CVE-2026-27944

Overview

0xJacky
nginx-ui

05 Mar 2026

Published

06 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.05%

MITRE

KEV

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

Statistics

4 Posts
1 Interaction

Last activity: 3 hours ago

Fediverse

Joseph Williams @rhudaur

Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
https://thecyberexpress.com/cve-2026-27944-nginx-ui-backup-vulnerability/?utm_source=flipboard&utm_medium=activitypub

Posted into Cybersecurity Today @cybersecurity-today-rhudaur

1
0
0
15h ago

Bluesky

ohhara @shiojiri.com

Critical Nginx UI flaw CVE-2026-27944 exposes server backups https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html

0
0
0
23h ago

Kevin Poireault @leekthehack.bsky.social

VulnWatch Monday: CVE-2026-27944 🔓 A critical vulnerability in Nginx UI allows unauthenticated attackers to download and decrypt full system backups. It affects all versions before 2.3.2.

0
0
0
10h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

Nginx-UIに認証不要でバックアップを取得できる重大な脆弱性(CVE-2026-27944) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews

0
0
0
3h ago

CVE-2026-20841

Overview

Microsoft
Windows Notepad

10 Feb 2026

Published

27 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.10%

MITRE

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

1 Post
28 Interactions

Last activity: 10 hours ago

Fediverse

Rafa Laguna - Game Developer @rafalagoon

Vulnerabilidad grave en la fantástica nueva versión de Bloc de notas:

El CVE:
👉 https://www.cve.org/CVERecord?id=CVE-2026-20841

La explicación:

Si abres un archivo de texto MarkDown (MD) que tenga un enlace... dicho enlace puede EJECUTAR CUALQUIER COSA en la máquina.

La URL que hay adentro del enlace, al cual puedes hacer click, la ejecuta Bloc de notas a pelo utilizando "ShellExecuteExW":

👉 https://learn.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-shellexecuteexw

#ciberseguridad #cybersecurity #windows #notepad #blocdenotas

20
8
0
10h ago

CVE-2026-28431

Overview

misskey-dev
misskey

09 Mar 2026

Published

09 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.2)

EPSS

Pending

MITRE

KEV

Description

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper input validation. This vulnerability occurs regardless of whether federation is enabled or not. This vulnerability could lead to a significant data breach. This vulnerability is fixed in 2026.3.1.

Statistics

4 Posts
5 Interactions

Last activity: 6 hours ago

Fediverse

Offensive Sequence @offseq

🚨 CVE-2026-28431 (CRITICAL, CVSS 9.2) in Misskey (8.45.0 – <2026.3.1): Improper authorization allows unauthenticated data access. Patch to 2026.3.1 now! Review access controls and monitor logs. https://radar.offseq.com/threat/cve-2026-28431-cwe-285-improper-authorization-in-m-e4688f7e #OffSeq #Misskey #Vuln #InfoSec

0
0
0
6h ago

buherator @buherator

Misskey/Sharkey "extremely severe" vulnerabilities

https://www.openwall.com/lists/oss-security/2026/03/09/7

#Fediverse #ActivityPub #misskey #sharkey

CVE-2026-28431
CVE-2026-28432
CVE-2026-28433

2
0
0
11h ago

KIP/JΛYCHØU ⁂ :neocat_cofe: @admin

Moe.Pub更新完成！

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1：https://github.com/misskey-dev/misskey/releases/tag/2026.3.1
非官方公告：https://transfem.social/notes/ajkq30j9wury01jb
Docker更新：https://misskey-hub.net/cn/docs/for-admin/install/guides/docker/
更新日志：https://github.com/misskey-dev/misskey/blob/master/CHANGELOG.md
实例：https://moe.pub / https://mk.moe.pub
开放注册：True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

0
3
0
23h ago

Bluesky

buherator @buherator.bsky.social

Misskey/Sharkey "extremely severe" vulnerabilities www.openwall.com -> #Fediverse #ActivityPub #misskey #sharkey CVE-2026-28431 CVE-2026-28432 CVE-2026-28433 Original->

0
0
0
11h ago

CVE-2026-3804

Overview

Tenda
i3

09 Mar 2026

Published

09 Mar 2026

Updated

CVSS v4.0

HIGH (8.7)

EPSS

0.05%

MITRE

KEV

Description

A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Statistics

2 Posts
1 Interaction

Last activity: 11 hours ago

Fediverse

Offensive Sequence @offseq

⚠️ HIGH severity: CVE-2026-3804 in Tenda i3 v1.0.0.6(2204) enables remote stack-based buffer overflow via /goform/WifiMacFilterSet. Exploit is public — prioritize mitigation or isolation. https://radar.offseq.com/threat/cve-2026-3804-stack-based-buffer-overflow-in-tenda-c824133f #OffSeq #Vulnerability #Tenda #InfoSec

0
1
0
22h ago

Bluesky

CyberHub @cyberhub.blog

📌 CVE-2026-3804 - A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMa... https://www.cyberhub.blog/cves/CVE-2026-3804

0
0
0
11h ago

CVE-2025-56132

Overview

Pending

30 Sep 2025

Published

01 Oct 2025

Updated

CVSS

Pending

EPSS

1.60%

MITRE

KEV

Description

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2 introduces user-based lockout mechanisms to mitigate brute-force attacks, user enumeration remains possible by default. In versions prior to 4.2, no such user-level protection is in place, only basic IP-based rate limiting is enforced. This IP-based protection can be bypassed by distributing requests across multiple IPs (e.g., rotating IP or proxies). Effectively bypassing both login and password reset security controls. Successful exploitation allows an attacker to enumerate valid email addresses registered for the application, increasing the risk of follow-up attacks such as password spraying.

Statistics

1 Post
23 Interactions

Last activity: 7 hours ago

Fediverse

Dio9sys @Dio9sys

https://nvd.nist.gov/vuln/detail/CVE-2025-56132

"You can enumerate email addresses by sending a request to password_reset with different test emails and seeing how the server responds"

so we're assigning CVEs to basic HTB tricks now huh?

5
18
0
7h ago

CVE-2026-20127

Overview

Cisco
Cisco Catalyst SD-WAN Manager

25 Feb 2026

Published

26 Feb 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

2.60%

MITRE

KEV

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

2 Posts

Last activity: 8 hours ago

Fediverse

TechNadu @technadu

Critical Cisco Catalyst SD-WAN vulnerability (CVE-2026-20127, CVSS 10.0) is now under widespread exploitation.

Attackers are deploying webshells after the flaw moved from targeted zero-day use to global opportunistic campaigns.

https://www.technadu.com/cisco-catalyst-sd-wan-flaw-is-now-fcing-widespread-exploitation/622887/

Have your systems been patched?

#infosec #cybersecurity #cisco #zeroday #threatintel

0
0
0
16h ago

Anonymous :verified: @youranonnewsirc

Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):

Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.

#Cybersecurity #Geopolitics #TechNews

0
0
0
8h ago

CVE-2026-2796

Overview

Mozilla
Firefox

24 Feb 2026

Published

06 Mar 2026

Updated

CVSS

Pending

EPSS

0.06%

MITRE

KEV

Description

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Statistics

1 Post
4 Interactions

Last activity: 12 hours ago

Fediverse

buherator @buherator

It's a bit hard to find in the announcement publications, but this is the technical analysis of one of the #Firefox bugs Anthropic's #LLM agents found (CVE-2026-2796):

https://red.anthropic.com/2026/exploit/

3
1
0
12h ago

CVE-2026-21533

Overview

Microsoft
Windows 10 Version 1607

10 Feb 2026

Published

27 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

2.74%

MITRE

KEV

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Statistics

1 Post
3 Interactions

Last activity: 15 hours ago

Fediverse

Prof. Dr. Dennis-Kenji Kipker @kenji

Wie lukrativ der Handel mit Exploits ist, wird anhand einer aktuellen #Sicherheitslücke für das #Microsoft Betriebssystem #Windows deutlich: So wird im Darknet offenbar ein #Exploit für rund 220.000 US-Dollar angeboten.

Laut den verfügbaren Berichten geht es um eine #Schwachstelle in den Remote Desktop Services, die Windows 10, Windows 11 und mehrere Server-Versionen betreffen soll und mit welcher der Angreifer seine Systemrechte unbefugt ausweiten kann:

https://www.connect.de/news/windows-sicherheit-cve-2026-21533-darknet-3212047.html #cybersecurity

2
1
0
15h ago

CVE-2026-28433

Overview

misskey-dev
misskey

09 Mar 2026

Published

09 Mar 2026

Updated

CVSS v4.0

LOW (2.3)

EPSS

Pending

MITRE

KEV

Description

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be relatively low, as bad actors would require the ID corresponding to the target file for import. This vulnerability is fixed in 2026.3.1.

Statistics

3 Posts
5 Interactions

Last activity: 11 hours ago

Fediverse

buherator @buherator

Misskey/Sharkey "extremely severe" vulnerabilities

https://www.openwall.com/lists/oss-security/2026/03/09/7

#Fediverse #ActivityPub #misskey #sharkey

CVE-2026-28431
CVE-2026-28432
CVE-2026-28433

2
0
0
11h ago

KIP/JΛYCHØU ⁂ :neocat_cofe: @admin

Moe.Pub更新完成！

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1：https://github.com/misskey-dev/misskey/releases/tag/2026.3.1
非官方公告：https://transfem.social/notes/ajkq30j9wury01jb
Docker更新：https://misskey-hub.net/cn/docs/for-admin/install/guides/docker/
更新日志：https://github.com/misskey-dev/misskey/blob/master/CHANGELOG.md
实例：https://moe.pub / https://mk.moe.pub
开放注册：True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

0
3
0
23h ago

Bluesky

buherator @buherator.bsky.social

Misskey/Sharkey "extremely severe" vulnerabilities www.openwall.com -> #Fediverse #ActivityPub #misskey #sharkey CVE-2026-28431 CVE-2026-28432 CVE-2026-28433 Original->

0
0
0
11h ago

CVE-2026-28432

Overview

misskey-dev
misskey

09 Mar 2026

Published

09 Mar 2026

Updated

CVSS v4.0

HIGH (7.1)

EPSS

Pending

MITRE

KEV

Description

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.

Statistics

3 Posts
5 Interactions

Last activity: 11 hours ago

Fediverse

buherator @buherator

Misskey/Sharkey "extremely severe" vulnerabilities

https://www.openwall.com/lists/oss-security/2026/03/09/7

#Fediverse #ActivityPub #misskey #sharkey

CVE-2026-28431
CVE-2026-28432
CVE-2026-28433

2
0
0
11h ago

KIP/JΛYCHØU ⁂ :neocat_cofe: @admin

Moe.Pub更新完成！

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1：https://github.com/misskey-dev/misskey/releases/tag/2026.3.1
非官方公告：https://transfem.social/notes/ajkq30j9wury01jb
Docker更新：https://misskey-hub.net/cn/docs/for-admin/install/guides/docker/
更新日志：https://github.com/misskey-dev/misskey/blob/master/CHANGELOG.md
实例：https://moe.pub / https://mk.moe.pub
开放注册：True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

0
3
0
23h ago

Bluesky

buherator @buherator.bsky.social

Misskey/Sharkey "extremely severe" vulnerabilities www.openwall.com -> #Fediverse #ActivityPub #misskey #sharkey CVE-2026-28431 CVE-2026-28432 CVE-2026-28433 Original->

0
0
0
11h ago