No Result
View All Result
No Result
View All Result
No Result
View All Result

Live CVE Feed

Share on FacebookShare on Twitter

Live CVE Feed

Curated from global sources like ENISA EUVD and CVE Details

  • CVE-2026-4579 - code-projects Simple Laundry System Parameters viewdetail.php sql injection

    CVE ID :CVE-2026-4579 Published : March 23, 2026, 7:36 a.m. | 24 minutes ago Description :A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4578 - code-projects Exam Form Submission update_s3.php cross site scripting

    CVE ID :CVE-2026-4578 Published : March 23, 2026, 7:36 a.m. | 24 minutes ago Description :A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_s3.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-23554 - Use after free of paging structures in EPT

    CVE ID :CVE-2026-23554 Published : March 23, 2026, 7:16 a.m. | 44 minutes ago Description :The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush.Freeing of paging structures however is not deferred until the flushing is done, and can result in freed pages transiently being present in cached state. Such stale entries can point to memory ranges not owned by the guest, thus allowing access to unintended memory regions. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-23555 - Xenstored DoS by unprivileged domain

    CVE ID :CVE-2026-23555 Published : March 23, 2026, 7:16 a.m. | 44 minutes ago Description :Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path.Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path "/local/domain/" will result in it no longer being serviced by xenstored, other guests (including dom0) will still be serviced, but xenstored will use up all cpu time it can get. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4577 - code-projects Exam Form Submission update_s4.php cross site scripting

    CVE ID :CVE-2026-4577 Published : March 23, 2026, 7:16 a.m. | 44 minutes ago Description :A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/update_s4.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-13997 - King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure

    CVE ID :CVE-2025-13997 Published : March 23, 2026, 7:16 a.m. | 44 minutes ago Description :The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via render_full_form function. This makes it possible for unauthenticated attackers to extract site's Mailchimp, Facebook and Google API keys and secrets. This vulnerability requires the Premium license to be installed Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-6229 - Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget`

    CVE ID :CVE-2025-6229 Published : March 23, 2026, 7:16 a.m. | 44 minutes ago Description :The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Fancy Text Widget` And `Countdown Widget` DOM attributes in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4602 - Apache jsrsasign Integer Overflow

    CVE ID :CVE-2026-4602 Published : March 23, 2026, 6:16 a.m. | 1 hour, 44 minutes ago Description :Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent. Severity: 7.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4603 - Jsrsasign RSA Public-Key Division by Zero Vulnerability

    CVE ID :CVE-2026-4603 Published : March 23, 2026, 6:16 a.m. | 1 hour, 44 minutes ago Description :Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations (e.g., verify and encryption) to collapse to deterministic zero outputs and hide “invalid key” errors by supplying a JWK whose modulus decodes to zero. Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4599 - Apache jsrsasign Incomplete Comparison Vulnerability

    CVE ID :CVE-2026-4599 Published : March 23, 2026, 6:16 a.m. | 1 hour, 44 minutes ago Description :Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • The Weekly Breach: 7 Maximum CVSS Flaws and the DarkSword Exploit Unveiled
    on March 23, 2026 at 1:55 am

    The Weekly Breach: 7 Maximum CVSS Flaws and the DarkSword Exploit Unveiled The past seven days have been an exceptionally busy period for cybersecurity defenders. Between March 16 and March 23, a staggering 1,348 new vulnerabilities were identified and logged. While the shee ... Read more Published Date: Mar 23, 2026 (5 hours, 5 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-4565 CVE-2026-2580 CVE-2026-4558 CVE-2026-32169 CVE-2026-30836 CVE-2026-22557 CVE-2026-0866 CVE-2026-20131 CVE-2026-2256 CVE-2026-27699 CVE-2025-62878 CVE-2025-30411 CVE-2026-1358 CVE-2025-26385 CVE-2026-1453 CVE-2026-23830 CVE-2025-14988 CVE-2026-0994 CVE-2026-0695 CVE-2025-61937 CVE-2025-37186 CVE-2025-52691 CVE-2025-37164 CVE-2025-43520 CVE-2025-43510 CVE-2025-59396 CVE-2025-58384 CVE-2025-31277 CVE-2025-54068 CVE-2025-32432 CVE-2025-1316 CVE-1999-0073

  • Unmasking DarkSword: GTIG Exposes Full-Chain iOS Exploit Used by Global Spies
    on March 22, 2026 at 3:04 pm

    Unmasking DarkSword: GTIG Exposes Full-Chain iOS Exploit Used by Global Spies Timeline of DarkSword observations and vulnerability patches | Image: GTIG In a complete technical disclosure, the Google Threat Intelligence Group (GTIG) has revealed the existence of a highly s ... Read more Published Date: Mar 22, 2026 (15 hours, 55 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-20643 CVE-2026-20700 CVE-2025-43529 CVE-2025-43520 CVE-2025-43510 CVE-2025-14174 CVE-2025-31277 CVE-2025-32432

  • Disconnect Immediately: Rockwell Automation Issues Urgent Warning for Industrial Controllers
    on March 22, 2026 at 2:44 pm

    Disconnect Immediately: Rockwell Automation Issues Urgent Warning for Industrial Controllers In a proactive move aimed at securing critical infrastructure, Rockwell Automation has issued a high-priority “Important Notice” to its global customer base. The advisory comes as the company identifi ... Read more Published Date: Mar 22, 2026 (16 hours, 16 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-0866 CVE-2025-13824 CVE-2025-13823 CVE-2025-7693 CVE-2025-7353 CVE-2025-32432 CVE-2025-0477 CVE-2025-24480 CVE-2025-24479 CVE-2024-7567 CVE-2023-48693 CVE-2023-48692 CVE-2023-48691 CVE-2020-25184 CVE-2020-25182 CVE-2020-25180 CVE-2020-25178 CVE-2020-25176 CVE-2021-32926 CVE-2021-22681

  • Oracle Patches CVE-2026-21992 , Unauthenticated RCE
    on March 22, 2026 at 1:02 pm

    Oracle Patches CVE-2026-21992 , Unauthenticated RCE OverviewOracle has released security updates to address a critical vulnerability impacting Oracle Identity Manager and Oracle Web Services Manager that could be exploited to achieve remote code execut ... Read more Published Date: Mar 22, 2026 (17 hours, 58 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21992 CVE-2025-61757 CVE-2017-10151

  • Below the EDR: How Unsecured IP-KVM Switches Grant Total System Takeover
    on March 22, 2026 at 12:19 pm

    Below the EDR: How Unsecured IP-KVM Switches Grant Total System Takeover Image credit: https://jetkvm.com/products/jetkvm Security researchers Reynaldo Vasquez Garcia and Paul Asadoorian from Eclypsium have issued a warning regarding a category of hardware often overlooked ... Read more Published Date: Mar 22, 2026 (18 hours, 41 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-33017 CVE-2026-32298 CVE-2026-32297 CVE-2026-32296 CVE-2026-32295 CVE-2026-32294 CVE-2026-32293 CVE-2026-32292 CVE-2026-32291 CVE-2026-32290 CVE-2025-32432

  • Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw
    on March 22, 2026 at 9:00 am

    Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What smart factories keep getting wrong about cybersecurity In this Help Net Security interview, Packs ... Read more Published Date: Mar 22, 2026 (21 hours, 59 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-3564 CVE-2026-20131 CVE-2026-20963

  • Active Exploits: CISA Adds Critical Craft CMS and Apple ‘DarkSword’ Flaws to KEV
    on March 21, 2026 at 5:57 pm

    Active Exploits: CISA Adds Critical Craft CMS and Apple ‘DarkSword’ Flaws to KEV The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding five high-impact flaws that are currently being weaponized by threat ... Read more Published Date: Mar 21, 2026 (1 day, 13 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-43520 CVE-2025-43510 CVE-2025-31277 CVE-2025-54068 CVE-2025-32432 CVE-2024-37079

  • Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
    on March 21, 2026 at 10:24 am

    Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability ... Read more Published Date: Mar 21, 2026 (1 day, 20 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-21992 CVE-2025-61757

  • CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
    on March 21, 2026 at 8:25 am

    CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catal ... Read more Published Date: Mar 21, 2026 (1 day, 22 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-43520 CVE-2025-43510 CVE-2025-31277 CVE-2025-54068 CVE-2025-32432

  • Critical 9.3 CVSS Flaw in QNAP QVR Pro Exposes Surveillance Systems
    on March 21, 2026 at 3:05 am

    Critical 9.3 CVSS Flaw in QNAP QVR Pro Exposes Surveillance Systems QNAP Systems, Inc. has issued a critical security advisory for users of its QVR Pro surveillance solution. A high-severity vulnerability, tracked as CVE-2026-22898 with a CVSS score of 9.3, could allo ... Read more Published Date: Mar 21, 2026 (2 days, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-22898 CVE-2026-21992 CVE-2025-32975 CVE-2022-27595 CVE-2024-48861 CVE-2024-48860

  • Critical 9.8 CVSS Flaw Exposes Oracle Identity Manager to Total Takeover
    on March 21, 2026 at 2:56 am

    Critical 9.8 CVSS Flaw Exposes Oracle Identity Manager to Total Takeover Oracle has issued an urgent security alert following the discovery of a “Critical” rated vulnerability impacting its Fusion Middleware ecosystem. The flaw, tracked as CVE-2026-21992, carries a CVSS sc ... Read more Published Date: Mar 21, 2026 (2 days, 4 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-22898 CVE-2026-21992 CVE-2026-21994 CVE-2025-61884 CVE-2025-32975 CVE-2024-21182

  • Chrome Security Update Fixes 26 Vulnerabilities Allowing Remote Code Execution
    on March 21, 2026 at 2:15 am

    Chrome Security Update Fixes 26 Vulnerabilities Allowing Remote Code Execution Google has released a substantial security update for its Chrome web browser, addressing 26 distinct vulnerabilities that could allow unauthenticated attackers to execute malicious code remotely. The ... Read more Published Date: Mar 21, 2026 (2 days, 4 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-4464 CVE-2026-4463 CVE-2026-4462 CVE-2026-4461 CVE-2026-4460 CVE-2026-4459 CVE-2026-4458 CVE-2026-4457 CVE-2026-4456 CVE-2026-4455 CVE-2026-4454 CVE-2026-4453 CVE-2026-4452 CVE-2026-4451 CVE-2026-4450 CVE-2026-4449 CVE-2026-4448 CVE-2026-4447 CVE-2026-4446 CVE-2026-4445 CVE-2026-4444 CVE-2026-4443 CVE-2026-4442 CVE-2026-4441 CVE-2026-4440 CVE-2026-4439

  • Oracle Issues Urgent Security Update for Critical RCE Flaw in Identity Manager and Web Services Manager
    on March 21, 2026 at 1:56 am

    Oracle Issues Urgent Security Update for Critical RCE Flaw in Identity Manager and Web Services Manager Oracle has issued an out-of-band Security Alert addressing a critical remote code execution (RCE) vulnerability, CVE-2026-21992, affecting two widely deployed Fusion Middleware components, Oracle Iden ... Read more Published Date: Mar 21, 2026 (2 days, 5 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-21992

  • CISA adds Five Vulnerabilities to KEV Catalog- March 20, 2026
    on March 21, 2026 at 1:39 am

    CISA adds Five Vulnerabilities to KEV Catalog- March 20, 2026 OverviewCISA added five vulnerabilities to its Known Exploited Vulnerabilities catalog on March 20, 2026, with a remediation due date of April 3, 2026 for all entries. The batch spans three Apple ecos ... Read more Published Date: Mar 21, 2026 (2 days, 5 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20131 CVE-2025-43520 CVE-2025-43510 CVE-2025-31277 CVE-2025-54068 CVE-2025-32432 CVE-2024-58136

  • PoC Exploit Publicly Disclosed: Apple Deploys First-Ever Background Security Patch for Cross-Origin Flaw
    on March 21, 2026 at 1:00 am

    PoC Exploit Publicly Disclosed: Apple Deploys First-Ever Background Security Patch for Cross-Origin Flaw Apple has broken new ground in its defensive strategy, utilizing a “Background Security Improvements” feature to deliver an out-of-band fix for a significant cross-origin vulnerability. The flaw, trac ... Read more Published Date: Mar 21, 2026 (2 days, 5 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-22731 CVE-2026-20643 CVE-2026-24291 CVE-2025-59284 CVE-2025-32975 CVE-2025-24118 CVE-2024-44131

  • Oracle komt met noodpatch voor kritiek lek in Identity en Web Services Manager
    on March 20, 2026 at 4:11 pm

    Oracle komt met noodpatch voor kritiek lek in Identity en Web Services Manager Oracle heeft buiten de vaste patchcyclus om een noodpatch uitgebracht voor een kritieke kwetsbaarheid in Oracle Identity Manager en Oracle Web Services Manager. Het beveiligingslek (CVE-2026-21992) m ... Read more Published Date: Mar 20, 2026 (2 days, 14 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-21992

  • Microsoft dicht weer kritieke Copilot-lekken die datadiefstal mogelijk maakten
    on March 20, 2026 at 3:19 pm

    Microsoft dicht weer kritieke Copilot-lekken die datadiefstal mogelijk maakten Microsoft heeft wederom verschillende kritieke kwetsbaarheden in chatbot Copilot gepatcht waardoor aanvallers data van gebruikers hadden kunnen stelen. "Information disclosure" beveiligingslekken word ... Read more Published Date: Mar 20, 2026 (2 days, 15 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-26136 CVE-2026-24299

  • Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
    on March 20, 2026 at 3:15 pm

    Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabili ... Read more Published Date: Mar 20, 2026 (2 days, 15 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-33017 CVE-2025-3248

  • Two High-Severity Spring Boot Flaws Expose Actuator Endpoints
    on March 20, 2026 at 2:00 pm

    Two High-Severity Spring Boot Flaws Expose Actuator Endpoints Security researchers have issued a double warning for developers using the Spring Boot framework, identifying two high-severity vulnerabilities that could allow attackers to bypass authentication. The ... Read more Published Date: Mar 20, 2026 (2 days, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-22733 CVE-2026-22731 CVE-2025-32975 CVE-2022-31692

  • Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)
    on March 20, 2026 at 1:21 pm

    Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock ransom ... Read more Published Date: Mar 20, 2026 (2 days, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20131 CVE-2026-20127 CVE-2026-20045 CVE-2026-20963 CVE-2025-20393

  • 32 jaar oud Telnet-lek kan aanvaller volledige controle over servers geven
    on March 20, 2026 at 1:13 pm

    32 jaar oud Telnet-lek kan aanvaller volledige controle over servers geven Onderzoekers hebben een 32 jaar oude kwetsbaarheid in Telnet ontdekt waardoor aanvallers in het ergste geval volledige controle over de server kunnen krijgen. Een beveiligingsupdate is nog niet beschi ... Read more Published Date: Mar 20, 2026 (2 days, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-32746

  • The Good, the Bad and the Ugly in Cybersecurity – Week 12
    on March 20, 2026 at 1:00 pm

    The Good, the Bad and the Ugly in Cybersecurity – Week 12 The Good | Operation Synergia III Disrupts Malicious Networks & the EU Sanctions State-Sponsored Attackers Operation Synergia III, an Interpol-led crackdown spanning July 2025 to January 2026, has dis ... Read more Published Date: Mar 20, 2026 (2 days, 18 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20131 CVE-2026-20700 CVE-2025-43529 CVE-2025-43520 CVE-2025-43510 CVE-2025-14174 CVE-2025-31277

  • PoC Exploit Publicly Disclosed: Windows ‘libarchive’ Flaw Leaks NetNTLMv2 Hashes
    on March 20, 2026 at 12:30 pm

    PoC Exploit Publicly Disclosed: Windows ‘libarchive’ Flaw Leaks NetNTLMv2 Hashes Security researchers Len Sadowski and Oğuz Bektaş have publicly pulled back the curtain on a vulnerability within Windows’ implementation of libarchive. The flaw, tracked as CVE-2025-59284, demonstrat ... Read more Published Date: Mar 20, 2026 (2 days, 18 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-4342 CVE-2026-24291 CVE-2026-21643 CVE-2025-59284 CVE-2025-32975 CVE-2025-29969

  • High-Severity ingress-nginx Flaw Exposes Kubernetes Secrets
    on March 20, 2026 at 12:05 pm

    High-Severity ingress-nginx Flaw Exposes Kubernetes Secrets A high-severity security flaw has been identified in ingress-nginx, a widely used Ingress controller for Kubernetes clusters. The vulnerability, tracked as CVE-2026-4342 with a CVSS score of 8.8, coul ... Read more Published Date: Mar 20, 2026 (2 days, 18 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-4342 CVE-2026-3564 CVE-2025-32975 CVE-2024-9042

  • CISA Warns of Cisco Secure Firewall Management Center 0-Day Exploited in Ransomware Attacks
    on March 20, 2026 at 11:42 am

    CISA Warns of Cisco Secure Firewall Management Center 0-Day Exploited in Ransomware Attacks CISA Warns Cisco Secure Firewall Management Center 0-Day Exploit An urgent warning highlights a critical zero-day in Cisco products, now added to the CISA Known Exploited Vulnerabilities Catalog after ... Read more Published Date: Mar 20, 2026 (2 days, 19 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20131

severity high

  • CVE-2026-3587 - Hidden CLI Function Allows Root Access

    CVE ID :CVE-2026-3587 Published : March 23, 2026, 8:16 a.m. | 33 minutes ago Description :An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, top to full compromise of the device. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4599 - Apache jsrsasign Incomplete Comparison Vulnerability

    CVE ID :CVE-2026-4599 Published : March 23, 2026, 6:16 a.m. | 2 hours, 33 minutes ago Description :Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4600 - Apache Commons Crypto DSA Signature Forgery

    CVE ID :CVE-2026-4600 Published : March 23, 2026, 6:16 a.m. | 2 hours, 33 minutes ago Description :Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4601 - Adobe jsrsasign Missing Cryptographic Step Vulnerability

    CVE ID :CVE-2026-4601 Published : March 23, 2026, 6:16 a.m. | 2 hours, 33 minutes ago Description :Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without retrying, and then solves for x from the resulting signature. Severity: 9.4 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4566 - Belkin F9K1122 formWISP5G stack-based overflow

    CVE ID :CVE-2026-4566 Published : March 23, 2026, 3:16 a.m. | 5 hours, 33 minutes ago Description :A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 9.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4567 - Tenda A15 UploadCfg stack-based overflow

    CVE ID :CVE-2026-4567 Published : March 23, 2026, 3:16 a.m. | 5 hours, 33 minutes ago Description :A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Severity: 10.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4606 - GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege

    CVE ID :CVE-2026-4606 Published : March 23, 2026, 2:16 a.m. | 6 hours, 33 minutes ago Description :GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user. Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories. Any ERM function invoking Windows file open/save dialogs exposes the same risk. This vulnerability allows local privilege escalation and may result in full system compromise. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4565 - Tenda AC21 SetNetControlList formSetQosBand buffer overflow

    CVE ID :CVE-2026-4565 Published : March 23, 2026, 1:16 a.m. | 7 hours, 33 minutes ago Description :A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. Severity: 9.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-4558 - Linksys MR9600 SmartConnect.lua smartConnectConfigure os command injection

    CVE ID :CVE-2026-4558 Published : March 22, 2026, 6:16 p.m. | 14 hours, 33 minutes ago Description :A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 9.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2026-33295 - AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

    CVE ID :CVE-2026-33295 Published : March 22, 2026, 5:17 p.m. | 15 hours, 32 minutes ago Description :WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The `clean_title` field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to inject arbitrary JavaScript that executes in the browser of any user who visits the affected download page. Version 26.0 fixes the issue. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

    NEWS Events

    No Result
    View All Result

    © 2025 Sumtrix – Your source for the latest in Cybersecurity, AI, and Tech News.

    Our website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.