24h | 7d | 30d

Overview

  • misskey-dev
  • misskey

09 Mar 2026
Published
10 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.04%

KEV

Description

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper input validation. This vulnerability occurs regardless of whether federation is enabled or not. This vulnerability could lead to a significant data breach. This vulnerability is fixed in 2026.3.1.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 14 hours ago

Fediverse

Profile picture fallback
  • 0
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture fallback
🚨 CVE-2026-28431 – CRITICAL (9.2) Insufficient permission checks in the Misskey federated social media platform can expose sensitive data. Affected: Misskey versions 8.45.0 → before 2026.3.1 Full report: basefortify.eu/cve_reports/... #CVE #Misskey #CyberSecurity #InfoSec #Fediverse
  • 0
  • 2
  • 0
  • 22h ago

Overview

  • CODESYS
  • CODESYS Installer

10 Mar 2026
Published
10 Mar 2026
Updated

CVSS v3.1
HIGH (7.3)
EPSS
0.01%

KEV

Description

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.

Statistics

  • 2 Posts

Last activity: 22 hours ago

Fediverse

Profile picture fallback

VDE-2026-012
CODESYS Installer - Possible Privilege Escalation

Exploitation of this vulnerability can lead to a privilege escalation on the host system.
CVE-2026-2364

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback

🚩 CVE-2026-2364: HIGH severity TOCTOU flaw in CODESYS Installer (all versions) lets local attackers escalate privileges via user-initiated updates. Restrict access & monitor until patch. No active exploits yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • SolarWinds
  • Web Help Desk

23 Sep 2025
Published
10 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
34.22%

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 11 hours ago

Fediverse

Profile picture fallback

⚠️ CISA added 3 actively exploited flaws to KEV.

Most critical: SolarWinds Web Help Desk CVE-2025-26399 (CVSS 9.8) allowing remote command execution.

Other KEV entries hit Omnissa Workspace One UEM and Ivanti Endpoint Manager. Federal agencies ordered to patch.

🔗 Details → thehackernews.com/2026/03/cisa

  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback

New SolarWinds CVE Continues Patch-Bypass Pattern

The CISA and NVD have published a new critical vulnerability affecting SolarWinds Web Help Desk tracked as CVE-2025-26399 which involves deserialization of untrusted data that could allow remote code execution. What makes this vulnerability particularly notable is that it appears to be a bypass of a previous SolarWinds patch tracked as CVE-2024-28988 which itself was a bypass of an earlier fix which was tracked as…

itnerd.blog/2026/03/10/new-sol

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Microsoft
  • Azure MCP Server Tools

10 Mar 2026
Published
10 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
Pending

KEV

Description

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 13 hours ago

Bluesky

Profile picture fallback
March Patch Tuesday Commentary From Fortra By Tyler Reguly, Associate Director, Security R&D, Fortra I’m sure that everyone will be talking about CVE-2026-26118 today. After all, it contains those magical three letters MCP – Must Create Panic! The old adage has changed a little these days to…
  • 1
  • 0
  • 1
  • 13h ago

Overview

  • itsourcecode
  • University Management System

08 Mar 2026
Published
08 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%

KEV

Description

A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_student causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 20 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3740 - A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php... https://www.cyberhub.blog/cves/CVE-2026-3740
  • 0
  • 1
  • 0
  • 20h ago

Overview

  • zlib software
  • zlib

07 Jan 2026
Published
05 Mar 2026
Updated

CVSS v4.0
MEDIUM (4.6)
EPSS
0.04%

KEV

Description

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Bluesky

Profile picture fallback
Heads up, #OpenSUSE Leap 16.3 community! 🐧 The mingw-zlib update to 1.3.2 is more than routine maintenance. It kills CVE-2026-22184, a buffer overflow in the untgz utility that posed as a memory leak risk for cross-compilers. Read more: 👉 tinyurl.com/4sam2z44 #Fedora
  • 0
  • 1
  • 0
  • 18h ago

Overview

  • 0xJacky
  • nginx-ui

05 Mar 2026
Published
06 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%

KEV

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 21 hours ago

Overview

  • Microsoft
  • Windows Notepad

10 Feb 2026
Published
27 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.11%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Fediverse

Profile picture fallback

Microsoft turned Notepad into a "smart" AI assistant and accidentally handed hackers a "one-click" execution engine. Here is the technical breakdown of CVE-2026-20841 and why feature creep is killing your security. 🛑💻

#CyberSecurity #Windows11 #Infosec

bdking71.wordpress.com/2026/03

  • 0
  • 1
  • 0
  • 19h ago

Overview

  • lostisland
  • faraday

09 Feb 2026
Published
10 Feb 2026
Updated

CVSS v3.1
MEDIUM (5.8)
EPSS
0.01%

KEV

Description

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's build_exclusive_url method (in lib/faraday/connection.rb) uses Ruby's URI#merge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs (e.g. //evil.com/path) are treated as network-path references that override the base URL's host/authority component. This means that if any application passes user-controlled input to Faraday's get(), post(), build_url(), or other request methods, an attacker can supply a protocol-relative URL like //attacker.com/endpoint to redirect the request to an arbitrary host, enabling Server-Side Request Forgery (SSRF). This vulnerability is fixed in 2.14.1.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 12 hours ago

Bluesky

Profile picture fallback
AI Copilot Neo Strikes Again: Uncovering CVE-2026-25765 – A Deep Dive into AI-Powered SSRF Discovery + Video Introduction: The intersection of artificial intelligence and cybersecurity has reached a new milestone with ProjectDiscovery’s Neo, an AI security copilot, earning its first CVE credit for…
  • 0
  • 1
  • 0
  • 12h ago

Overview

  • OliveTin
  • OliveTin

05 Mar 2026
Published
06 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.06%

KEV

Description

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, but can still call the KillAction RPC directly and successfully stop a running action. This is a broken access control issue that causes unauthorized denial of service against legitimate action executions. This issue has been patched in version 3000.11.0.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-28790 - OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to termi... https://www.cyberhub.blog/cves/CVE-2026-28790
  • 0
  • 0
  • 0
  • 13h ago
Showing 1 to 10 of 63 CVEs