27:47.000Z ## Ubuntu Flask Important Info Exposure CVE-2026-27205 USN-8104-1 Flask could be made to expose sensitive information over the network.

#Ubuntu #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2025-62518
(8.1 HIGH)

EPSS: 0.02%

updated 2025-10-21T19:31:25.450000

1 posts

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position b

2 repos

https://github.com/AirineiAndrei/Tarmageddon-CVE-2025-62518-

https://github.com/edera-dev/cve-tarmageddon

EUVD_Bot@mastodon.social at 2026-03-20T08:01:06.000Z ##

🚨 EUVD-2026-13596

📊 Score: 5.1/10 (CVSS v3.1)
📦 Product: tar-rs
🏢 Vendor: alexcrichton
📅 Updated: 2026-03-20

📝 tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed ...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2025-4517
(9.4 CRITICAL)

EPSS: 0.10%

updated 2025-06-03T21:31:40

1 posts

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/librar

10 repos

https://github.com/AzureADTrent/CVE-2025-4517-POC

https://github.com/kyakei/CVE-2025-4138-poc

https://github.com/AnimePrincess420/CVE-2025-4517-PoC

https://github.com/StealthByte0/CVE-2025-4517-poc

https://github.com/kerburenthusiasm/CVE-2025-4517-PoC

https://github.com/estebanzarate/CVE-2025-4517-Python-tarfile-filter-data-Bypass-PoC

https://github.com/DesertDemons/CVE-2025-4138-4517-POC

https://github.com/0xDTC/CVE-2025-4517-tarfile-PATH_MAX-bypass

https://github.com/Rohitberiwala/PyPath-Escape-CVE-2025-4517-Exploit-Research

https://github.com/bgutowski/CVE-2025-4517-POC-Sudoers

w5hacksphere@infosec.exchange at 2026-03-18T19:34:11.000Z ##

The dizzying exercise of trying to wrap my head around the escape in CVE-2025-4517 made WingData an interesting box for me. 16 layers of symlinks just to read the root flag! labs.hackthebox.com/achievemen

##

CVE-2026-24060
(0 None)

EPSS: 0.00%

2 posts

N/A

beyondmachines1 at 2026-03-20T10:01:49.848Z ##

Multiple Flaws Reported in Automated Logic WebCTRL Premium Server

Automated Logic patched three vulnerabilities in its WebCTRL Premium Server, including a critical cleartext flaw (CVE-2026-24060), that allow attackers to intercept sensitive data and spoof commands in building automation systems.

**If you are using Automated Logic WebCTRL, make sure it's isolated from the internet and your office network. Then plan a patch. Legacy versions 7.x will not be updated so plan an upgrade.**

beyondmachines.net/event_detai

##
beyondmachines1@infosec.exchange at 2026-03-20T10:01:49.000Z ##

Multiple Flaws Reported in Automated Logic WebCTRL Premium Server

Automated Logic patched three vulnerabilities in its WebCTRL Premium Server, including a critical cleartext flaw (CVE-2026-24060), that allow attackers to intercept sensitive data and spoof commands in building automation systems.

**If you are using Automated Logic WebCTRL, make sure it's isolated from the internet and your office network. Then plan a patch. Legacy versions 7.x will not be updated so plan an upgrade.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-25192
(0 None)

EPSS: 0.00%

2 posts

N/A

beyondmachines1 at 2026-03-20T09:01:48.748Z ##

CTEK Chargeportal Vulnerabilities Enable Unauthorized Control of EV Infrastructure

CISA reports four vulnerabilities in the Chargeportal platform by CTEK, including a critical authentication bypass (CVE-2026-25192), that allow attackers to impersonate charging stations and gain unauthorized control. The product is scheduled for sunset in April 2026, leaving network isolation as the primary defense for current users.

**Since CTEK is sunsetting Chargeportal without a patch, make sure you isolate the systems as much as possible from public access and the public internet. Then planning a migration to a supported charging management platform.**

beyondmachines.net/event_detai

##
beyondmachines1@infosec.exchange at 2026-03-20T09:01:48.000Z ##

CTEK Chargeportal Vulnerabilities Enable Unauthorized Control of EV Infrastructure

CISA reports four vulnerabilities in the Chargeportal platform by CTEK, including a critical authentication bypass (CVE-2026-25192), that allow attackers to impersonate charging stations and gain unauthorized control. The product is scheduled for sunset in April 2026, leaving network isolation as the primary defense for current users.

**Since CTEK is sunsetting Chargeportal without a patch, make sure you isolate the systems as much as possible from public access and the public internet. Then planning a migration to a supported charging management platform.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-29103
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T23:23:32.000Z ##

🔴 CVE-2026-29103 - Critical (9.1)

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute ar...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T23:23:32.000Z ##

🔴 CVE-2026-29103 - Critical (9.1)

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute ar...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32754
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T22:18:10.000Z ##

🔴 CVE-2026-32754 - Critical (9.3)

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting (XSS) through FreeScout's email notification templates. Incoming email bodies are stored in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T22:18:10.000Z ##

🔴 CVE-2026-32754 - Critical (9.3)

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting (XSS) through FreeScout's email notification templates. Incoming email bodies are stored in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31962
(0 None)

EPSS: 0.08%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T21:58:22.000Z ##

🟠 CVE-2026-31962 - High (8.8)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T21:58:22.000Z ##

🟠 CVE-2026-31962 - High (8.8)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. While most alignment records store DNA sequence and quality values, the format also allows them to omit ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31965
(0 None)

EPSS: 0.04%

2 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T21:57:04.000Z ##

🟠 CVE-2026-31965 - High (8.2)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, validation of the reference id ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##
thehackerwire@mastodon.social at 2026-03-19T21:57:04.000Z ##

🟠 CVE-2026-31965 - High (8.2)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, validation of the reference id ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31964
(0 None)

EPSS: 0.04%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T21:56:54.000Z ##

🟠 CVE-2026-31964 - High (7.5)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. While most alignment records store DNA sequence an...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31970
(0 None)

EPSS: 0.04%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T21:33:55.000Z ##

🟠 CVE-2026-31970 - High (8.1)

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files. In the GZI loading function, `bgzf_index_load_hfile()`, it was possible to trigger an integer overflow, leadi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31969
(0 None)

EPSS: 0.08%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T21:33:46.000Z ##

🟠 CVE-2026-31969 - High (8.1)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_ST...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31968
(0 None)

EPSS: 0.02%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T21:12:52.000Z ##

🟠 CVE-2026-31968 - High (8.1)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the `VARINT` and `CONST` encodings, incomplete ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31967
(0 None)

EPSS: 0.01%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T21:12:42.000Z ##

🔴 CVE-2026-31967 - Critical (9.1)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, the value of the mate reference...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31971
(0 None)

EPSS: 0.15%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T21:00:57.000Z ##

🟠 CVE-2026-31971 - High (8.1)

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the `BYTE_ARRAY_LEN...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31973
(0 None)

EPSS: 0.01%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T21:00:47.000Z ##

🟠 CVE-2026-31973 - High (7.5)

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the `cram_decode_com...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-31972
(0 None)

EPSS: 0.01%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-19T21:00:38.000Z ##

🔴 CVE-2026-31972 - Critical (9.8)

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The `mpileup` command outputs DNA sequences that have been aligned against a known reference. On each output line it writes the reference position, optionally...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32238
(0 None)

EPSS: 0.00%

1 posts

N/A

1 repos

https://github.com/ChrisSub08/CVE-2026-32238_RemoteCodeExecutionOpenEMR8.0.0

thehackerwire@mastodon.social at 2026-03-19T20:18:42.000Z ##

🔴 CVE-2026-32238 - Critical (9.1)

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality that can be exploited by authenticated attacke...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33155
(0 None)

EPSS: 0.00%

1 posts

N/A

_r_netsec@infosec.exchange at 2026-03-19T17:58:05.000Z ##

we found a memory exhaustion CVE in a library downloaded 29 million times a month. AWS, DataHub, and Lightning AI are in the blast radius. periphery.security/blog/cve-20

##

CVE-2023-4567
(0 None)

EPSS: 0.00%

1 posts

N/A

linux@activitypub.awakari.com at 2026-03-18T16:33:02.000Z ## Ubuntu 22.04 libxml2 High NULL Pointer Dereference CVE-2023-4567 New expat packages are available for Slackware 15.0 and -current to fix security issues.

#Slackware #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

CVE-2026-33058
(0 None)

EPSS: 0.02%

2 posts

N/A

_r_netsec@infosec.exchange at 2026-03-19T09:28:05.000Z ##

Kanboard Authenticated SQL Injection CVE-2026-33058 Writeup 0dave.ch/posts/cve-2026-33058/

##
cydave@infosec.exchange at 2026-03-18T16:35:37.000Z ##

Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.

0dave.ch/posts/cve-2026-33058/
cve.org/CVERecord?id=CVE-2026-
github.com/kanboard/kanboard/s

#webappsec #cve #sqli

##

CVE-2026-32698
(0 None)

EPSS: 0.03%

2 posts

N/A

offseq@infosec.exchange at 2026-03-19T05:00:29.000Z ##

🚨 CRITICAL: CVE-2026-32698 in OpenProject (CVSS 9.1) enables SQL injection via admin-created custom fields, leading to potential RCE if chained with repo module bug. Patch to 16.6.9/17.0.6/17.1.3/17.2.1+ now! radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #OpenProject #InfoSec

##
thehackerwire@mastodon.social at 2026-03-18T22:47:24.000Z ##

🔴 CVE-2026-32698 - Critical (9.1)

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32703
(0 None)

EPSS: 0.04%

3 posts

N/A

offseq@infosec.exchange at 2026-03-19T03:30:29.000Z ##

🚨 OpenProject CRITICAL XSS (CVE-2026-32703): Attackers with repo push access can inject persistent scripts via filenames, impacting all users viewing affected pages. Patch to 16.6.9/17.0.6/17.1.3/17.2.1+ now! radar.offseq.com/threat/cve-20 #OffSeq #XSS #OpenProject #infosec

##
offseq@infosec.exchange at 2026-03-19T01:30:29.000Z ##

⚠️ CRITICAL: CVE-2026-32703 in OpenProject (<16.6.9, <17.0.6, <17.1.3, <17.2.1) enables persistent XSS via repo filenames. Attackers w/ push access can inject scripts — risk: session hijack, data theft. Patch now! radar.offseq.com/threat/cve-20 #OffSeq #XSS #OpenProject #Vuln

##
thehackerwire@mastodon.social at 2026-03-18T22:47:33.000Z ##

🔴 CVE-2026-32703 - Critical (9)

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with pus...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32255
(0 None)

EPSS: 0.09%

1 posts

N/A

1 repos

https://github.com/kOaDT/poc-cve-2026-32255

thehackerwire@mastodon.social at 2026-03-19T00:31:22.000Z ##

🟠 CVE-2026-32255 - High (8.6)

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28430
(0 None)

EPSS: 0.08%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-18T21:45:58.000Z ##

🔴 CVE-2026-28430 - Critical (9.8)

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the custom_dates parameter. By chaining this with a ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32321
(0 None)

EPSS: 0.03%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-18T21:35:32.000Z ##

🟠 CVE-2026-32321 - High (8.8)

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 #80 within the `actions/ajax.php` endpoint. Due to insufficient input sanitization of the `us...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27894
(0 None)

EPSS: 0.06%

1 posts

N/A

thehackerwire@mastodon.social at 2026-03-18T20:16:37.000Z ##

🟠 CVE-2026-27894 - High (8.8)

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP fi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-0667
(0 None)

EPSS: 0.00%

1 posts

N/A

beyondmachines1@infosec.exchange at 2026-03-18T09:01:48.000Z ##

Schneider Electric Patches Critical RCE Vulnerability in SCADAPack RTUs

Schneider Electric disclosed a critical vulnerability (CVE-2026-0667) in its SCADAPack RTUs and RemoteConnect software that allows unauthenticated attackers to execute arbitrary code via Modbus TCP. The flaw poses a severe risk to critical infrastructure, potentially leading to full system takeover or denial of service.

**If you have SCADAPack x70 RTUs (47x, 47xi, or 57x series) or use RemoteConnect software, make sure all devices are isolated from the internet and accessible from trusted networks only. Then immediately update RemoteConnect to R3.4.2 and firmware to 9.12.2 on your 47x/47xi devices. If you can't patch right now, block unauthorized Modbus TCP access using the built-in firewall and disable the logic debug service.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##
Visit counter For Websites