Overview
- misskey-dev
- misskey
Description
Statistics
- 3 Posts
- 2 Interactions
Fediverse
🚨 CVE-2026-28431 (CRITICAL, CVSS 9.2) in Misskey (8.45.0 – <2026.3.1): Improper authorization allows unauthenticated data access. Patch to 2026.3.1 now! Review access controls and monitor logs. https://radar.offseq.com/threat/cve-2026-28431-cwe-285-improper-authorization-in-m-e4688f7e #OffSeq #Misskey #Vuln #InfoSec
Overview
- 0xJacky
- nginx-ui
Description
Statistics
- 3 Posts
- 1 Interaction
Fediverse
Critical Nginx UI flaw CVE-2026-27944 exposes server backups https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html
Overview
- CODESYS
- CODESYS Installer
Description
Statistics
- 2 Posts
Fediverse
#OT #Advisory VDE-2026-012
CODESYS Installer - Possible Privilege Escalation
Exploitation of this vulnerability can lead to a privilege escalation on the host system.
#CVE CVE-2026-2364
https://certvde.com/en/advisories/vde-2026-012/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-01_vde-2026-012.json
🚩 CVE-2026-2364: HIGH severity TOCTOU flaw in CODESYS Installer (all versions) lets local attackers escalate privileges via user-initiated updates. Restrict access & monitor until patch. No active exploits yet. https://radar.offseq.com/threat/cve-2026-2364-cwe-367-time-of-check-time-of-use-to-5eb858d5 #OffSeq #CODESYS #ICS #Vuln
Overview
Description
Statistics
- 3 Posts
- 1 Interaction
Fediverse
⚠️ CISA added 3 actively exploited flaws to KEV.
Most critical: SolarWinds Web Help Desk CVE-2025-26399 (CVSS 9.8) allowing remote command execution.
Other KEV entries hit Omnissa Workspace One UEM and Ivanti Endpoint Manager. Federal agencies ordered to patch.
🔗 Details → https://thehackernews.com/2026/03/cisa-flags-solarwinds-ivanti-and.html
New SolarWinds CVE Continues Patch-Bypass Pattern
The CISA and NVD have published a new critical vulnerability affecting SolarWinds Web Help Desk tracked as CVE-2025-26399 which involves deserialization of untrusted data that could allow remote code execution. What makes this vulnerability particularly notable is that it appears to be a bypass of a previous SolarWinds patch tracked as CVE-2024-28988 which itself was a bypass of an earlier fix which was tracked as…
https://itnerd.blog/2026/03/10/new-solarwinds-cve-continues-patch-bypass-pattern/
Overview
Description
Statistics
- 1 Post
- 23 Interactions
Fediverse
https://nvd.nist.gov/vuln/detail/CVE-2025-56132
"You can enumerate email addresses by sending a request to password_reset with different test emails and seeing how the server responds"
so we're assigning CVEs to basic HTB tricks now huh?
Overview
Description
Statistics
- 3 Posts
Fediverse
WatchTowr reports seeing exploitation attempts for CVE-2026-20127 from numerous unique IP addresses. https://www.securityweek.com/recent-cisco-catalyst-sd-wan-vulnerability-now-widely-exploited/
Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):
Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.
Overview
Description
Statistics
- 2 Posts
Bluesky
Overview
- Microsoft
- Azure MCP Server Tools
Description
Statistics
- 2 Posts
- 1 Interaction
Bluesky
Overview
- SAP_SE
- SAP NetWeaver Enterprise Portal Administration
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
🚨 CRITICAL: CVE-2026-27685 in SAP NetWeaver EP-RUNTIME 7.50 (Admin) enables privileged users to upload malicious serialized data — risking full system compromise. Restrict uploads, monitor privileged actions, patch ASAP! https://radar.offseq.com/threat/cve-2026-27685-cwe-502-deserialization-of-untruste-36704129 #OffSeq #SAP #CVE #InfoSec
Overview
- zlib software
- zlib
Description
Statistics
- 1 Post
- 1 Interaction