24h | 7d | 30d

CVE-2026-3055

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.02%
KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

  • 9 Posts
  • 6 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
CyberNetsecIO @netsecio

📰 Citrix Scrambles to Patch Critical 'CitrixBleed'-like Flaw in NetScaler Products

⚠️ Critical Citrix NetScaler flaw CVE-2026-3055 (CVSS 9.3) allows data theft, drawing comparisons to CitrixBleed. Unauthenticated attackers can read sensitive memory. Patch immediately! #Citrix #NetScaler #CyberSecurity #CVE

🔗 cyber.netsecops.io/articles/cr

  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
Sam Stepanyan :verified: 🐘 @securestep9

Urges Patching Critical NetScaler Vulnerabilities CVE-2026-3055 & CVE-2026-4368 Allowing Unauthenticated Data Leaks. This looks like another incarnation of !

Defenders need to act quickly. Patch Now!
👇
thehackernews.com/2026/03/citr

  • 0
  • 1
  • 1
  • 4h ago

Bluesky

Profile picture fallback
Rapid7 @rapid7.com
🚨 On March 23, 2026, #Citrix published a security advisory for a critical vuln. affecting their NetScaler ADC & Gateway products. CVE-2026-3055, an out-of-bounds read, allows unauthenticated remote attackers to leak information from the appliance's memory. Read on: r-7.co/41nwCJ7
  • 1
  • 1
  • 0
  • 22h ago
Profile picture fallback
tamosan @tamosan.bsky.social
CVE-2026-3055。アプライアンスがSAML IdP設定であればやられるようです。CVSSv4で9.3:Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems https://cybersecuritynews.com/netscaler-adc-and-gateway-vulnerabilities/
  • 1
  • 0
  • 0
  • 16h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical NetScaler Flaw Exposes Enterprise Networks: CVE-2026-3055 Enables Memory Leak & Session Hijacking + Video Introduction: NetScaler ADC (Application Delivery Controller) and Gateway serve as the backbone for application traffic management, load balancing, and secure remote access in…
  • 1
  • 0
  • 0
  • 10h ago
Profile picture fallback
Help Net Security @helpnetsecurity.com
Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055) 📖 Read more: www.helpnetsecurity.com/2026/03/24/n... #cybersecurity #cybersecuritynews #vulnerability @rapid7.com
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Certeu~ Citrix patched critical flaws in NetScaler ADC & Gateway allowing info disclosure and session mix-up. - IOCs: CVE-2026-3055, CVE-2026-4368 - #Citrix #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 22h ago
Profile picture fallback
Modat @modat-io.bsky.social
Citrix fixed CVE-2026-3055 (9.3) & CVE-2026-4368 (7.7) in NetScaler ADC/Gateway. A memory overread may leak data and a race condition can cause session mix-up. Check - (SAML IdP / Gateway / AAA). Query: product="Citrix Gateway" OR product="Citrix ADC" OR web.title~"NetScaler Gateway" tag!=honeypot
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-21992

Overview

  • Oracle Corporation
  • Oracle Identity Manager
20 Mar 2026
Published
24 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV

Description

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. Note: Oracle Web Services Manager is installed with an Oracle Fusion Middleware Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 6 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture fallback
Jeff Hall - PCIGuru :verified: @jbhall56

CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. securityweek.com/oracle-releas

  • 0
  • 0
  • 1
  • 5h ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
Oracle社、Identity Managerにおける認証前リモートコード実行の脆弱性(CVE-2026-21992)に対する緊急修正プログラムをリリース Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) #HelpNetSecurity (Mar 23) www.helpnetsecurity.com/2026/03/23/o...
  • 0
  • 1
  • 0
  • 18h ago
Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Oracle Identity Managerに致命的な脆弱性(CVE-2026-21992) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Oracle releases urgent patch for CVE-2026-21992, a critical unauthenticated remote code execution flaw in Oracle Identity Manager 12.2.1.4.0 exploitable via HTTP. #OraclePatch #RemoteCodeExec #USA
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 Oracle alerte sur CVE-2026-21992 : RCE critique sans authentification dans Fusion Middleware 📝 ## 🔔 Contexte Oracle a publié le 19 mars… https://cyberveille.ch/posts/2026-03-24-oracle-alerte-sur-cve-2026-21992-rce-critique-sans-authentification-dans-fusion-middleware/ #CVE_2026_21992 #Cyberveille
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-43520

Overview

  • Apple
  • macOS
12 Dec 2025
Published
23 Mar 2026
Updated
CVSS
Pending
EPSS
0.48%
KEV

Description

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.

Statistics

  • 9 Posts
  • 13 Interactions
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Francesco Marini @fmarini

There has been a lot of sloppy reporting regarding DarkSword, with basically every news outlet saying that iOS 18 is vulnerable. It’s not, if you have the latest 18.7.3.

Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.

TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).

cloud.google.com/blog/topics/t

#iOS #DarkSword

  • 4
  • 2
  • 0
  • 9h ago
Profile picture fallback
JJTech @jjtech

Unfortunately it looks like CVE-2025-43520 was patched in iOS 26.1b4, the exact build I happened to leave my test device on...

I might play around with it on my Mac or in one of the new iOS pccvre VMs though.

  • 1
  • 1
  • 0
  • 4h ago
Profile picture fallback
Francesco Marini @fmarini

@peternlewis sloppy reporting, as usual.

Google has a more in depth analysis, with a lot more information on the specific versions of iOS that are affected.

TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).

cloud.google.com/blog/topics/t

  • 0
  • 5
  • 6
  • 9h ago

CVE-2025-32975

Overview

  • Pending
24 Jun 2025
Published
24 Mar 2026
Updated
CVSS
Pending
EPSS
0.17%
KEV

Description

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture fallback
HackerWorkspace @hackerworkspace

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

thehackernews.com/2026/03/hack

Short summary: hackerworkspace.com/article/ha

  • 1
  • 1
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Eyal Estrin ☁️ @eyalestrin.bsky.social
CVE-2025-32975: Arctic Wolf Observes Exploitation of Quest KACE Systems Management Appliance #patchmanagement
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-20131

Overview

  • Cisco
  • Cisco Secure Firewall Management Center (FMC)
04 Mar 2026
Published
20 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.65%
KEV

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

  • 2 Posts
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Steele Fortress @steelefortress

Critical patch alert: The US government has ordered a maximum severity patch for a Cisco vulnerability (CVE-2026-20131) that's being exploited in ransomware campaigns.

Read more: steelefortress.com/86cy1e

  • 0
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Zscaler~ Unauthenticated RCE vulnerability (CVSS 10) in Cisco Secure FMC actively exploited in the wild, granting root access. - IOCs: CVE-2026-20131 - #CVE202620131 #Cisco #RCE #ThreatIntel
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-4368

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
HIGH (7.7)
EPSS
0.02%
KEV

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Statistics

  • 4 Posts
  • 2 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Sam Stepanyan :verified: 🐘 @securestep9

Urges Patching Critical NetScaler Vulnerabilities CVE-2026-3055 & CVE-2026-4368 Allowing Unauthenticated Data Leaks. This looks like another incarnation of !

Defenders need to act quickly. Patch Now!
👇
thehackernews.com/2026/03/citr

  • 0
  • 1
  • 1
  • 4h ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Certeu~ Citrix patched critical flaws in NetScaler ADC & Gateway allowing info disclosure and session mix-up. - IOCs: CVE-2026-3055, CVE-2026-4368 - #Citrix #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 22h ago
Profile picture fallback
Modat @modat-io.bsky.social
Citrix fixed CVE-2026-3055 (9.3) & CVE-2026-4368 (7.7) in NetScaler ADC/Gateway. A memory overread may leak data and a race condition can cause session mix-up. Check - (SAML IdP / Gateway / AAA). Query: product="Citrix Gateway" OR product="Citrix ADC" OR web.title~"NetScaler Gateway" tag!=honeypot
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-14819

Overview

  • curl
  • curl
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Deskmodder @Deskmodder

Notepad++ 8.9.3 mit einigen Korrekturen und einer berbesserten SIcherheit für cURL (CVE-2025-14819)

deskmodder.de/blog/2026/03/24/

  • 2
  • 0
  • 1
  • 7h ago

CVE-2026-3909

Overview

  • Google
  • Chrome
12 Mar 2026
Published
14 Mar 2026
Updated
CVSS
Pending
EPSS
4.44%
KEV

Description

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Global cybersecurity alerts include active exploitation of Chrome Zero-Days (CVE-2026-3909/3910) and a Quest KACE SMA flaw for credential harvesting. Advanced threats like Android haptic keyloggers and deepfake identity fraud are emerging. Geopolitically, Persian Gulf tensions remain high, while the US announced a new cyber strategy to defend companies from foreign adversaries. In tech, NVIDIA Nemotron 3 Super is now on Amazon Bedrock.

#Cybersecurity #GeopoliticalNews #TechBrief

  • 2
  • 0
  • 0
  • 17h ago

CVE-2026-27210

Overview

  • mpetroff
  • pannellum
21 Feb 2026
Published
25 Feb 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.03%
KEV

Description

Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to be set, including HTML event handler attributes, allowing for potential XSS attacks. This affects websites hosting the standalone viewer HTML file and any other use of untrusted JSON config files (bypassing the protections of the escapeHTML parameter). As certain events fire without any additional user interaction, visiting a standalone viewer URL that points to a malicious config file — without additional user interaction — is sufficient to trigger the vulnerability and execute arbitrary JavaScript code, which can, for example, replace the contents of the page with arbitrary content and make it appear to be hosted by the website hosting the standalone viewer HTML file. This issue has been fixed in version 2.5.7. To workaround, setting the Content-Security-Policy header to script-src-attr 'none' will block execution of inline event handlers, mitigating this vulnerability. Don't host pannellum.htm on a domain that shares cookies with user authentication to mitigate XSS risk.

Statistics

  • 1 Post
  • 4 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Infoblox Threat Intel @InfobloxThreatIntel

Dios mio! While researching a particular type of Colombian folk music, we stumbled across a .edu domain selling... accordions? Our first thought was potentially domain hijacking, but it appears to be more likely an exploitation of CVE-2026-27210 (TLDR; cross-site scripting). While the vulnerability has been patched in the plugin itself, not all pages have updated their plugins, and search engines have already indexed the poisoned pages! Pivoting led to 50+ additional domains found spread across three risky TLDs: .sbs, .pics, and .shop. The domains on .sbs and .pics appear to be config servers to exploit the vulnerability; the domains on .shop are the landing pages where victims can be scammed.

IOCs:
000o[.]sbs,0pen[.]sbs,123buys[.]shop,123me[.]shop,1bg[.]pics,1ki[.]pics,1mage[.]sbs,1ql[.]pics,1ty[.]pics,1vi[.]pics,1wr[.]pics,2ty[.]pics,569oagri[.]shop,66buys[.]shop,6ip[.]pics,6ym[.]pics,7rt[.]pics,8pi[.]pics,99buys[.]shop,99i[.]pics,9gwe[.]shop,a25n[.]shop,bk2[.]pics,bk59t[.]shop,buysok[.]shop,c68k[.]shop,cc1[.]pics,doo[.]pics,ep7[.]pics,estore-1[.]com,g9gvv[.]sbs,gaer896[.]shop,gm5[.]pics,gosok[.]shop,gt3[.]pics,h66p[.]shop,hh6[.]pics,iilvw[.]sbs,im9[.]pics,img1[.]sbs,in6[.]pics,jj3[.]pics,kk9[.]pics,lilil[.]sbs,llvvw[.]sbs,m66p6[.]shop,mebuys[.]shop,mg6[.]pics,mh8f6k[.]shop,mkk[.]pics,ms1[.]pics,nn6[.]pics,onsgs[.]com,p6[.]pics,p888p[.]shop,pan1[.]top,pic1[.]sbs,pic2[.]sbs,pt11[.]sbs,py3y[.]com,qq1[.]pics,rey89p[.]shop,shop56[.]shop,t88t8[.]shop,tp1[.]pics,tp9[.]pics,trues[.]sbs,up9[.]pics,upimg[.]sbs,uu2[.]pics,vt5[.]pics,vteyu[.]shop,vvf1[.]sbs,vvp1[.]sbs,w2w[.]pics,w88p[.]shop,wp59q[.]shop,wvlll[.]sbs,wvv1[.]sbs,wvvvv[.]sbs,x2p[.]pics,xyaer548[.]shop,yi1[.]pics

  • 1
  • 3
  • 0
  • 3h ago

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
65.08%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture fallback
David Bushell 🪿 @db

"These two environments only communicate through serialized messages, which allows safe execution of AI-generated code and makes the sandbox a good fit for inline UI produced by chat agents."

arrow-js.com/#sandbox

hmm yes serialization that's bulletproof *cough* CVE-2025-55182 *cough*

(at least they're not pretending to review code anymore)

  • 0
  • 2
  • 0
  • 11h ago
Showing 1 to 10 of 48 CVEs