No Result
View All Result
No Result
View All Result
No Result
View All Result

Live CVE Feed

Share on FacebookShare on Twitter

Live CVE Feed

Curated from global sources like ENISA EUVD and CVE Details

  • CVE-2026-33253 - SANYO DENKI CO., LTD. SANUPS SOFTWARE Privilege Escalation Vulnerability

    CVE ID :CVE-2026-33253 Published : March 25, 2026, 5:11 a.m. | 1 hour, 1 minute ago Description :SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. Severity: 8.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-2072 - Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

    CVE ID :CVE-2026-2072 Published : March 25, 2026, 3:16 a.m. | 2 hours, 57 minutes ago Description :Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-1166 - Open Redirect Vulnerability in Hitachi Ops Center Administrator

    CVE ID :CVE-2026-1166 Published : March 25, 2026, 3:16 a.m. | 2 hours, 57 minutes ago Description :Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4766 - Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta

    CVE ID :CVE-2026-4766 Published : March 25, 2026, 2:16 a.m. | 3 hours, 57 minutes ago Description :The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4784 - code-projects Simple Laundry System Parameter checkcheckout.php sql injection

    CVE ID :CVE-2026-4784 Published : March 25, 2026, 2:16 a.m. | 3 hours, 57 minutes ago Description :A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4783 - itsourcecode College Management System Parameter add-single-student-results.php sql injection

    CVE ID :CVE-2026-4783 Published : March 25, 2026, 1:17 a.m. | 4 hours, 56 minutes ago Description :A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument course_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-28886 - Apple iOS Null Pointer Dereference Denial-of-Service

    CVE ID :CVE-2026-28886 Published : March 25, 2026, 1:17 a.m. | 4 hours, 56 minutes ago Description :A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may be able to cause a denial-of-service. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-28888 - "macOS Root Privilege Escalation Vulnerability"

    CVE ID :CVE-2026-28888 Published : March 25, 2026, 1:17 a.m. | 4 hours, 56 minutes ago Description :A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to gain root privileges. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-28890 - Apple Xcode Out-of-Bounds Read Vulnerability

    CVE ID :CVE-2026-28890 Published : March 25, 2026, 1:17 a.m. | 4 hours, 56 minutes ago Description :An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-28891 - Apple macOS Sandbox Escalation

    CVE ID :CVE-2026-28891 Published : March 25, 2026, 1:17 a.m. | 4 hours, 56 minutes ago Description :A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • Dutch Finance Ministry Investigates Data Breach in Internal Systems
    on March 25, 2026 at 6:18 am

    Dutch Finance Ministry Investigates Data Breach in Internal Systems The Ministry of Finance cyberattack in the Netherlands has once again highlighted a growing concern: even critical government systems are struggling to stay ahead of increasingly advanced threats. Whi ... Read more Published Date: Mar 25, 2026 (1 hour, 46 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21992 CVE-2025-4428 CVE-2025-4427

  • From Viewer to SYSTEM: Critical 10.0 CVSS Flaw in GeoVision ERM Allows Full Host Takeover
    on March 25, 2026 at 1:09 am

    From Viewer to SYSTEM: Critical 10.0 CVSS Flaw in GeoVision ERM Allows Full Host Takeover In a major security alert for the surveillance industry, GeoVision has disclosed a critical vulnerability in its GV-Edge Recording Manager (ERM) software. The flaw, tracked as CVE-2026-4606, carries a ... Read more Published Date: Mar 25, 2026 (6 hours, 54 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-15517 CVE-2026-4606

  • Dell Wyse Management Vulnerabilities Enables Complete System Compromise
    on March 24, 2026 at 5:52 pm

    Dell Wyse Management Vulnerabilities Enables Complete System Compromise A recent security analysis has revealed how chaining seemingly minor logic flaws in Dell Wyse Management Suite (WMS) On-Premises can result in a complete system compromise. Security researchers demons ... Read more Published Date: Mar 24, 2026 (14 hours, 11 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-22766 CVE-2026-22765

  • Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)
    on March 24, 2026 at 2:13 pm

    Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055) Citrix has fixed two vulnerabilities in NetScaler ADC and NetScaler Gateway, with the more serious flaw (CVE-2026-3055) potentially allowing attackers to extract active session tokens from the memory ... Read more Published Date: Mar 24, 2026 (17 hours, 50 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-4368 CVE-2026-3055 CVE-2025-7775 CVE-2025-6543 CVE-2025-5777 CVE-2023-4966

  • High-Severity JSON Schema Flaw Threatens MariaDB Database Stability
    on March 24, 2026 at 1:15 pm

    High-Severity JSON Schema Flaw Threatens MariaDB Database Stability MariaDB, the widely used open-source relational database and community-developed fork of MySQL, has released critical updates to address a high-severity buffer overflow vulnerability. The flaw, tracke ... Read more Published Date: Mar 24, 2026 (18 hours, 48 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-32710 CVE-2026-27212 CVE-2025-7206 CVE-2025-32432

  • CVE-2026-3055 – Citrix NetScaler Critical SAML IDP Memory Leak
    on March 24, 2026 at 12:39 pm

    CVE-2026-3055 – Citrix NetScaler Critical SAML IDP Memory Leak March 24, 2026OverviewOn March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting NetScaler ADC and NetScaler Gateway. CVE-2026-3055 is classified as an out-of-bound ... Read more Published Date: Mar 24, 2026 (19 hours, 25 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-4368 CVE-2026-3055 CVE-2026-21992 CVE-2025-7775 CVE-2025-6543 CVE-2025-5777 CVE-2023-4966

  • PolyShell Alert: Critical Magento REST API Vulnerability Faces Massive Global Exploitation in the Wild
    on March 24, 2026 at 12:31 pm

    PolyShell Alert: Critical Magento REST API Vulnerability Faces Massive Global Exploitation in the Wild A critical security flaw in the Magento REST API is currently being weaponized by cybercriminals to hijack e-commerce stores globally. Researchers at Sansec have identified a vulnerability they’ve dub ... Read more Published Date: Mar 24, 2026 (19 hours, 32 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-32710 CVE-2025-59287 CVE-2025-54236 CVE-2025-32432 CVE-2024-34102

  • DarkSword Exploit Chain That Can Hack Millions of iPhones Leaked Online
    on March 24, 2026 at 12:24 pm

    DarkSword Exploit Chain That Can Hack Millions of iPhones Leaked Online A powerful iOS exploit toolkit known as DarkSword has been publicly leaked on GitHub, dramatically lowering the barrier for cybercriminals to target hundreds of millions of iPhones and iPads still run ... Read more Published Date: Mar 24, 2026 (19 hours, 39 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-20700 CVE-2025-43529 CVE-2025-43520 CVE-2025-43510 CVE-2025-14174 CVE-2025-31277

  • Vulnerabilities from years ago still opening doors for attackers
    on March 24, 2026 at 11:58 am

    Vulnerabilities from years ago still opening doors for attackers Exploitation timelines continued to compress in enterprise environments, with newly disclosed flaws reaching active use almost immediately and older weaknesses remaining active years after disclosure. ... Read more Published Date: Mar 24, 2026 (20 hours, 5 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-59718 CVE-2025-55182

  • Exploitkit voor het hacken van kwetsbare iPhones gepubliceerd op internet
    on March 24, 2026 at 11:28 am

    Exploitkit voor het hacken van kwetsbare iPhones gepubliceerd op internet Een exploitkit voor het hacken van kwetsbare iPhones is gepubliceerd op internet, wat de kans op grootschalig misbruik vergroot. Vorige week waarschuwden Google, Lookout en iVerify voor een exploitkit ... Read more Published Date: Mar 24, 2026 (20 hours, 35 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-20700 CVE-2025-43529 CVE-2025-14174

  • Checkmarx Alert: Malicious Plugins and GitHub Actions Hit OpenVSX in New Supply Chain Attack
    on March 24, 2026 at 9:37 am

    Checkmarx Alert: Malicious Plugins and GitHub Actions Hit OpenVSX in New Supply Chain Attack Today, security firm Checkmarx has identified a recent supply chain security incident. The breach involved the publication of malicious versions of two popular security plugins to the OpenVSX registry ... Read more Published Date: Mar 24, 2026 (22 hours, 27 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21509 CVE-2025-32432

  • TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
    on March 24, 2026 at 9:29 am

    TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the T ... Read more Published Date: Mar 24, 2026 (22 hours, 35 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-33634

  • Oracle Issues Emergency Patch for Critical Flaw Enabling Remote Code Execution
    on March 24, 2026 at 9:24 am

    Oracle Issues Emergency Patch for Critical Flaw Enabling Remote Code Execution Oracle has released an emergency out‑of‑band patch to address a critical vulnerability, tracked as CVE‑2026‑21992, that affects two core enterprise products: Oracle Identity Manager and Oracle Web Ser ... Read more Published Date: Mar 24, 2026 (22 hours, 39 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21992 CVE-2026-22778 CVE-2025-52691

  • Bridge or Backdoor? Critical 9.8 RCE Flaw Threatens Helmholz Industrial Networks
    on March 24, 2026 at 9:00 am

    Bridge or Backdoor? Critical 9.8 RCE Flaw Threatens Helmholz Industrial Networks Industrial connectivity specialist Helmholz GmbH & Co. KG has issued an urgent security advisory regarding multiple vulnerabilities discovered in its myREX24V2 and myREX24V2.virtual remote access solu ... Read more Published Date: Mar 24, 2026 (23 hours, 3 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-32969 CVE-2026-32968 CVE-2026-3587 CVE-2025-32432 CVE-2020-10383

  • Chrome Security Update Fixes 8 Vulnerabilities Allowing Remote Code Execution
    on March 24, 2026 at 8:29 am

    Chrome Security Update Fixes 8 Vulnerabilities Allowing Remote Code Execution Google has rolled out an urgent security update for the Chrome browser to address eight high-severity vulnerabilities. These newly patched security flaws could allow threat actors to execute arbitrary ... Read more Published Date: Mar 24, 2026 (23 hours, 34 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-4680 CVE-2026-4679 CVE-2026-4678 CVE-2026-4677 CVE-2026-4676 CVE-2026-4675 CVE-2026-4674 CVE-2026-4673

  • Master Keys and Open Backdoors: TP-Link Issues Urgent Patch for Archer NX-Series Routers
    on March 24, 2026 at 7:09 am

    Master Keys and Open Backdoors: TP-Link Issues Urgent Patch for Archer NX-Series Routers In a major security alert, TP-Link has released a series of critical firmware updates to patch several high-severity vulnerabilities affecting its popular Archer NX-series routers. These flaws, which ... Read more Published Date: Mar 24, 2026 (1 day ago) Vulnerabilities has been mentioned in this article.

  • Attackers are handing off access in 22 seconds, Mandiant finds
    on March 24, 2026 at 6:00 am

    Attackers are handing off access in 22 seconds, Mandiant finds Exploits remain the top entry point for attackers for the sixth consecutive year, according to Mandiant’s M-Trends 2026 report, which draws on more than 500,000 hours of incident response work con ... Read more Published Date: Mar 24, 2026 (1 day, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-21992 CVE-2025-61882 CVE-2025-53779 CVE-2025-53771 CVE-2025-53770 CVE-2025-31324

  • High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF
    on March 24, 2026 at 6:00 am

    High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF A significant security flaw has been identified in Spring Cloud Config, a popular framework used to provide server and client-side support for externalized configuration in distributed systems. The vu ... Read more Published Date: Mar 24, 2026 (1 day, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-22739 CVE-2026-22737 CVE-2025-41243 CVE-2025-32432 CVE-2024-38819

  • Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
    on March 24, 2026 at 5:59 am

    Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the applicatio ... Read more Published Date: Mar 24, 2026 (1 day, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-4368 CVE-2026-3055 CVE-2025-12101 CVE-2025-7775 CVE-2025-6543 CVE-2025-5777 CVE-2023-4966

  • 8 High-Severity Risks Fixed: Chrome Desktop Update Fixes Critical Memory and Buffer Flaws
    on March 24, 2026 at 3:00 am

    8 High-Severity Risks Fixed: Chrome Desktop Update Fixes Critical Memory and Buffer Flaws In a significant move to bolster user safety, a new Chrome Stable Channel Update has been launched for desktop users. The update brings the browser version to 146.0.7680.164/165 for Windows and Mac, w ... Read more Published Date: Mar 24, 2026 (1 day, 5 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-4680 CVE-2026-4679 CVE-2026-4678 CVE-2026-4677 CVE-2026-4676 CVE-2026-4675 CVE-2026-4674 CVE-2026-4673 CVE-2026-3055 CVE-2026-2441 CVE-2025-32432

  • Memory Leaks and Mixed Sessions: NetScaler’s Critical 9.3 CVSS Flaw Demands Immediate Action
    on March 24, 2026 at 2:52 am

    Memory Leaks and Mixed Sessions: NetScaler’s Critical 9.3 CVSS Flaw Demands Immediate Action On March 23, 2026, Cloud Software Group released a high-priority security bulletin addressing two vulnerabilities in NetScaler Gateway and NetScaler ADC. The flaws, which affect all physical and virtu ... Read more Published Date: Mar 24, 2026 (1 day, 5 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-4368 CVE-2026-3055 CVE-2025-32432 CVE-2024-8535 CVE-2024-8534

  • Critical 9.1 CVSS Flaws Threaten Total Wazuh Cluster Takeover
    on March 24, 2026 at 1:09 am

    Critical 9.1 CVSS Flaws Threaten Total Wazuh Cluster Takeover Wazuh, the popular open-source security platform trusted by organizations to protect cloud and on-premises workloads, is facing a serious security challenge. Researchers have detailed two critical vul ... Read more Published Date: Mar 24, 2026 (1 day, 6 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-33186 CVE-2026-25770 CVE-2026-25769 CVE-2025-32432

  • Critical QNAP QVR Pro Vulnerability Let Remote Attackers Gain Access to the System
    on March 23, 2026 at 5:53 pm

    Critical QNAP QVR Pro Vulnerability Let Remote Attackers Gain Access to the System QNAP QVR Pro Vulnerability QNAP has released a critical security advisory addressing a severe vulnerability in its QVR Pro surveillance software. Tracked as CVE-2026-22898, this flaw allows remote, un ... Read more Published Date: Mar 23, 2026 (1 day, 14 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-22898

  • Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems
    on March 23, 2026 at 5:34 pm

    Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems Cloud Software Group has released urgent security patches for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), addressing two significant vulnerabilities that could ... Read more Published Date: Mar 23, 2026 (1 day, 14 hours ago) Vulnerabilities has been mentioned in this article.

  • Micropatches released for Desktop Windows Manager Elevation of Privilege Vulnerability (CVE-2025-55681)
    on March 23, 2026 at 3:37 pm

    Micropatches released for Desktop Windows Manager Elevation of Privilege Vulnerability (CVE-2025-55681) October 2025 Windows Updates brought a fix for CVE-2025-55681, a local privilege escalation vulnerability in Windows Desktop Manager that allowed a low-privileged attacker to execute malicious code as ... Read more Published Date: Mar 23, 2026 (1 day, 16 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-55681

severity high

  • CVE-2026-2072 - Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

    CVE ID :CVE-2026-2072 Published : March 25, 2026, 3:16 a.m. | 4 hours, 48 minutes ago Description :Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-3912 - TIBCO ActiveMatrix BusinessWorks Injection Vulnerability

    CVE ID :CVE-2026-3912 Published : March 24, 2026, 9:16 p.m. | 10 hours, 47 minutes ago Description :Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-33244 - NVIDIA APEX Deserialization Vulnerability

    CVE ID :CVE-2025-33244 Published : March 24, 2026, 9:16 p.m. | 10 hours, 47 minutes ago Description :NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure. Severity: 9.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-33511 - pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad

    CVE ID :CVE-2026-33511 Published : March 24, 2026, 8:16 p.m. | 11 hours, 47 minutes ago Description :pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the local_check decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to access localhost-restricted endpoints, enabling them to inject arbitrary downloads, write files to the storage directory, and execute JavaScript code. This issue has been patched in version 0.5.0b3.dev97. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-33419 - MinIO: LDAP login brute-force via user enumeration and missing rate limit

    CVE ID :CVE-2026-33419 Published : March 24, 2026, 8:16 p.m. | 11 hours, 47 minutes ago Description :MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Service) AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: (1) distinguishable error responses that enable username enumeration, and (2) absence of rate limiting on authentication attempts. An unauthenticated network attacker can enumerate valid LDAP usernames and then perform unlimited password guessing to obtain temporary AWS-style STS credentials, gaining access to the victim's S3 buckets and objects. This issue has been patched in RELEASE.2026-03-17T21-25-16Z. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-33329 - FileRise: Path Traversal in `resumableIdentifier` top to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle

    CVE ID :CVE-2026-33329 Published : March 24, 2026, 8:16 p.m. | 11 hours, 47 minutes ago Description :FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler (UploadModel::handleUpload()) is concatenated directly into filesystem paths without any sanitization. An authenticated user with upload permission can exploit this to write files to arbitrary directories on the server, delete arbitrary directories via the post-assembly cleanup, and probe file/directory existence. This issue has been patched in version 3.10.0. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-33331 - oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify

    CVE ID :CVE-2026-33331 Published : March 24, 2026, 8:16 p.m. | 11 hours, 47 minutes ago Description :oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting (XSS) vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specification (such as info.description), they can break out of the JSON context and execute arbitrary JavaScript when a user views the generated API documentation. This issue has been patched in version 1.13.9. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-33344 - Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG

    CVE ID :CVE-2026-33344 Published : March 24, 2026, 8:16 p.m. | 11 hours, 47 minutes ago Description :Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE, RENAME, EXECUTE - all pass the {fileName} URL path parameter to locateDAG without calling ValidateDAGName. %2F-encoded forward slashes in the {fileName} segment traverse outside the DAGs directory. This issue has been patched in version 2.3.1. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-33322 - MinIO: JWT Algorithm Confusion in OIDC Authentication

    CVE ID :CVE-2026-33322 Published : March 24, 2026, 8:16 p.m. | 11 hours, 47 minutes ago Description :MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. This issue has been patched in RELEASE.2026-03-17T21-25-16Z. Severity: 9.2 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-22559 - "UniFi Network Server Cross-Site Scripting Vulnerability"

    CVE ID :CVE-2026-22559 Published : March 24, 2026, 8:16 p.m. | 11 hours, 47 minutes ago Description :An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link.Affected Products: UniFi Network Server (Version 10.1.85 and earlier)Mitigation: Update UniFi Network Server to Version 10.1.89 or later. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

    NEWS Events

    No Result
    View All Result

    © 2025 Sumtrix – Your source for the latest in Cybersecurity, AI, and Tech News.

    Our website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.