24h | 7d | 30d

CVE-2026-21992

Overview

  • Oracle Corporation
  • Oracle Identity Manager
20 Mar 2026
Published
20 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.02%
KEV

Description

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. Note: Oracle Web Services Manager is installed with an Oracle Fusion Middleware Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 7 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
TechNadu @technadu

Oracle alert 🚨
CVE-2026-21992 β†’ unauth RCE (9.8)
Identity systems = high-value target
Emergency patch released

Source: securityweek.com/oracle-releas

Assume breach? πŸ‘‡
Follow @technadu

  • 0
  • 1
  • 0
  • 7h ago
Profile picture fallback
Offensive Sequence @offseq

πŸ”΄ CRITICAL: Oracle Identity Manager RCE (CVE-2026-21992) allows unauthenticated remote code execution. No active exploitation reported yet, but patch now to avoid full compromise. Review deployments and restrict access. radar.offseq.com/threat/oracle

  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
CyberNetsecIO @netsecio

πŸ“° URGENT: Oracle Patches Critical 9.8 CVSS Unauthenticated RCE Flaw

πŸ“’ URGENT PATCH: Oracle has issued an emergency fix for CVE-2026-21992, a critical 9.8 CVSS unauthenticated RCE flaw in Identity Manager. Unpatched systems can be fully compromised. Patch immediately! 🚨 #Oracle #CyberSecurity #RCE #PatchNow

πŸ”— cyber.netsecops.io/articles/or

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
Help Net Security @helpnetsecurity.com
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) πŸ“– Read more: www.helpnetsecurity.com/2026/03/23/o... #cybersecurity #cybersecuritynews #APIsecurity #identitymanagement
  • 1
  • 0
  • 0
  • 6h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
πŸ“’ Oracle publie un correctif d'urgence pour une faille RCE critique dans Identity Manager πŸ“ ## πŸ” Correctif d'urgence Oracle – CVE-2026-21992 … https://cyberveille.ch/posts/2026-03-21-oracle-publie-un-correctif-d-urgence-pour-une-faille-rce-critique-dans-identity-manager/ #CVE_2026_21992 #Cyberveille
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
CyberMaterial @cybermaterial.bsky.social
Oracle Patches Critical Identity RCE Read More: buff.ly/SRyprxy #OracleSecurity #CVE202621992 #RemoteCodeExecution #IdentitySecurity #PatchNow #VulnerabilityManagement #EnterpriseSecurity #InfosecAlert
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Sophos~ Critical unauthenticated RCE flaw in Oracle Fusion Middleware components. - IOCs: CVE-2026-21992 - #CVE2026_21992 #Oracle #threatintel
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-32975

Overview

  • Pending
24 Jun 2025
Published
03 Nov 2025
Updated
CVSS
Pending
EPSS
0.13%
KEV

Description

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

Statistics

  • 4 Posts
Last activity: 3 hours ago

Fediverse

Profile picture fallback
CyberNetsecIO @netsecio

πŸ“° Warning: Critical 10.0 CVSS Quest KACE Flaw from 2025 Now Actively Exploited

πŸ”₯ ACTIVE EXPLOITATION: A year-old, 10.0 CVSS flaw in Quest KACE SMA (CVE-2025-32975) is now being actively exploited. Attackers are gaining full admin control, deploying Mimikatz, and moving laterally. Patch and isolate from the internet NOW! #CVE

πŸ”— cyber.netsecops.io/articles/ol

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
ReconBee @reconbee.bsky.social
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems reconbee.com/hackers-expl... #hackers #hijack #Quest #KACE #SMA #cybersecurity #cyberattack
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Hackers are exploiting CVE-2025-32975 (CVSS 10.0) to bypass authentication and take control of unpatched Quest KACE SMA systems. Activity includes credential theft, account creation, and RDP access. #QuestKACE #AuthenticationBypass #USA
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Ninja Owl @ninjaowl.ai
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-3055

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 5 Posts
  • 5 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Rishi @rxerium

🚨 CVE-2026-3055 (CVSS 9.3), a unauth memory overread vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances that could see active exploitation itw

Vulnerability detection script available here:
github.com/rxerium/rxerium-tem

Patches are available as per Citrix's advisory:
support.citrix.com/support-hom

  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
:mastodon: decio @decio

➑️ CVE-2026-3055 πŸ‘€
πŸ‘‡
support.citrix.com/support-hom

  • CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
    Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.

    • CVE-2026-4368 - Race Condition vulnerability - CVSSv4 base score: 7.7Note: Affected appliances must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP proxy) or AAA virtual server to be vulnerable CVE-2026-4368.

( -> cve.circl.lu/search?q=CVE-2026 )

  • 1
  • 1
  • 0
  • 2h ago
Profile picture fallback
circl @circl

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368

#citrix #vulnerabilitymanagement #vulnerability

vulnerability.circl.lu/bundle/

  • 1
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Sami Laiho @samilaiho.com
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 #CRITICAL support.citrix.com/support-home...
  • 1
  • 0
  • 0
  • 2h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cybergcca~ CCCS issued 9 advisories, highlighting an actively exploited Craft CMS flaw (CVE-2025-32432) and critical Citrix NetScaler vulnerabilities. - IOCs: CVE-2025-32432, CVE-2026-3055, CVE-2026-4368 - #CISA_KEV #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 2h ago

CVE-2026-33017

Overview

  • langflow-ai
  • langflow
20 Mar 2026
Published
23 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.46%
KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 11 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Weekly recap highlights critical vulnerabilities like Langflow CVE-2026-33017, supply-chain abuses, AI-powered threats, container security challenges with D4C, and CI/CD risks from Trivy hijacking affecting global cyber defense. #SupplyChain #ContainerSecurity
  • 0
  • 1
  • 0
  • 22h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
πŸ“’ CVE-2026-33017 : exploitation de Langflow en moins de 20h sans PoC public πŸ“ ## πŸ—“οΈ Contexte Source : Infosecurity Magazine, article de Phil Muncaster publié… https://cyberveille.ch/posts/2026-03-22-cve-2026-33017-exploitation-de-langflow-en-moins-de-20h-sans-poc-public/ #CVE_2026_33017 #Cyberveille
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-22557

Overview

  • Ubiquiti Inc
  • UniFi Network Application
19 Mar 2026
Published
19 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.02%
KEV

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

Statistics

  • 4 Posts
Last activity: 1 hour ago

Fediverse

Profile picture fallback
The IT Nerd @The_IT_Nerd

Ubiquiti Unifi Users Should Update Their Gear ASAP To Protect Themselves From Three Absolutely Critical Vulnerabilities

Users of Ubiquiti Unifi gear should be aware of CVE-2026-22557 which details a super critical vulnerability that can lead to account takeovers. This is what the CVE says: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could…

itnerd.blog/2026/03/23/ubiquit

  • 0
  • 0
  • 1
  • 1h ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
πŸ“’ Ubiquiti : faille critique CVE-2026-22557 (CVSS 10) dans UniFi Network β€” patch disponible πŸ“ ## πŸ“° Contexte PubliΓ© le 20 mars 2026 sur IT-Connec… https://cyberveille.ch/posts/2026-03-22-ubiquiti-faille-critique-cve-2026-22557-cvss-10-dans-unifi-network-patch-disponible/ #CVE_2026_22557 #Cyberveille
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Emerging Threat: Ubiquiti UniFi Network Application Path Traversal (CVE-2026-22557)" and "Emerging Threat: GNU Inetutils telnetd LINEMODE SLC Buffer Overflow (CVE-2026-32746)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-33056

Overview

  • alexcrichton
  • tar-rs
20 Mar 2026
Published
20 Mar 2026
Updated
CVSS v4.0
MEDIUM (5.1)
EPSS
0.02%
KEV

Description

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory β€” and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45.

Statistics

  • 2 Posts
  • 6 Interactions
Last activity: 4 hours ago

Fediverse

Profile picture fallback
alip @alip

Code does not become better out of thin air just because you rewrite it in #rustlang. TOCTOUs are typically language agnostic. Here's one for tar: blog.rust-lang.org/2026/03/21/ #security

  • 3
  • 3
  • 0
  • 20h ago
Profile picture fallback
Ain Tohvri @tekkie

First supply chain problems for Rust as well. No more unique to Node blog.rust-lang.org/2026/03/21/ #Rust #rustlang #Programming πŸ¦€

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-3587

Overview

  • WAGO
  • Lean Managed Switch 852-1812
23 Mar 2026
Published
23 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.09%
KEV

Description

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-020
WAGO: Vulnerability in managed switches

A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function.
CVE-2026-3587

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 1
  • 1
  • 0
  • 10h ago
Profile picture fallback
Offensive Sequence @offseq

WAGO 852-1812 switch hit with CRITICAL CVE-2026-3587 (CVSS 10.0): hidden CLI lets remote attackers gain root with no auth. No patch yet. Isolate, restrict access, & monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 9h ago

CVE-2026-4368

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 4 Posts
  • 5 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
:mastodon: decio @decio

➑️ CVE-2026-3055 πŸ‘€
πŸ‘‡
support.citrix.com/support-hom

  • CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
    Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.

    • CVE-2026-4368 - Race Condition vulnerability - CVSSv4 base score: 7.7Note: Affected appliances must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP proxy) or AAA virtual server to be vulnerable CVE-2026-4368.

( -> cve.circl.lu/search?q=CVE-2026 )

  • 1
  • 1
  • 0
  • 2h ago
Profile picture fallback
circl @circl

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368

#citrix #vulnerabilitymanagement #vulnerability

vulnerability.circl.lu/bundle/

  • 1
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Sami Laiho @samilaiho.com
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 #CRITICAL support.citrix.com/support-home...
  • 1
  • 0
  • 0
  • 2h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cybergcca~ CCCS issued 9 advisories, highlighting an actively exploited Craft CMS flaw (CVE-2025-32432) and critical Citrix NetScaler vulnerabilities. - IOCs: CVE-2025-32432, CVE-2026-3055, CVE-2026-4368 - #CISA_KEV #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 2h ago

CVE-2026-4606

Overview

  • GeoVision
  • GV-Edge Recording Manager
  • GV-Edge Recording Manager
23 Mar 2026
Published
23 Mar 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
0.04%
KEV

Description

GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.Β  During installation, ERM creates a Windows service that runs under the LocalSystem account.Β  When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.Β  Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.Β  Any ERM function invoking Windows file open/save dialogs exposes the same risk.Β  This vulnerability allows local privilege escalation and may result in full system compromise.

Statistics

  • 2 Posts
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-4606 in GeoVision GV-Edge Recording Manager 2.3.1 allows any local user to escalate to SYSTEM privileges (CVSS 10.0). Patch or restrict local access now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
CVE-2026-4606 (CRITICAL 10.0) GV Edge ERM runs with SYSTEM privileges, allowing any local user to gain full OS control. πŸ”Ž Full analysis: basefortify.eu/cve_reports/... #CVE #CyberSecurity #PrivilegeEscalation #WindowsSecurity
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-22730

Overview

  • VMware
  • Spring AI
  • Spring AI
18 Mar 2026
Published
19 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.02%
KEV

Description

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.

Statistics

  • 2 Posts
Last activity: 14 hours ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector Store
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
πŸ“’ CVE-2026-22730 : Injection SQL dans Spring AI MariaDB permettant un contournement du contrΓ΄le d'accΓ¨s πŸ“ ## πŸ” Contexte PubliΓ© le 19 ma… https://cyberveille.ch/posts/2026-03-22-cve-2026-22730-injection-sql-dans-spring-ai-mariadb-permettant-un-contournement-du-controle-d-acces/ #Bugdazz #Cyberveille
  • 0
  • 0
  • 0
  • 14h ago
Showing 1 to 10 of 41 CVEs