24h | 7d | 30d

CVE-2026-27944

Overview

  • 0xJacky
  • nginx-ui
05 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%
KEV

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Joseph Williams @rhudaur

Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
thecyberexpress.com/cve-2026-2

Posted into Cybersecurity Today @cybersecurity-today-rhudaur

  • 1
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
Critical Nginx UI flaw CVE-2026-27944 exposes server backups https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
Kevin Poireault @leekthehack.bsky.social
VulnWatch Monday: CVE-2026-27944 🔓 A critical vulnerability in Nginx UI allows unauthenticated attackers to download and decrypt full system backups. It affects all versions before 2.3.2.
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-20841

Overview

  • Microsoft
  • Windows Notepad
10 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.10%
KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 1 Post
  • 22 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Rafa Laguna - Game Developer @rafalagoon

Vulnerabilidad grave en la fantástica nueva versión de Bloc de notas:

El CVE:
👉 cve.org/CVERecord?id=CVE-2026-

La explicación:

Si abres un archivo de texto MarkDown (MD) que tenga un enlace... dicho enlace puede EJECUTAR CUALQUIER COSA en la máquina.

La URL que hay adentro del enlace, al cual puedes hacer click, la ejecuta Bloc de notas a pelo utilizando "ShellExecuteExW":

👉 learn.microsoft.com/en-us/wind

#ciberseguridad #cybersecurity #windows #notepad #blocdenotas

  • 15
  • 7
  • 0
  • 3h ago

CVE-2026-3768

Overview

  • Tenda
  • F453
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚩 CVE-2026-3768 (HIGH, CVSS 8.7): Stack buffer overflow in Tenda F453 v1.0.0.3 — remote, unauthenticated exploit possible. Public exploit code released. Patch ASAP or restrict remote access! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 18h ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-3768 - A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/W... https://www.cyberhub.blog/cves/CVE-2026-3768
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-28432

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 4 Posts
  • 4 Interactions
Last activity: 4 hours ago

Fediverse

Profile picture fallback
大松鼠 @snullp

@cdn0x12 感觉CVE-2026-28432这个问题长毛象前年(?)似乎也有类似的,后来修好了。

  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
buherator @buherator
Misskey/Sharkey "extremely severe" vulnerabilities

https://www.openwall.com/lists/oss-security/2026/03/09/7

#Fediverse #ActivityPub #misskey #sharkey

CVE-2026-28431
CVE-2026-28432
CVE-2026-28433
  • 2
  • 0
  • 0
  • 4h ago
Profile picture fallback
KIP/JΛYCHØU ⁂ :neocat_cofe: @admin

Moe.Pub更新完成!

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1:github.com/misskey-dev/misskey
非官方公告:transfem.social/notes/ajkq30j9
Docker更新:misskey-hub.net/cn/docs/for-ad
更新日志:github.com/misskey-dev/misskey
实例:moe.pub / mk.moe.pub
开放注册:True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

  • 0
  • 2
  • 0
  • 16h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
Misskey/Sharkey "extremely severe" vulnerabilities www.openwall.com -> #Fediverse #ActivityPub #misskey #sharkey CVE-2026-28431 CVE-2026-28432 CVE-2026-28433 Original->
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-3804

Overview

  • Tenda
  • i3
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ HIGH severity: CVE-2026-3804 in Tenda i3 v1.0.0.6(2204) enables remote stack-based buffer overflow via /goform/WifiMacFilterSet. Exploit is public — prioritize mitigation or isolation. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 15h ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-3804 - A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMa... https://www.cyberhub.blog/cves/CVE-2026-3804
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-3769

Overview

  • Tenda
  • F453
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 2 Posts
Last activity: Last hour

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚩 CVE-2026-3769: HIGH severity vuln in Tenda F453 (v1.0.0.3) — stack-based buffer overflow in /goform/WrlclientSet. Public exploit released! Limit remote access, monitor traffic, apply mitigations. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-3769 - A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipula... https://www.cyberhub.blog/cves/CVE-2026-3769
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-3630

Overview

  • DeltaWW
  • COMMGR2
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV

Description

Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.

Statistics

  • 3 Posts
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔴 CVE-2026-3630: CRITICAL stack-based buffer overflow in DeltaWW COMMGR2 (ver 0) enables unauthenticated RCE. No patch available. Segment networks, enable IDS/IPS, & monitor for exploitation. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 1
  • 17h ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2026-3630 – CRITICAL (9.8) Stack-Based Buffer Overflow in Delta Electronics COMMGR2. A memory handling flaw could allow attackers to overwrite stack memory and potentially execute arbitrary code. Full report: basefortify.eu/cve_reports/... #CVE #IndustrialSecurity #CyberSecurity #InfoSec
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-20127

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
2.60%
KEV

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture fallback
TechNadu @technadu

Critical Cisco Catalyst SD-WAN vulnerability (CVE-2026-20127, CVSS 10.0) is now under widespread exploitation.

Attackers are deploying webshells after the flaw moved from targeted zero-day use to global opportunistic campaigns.

technadu.com/cisco-catalyst-sd

Have your systems been patched?

  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Anonymous :verified: @youranonnewsirc

Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):

Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.

#Cybersecurity #Geopolitics #TechNews

  • 1
  • 0
  • 0
  • 1h ago

CVE-2026-2796

Overview

  • Mozilla
  • Firefox
24 Feb 2026
Published
06 Mar 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture fallback
buherator @buherator
It's a bit hard to find in the announcement publications, but this is the technical analysis of one of the #Firefox bugs Anthropic's #LLM agents found (CVE-2026-2796):

https://red.anthropic.com/2026/exploit/
  • 3
  • 0
  • 0
  • 5h ago

CVE-2026-21533

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
2.74%
KEV

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Prof. Dr. Dennis-Kenji Kipker @kenji

Wie lukrativ der Handel mit Exploits ist, wird anhand einer aktuellen #Sicherheitslücke für das #Microsoft Betriebssystem #Windows deutlich: So wird im Darknet offenbar ein #Exploit für rund 220.000 US-Dollar angeboten.

Laut den verfügbaren Berichten geht es um eine #Schwachstelle in den Remote Desktop Services, die Windows 10, Windows 11 und mehrere Server-Versionen betreffen soll und mit welcher der Angreifer seine Systemrechte unbefugt ausweiten kann:

connect.de/news/windows-sicher #cybersecurity

  • 2
  • 1
  • 0
  • 8h ago
Showing 1 to 10 of 63 CVEs