24h | 7d | 30d

CVE-2026-20127

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
2.60%
KEV

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
Hackread.com @Hackread

US agencies face a CISA deadline to secure networks after a critical Cisco SD-WAN flaw (CVE-2026-20127) exposed federal systems to long-term intrusion and admin access.

Read: hackread.com/us-agencies-cisa-

#CyberSecurity #Cisco #SDWAN #CISA #Vulnerability

  • 0
  • 1
  • 0
  • 14h ago
Profile picture fallback
Daniel Kuhl ✌🏻☮️☕️ @daniel1820815

Check your deployments about Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability: cisa.gov/known-exploited-vulne

How to mitigate in Cisco SD-WAN Systems can be found here: cisa.gov/news-events/directive

  • 0
  • 0
  • 0
  • 18h ago

Bluesky

Profile picture fallback
Hackread.com @hackread.bsky.social
US agencies face a CISA deadline to secure networks after a critical Cisco SD-WAN flaw (CVE-2026-20127) exposed federal systems to long-term intrusion and admin access. Read: hackread.com/us-agencies-... #CyberSecurity #Cisco #SDWAN #CISA #Vulnerability
  • 1
  • 0
  • 0
  • 14h ago

CVE-2026-3910

Overview

  • Google
  • Chrome
12 Mar 2026
Published
13 Mar 2026
Updated
CVSS
Pending
EPSS
0.08%
KEV

Description

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 7 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Neil E. Hodges @tk
@tresronours@parlote.facil.services:

Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code


Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious […]

The post Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture fallback
Sam Stepanyan @securestep9.bsky.social
#Chrome: Google released security updates for its Chrome web browser to address two high-severity #zeroday #vulnerabilities CVE-2026-3909 & CVE-2026-3910 that it said have been exploited in the wild. Make sure to update your Chrome today! (restart it): 👇
  • 1
  • 0
  • 1
  • 14h ago
Profile picture fallback
News Analysis @newsanalysis.com
Emergency Chrome update! Google patched two zero-day vulnerabilities (CVE-2026-3909 & CVE-2026-3910) actively exploited in attacks. Update your browser now to version 146.0.7680.75/.76. #Cybersecurity #News
  • 0
  • 1
  • 0
  • 2h ago
Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
Active exploitation of Chrome zero-days CVE-2026-3909 and CVE-2026-3910 highlights the urgency of endpoint visibility in your SOC. The Skia flaw allows boundary errors leading to code execution, while V8's implementation issue compromises systems remotely.
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Google released an emergency Chrome 146 update fixing two zero-day exploits: an out-of-bounds write in Skia (CVE-2026-3909) and a V8 engine flaw (CVE-2026-3910), patched on multiple platforms. #ZeroDay #ChromeUpdate #USA
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added two actively exploited Google vulnerabilities (Skia and Chromium V8) to its KEV catalog, urging immediate patching. - IOCs: CVE-2026-3909, CVE-2026-3910 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-3909

Overview

  • Google
  • Chrome
12 Mar 2026
Published
13 Mar 2026
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 7 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Neil E. Hodges @tk
@tresronours@parlote.facil.services:

Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code


Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious […]

The post Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture fallback
Sam Stepanyan @securestep9.bsky.social
#Chrome: Google released security updates for its Chrome web browser to address two high-severity #zeroday #vulnerabilities CVE-2026-3909 & CVE-2026-3910 that it said have been exploited in the wild. Make sure to update your Chrome today! (restart it): 👇
  • 1
  • 0
  • 1
  • 14h ago
Profile picture fallback
News Analysis @newsanalysis.com
Emergency Chrome update! Google patched two zero-day vulnerabilities (CVE-2026-3909 & CVE-2026-3910) actively exploited in attacks. Update your browser now to version 146.0.7680.75/.76. #Cybersecurity #News
  • 0
  • 1
  • 0
  • 2h ago
Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
Active exploitation of Chrome zero-days CVE-2026-3909 and CVE-2026-3910 highlights the urgency of endpoint visibility in your SOC. The Skia flaw allows boundary errors leading to code execution, while V8's implementation issue compromises systems remotely.
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Google released an emergency Chrome 146 update fixing two zero-day exploits: an out-of-bounds write in Skia (CVE-2026-3909) and a V8 engine flaw (CVE-2026-3910), patched on multiple platforms. #ZeroDay #ChromeUpdate #USA
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added two actively exploited Google vulnerabilities (Skia and Chromium V8) to its KEV catalog, urging immediate patching. - IOCs: CVE-2026-3909, CVE-2026-3910 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-68613

Overview

  • n8n-io
  • n8n
19 Dec 2025
Published
12 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
76.93%
KEV

Description

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

Statistics

  • 2 Posts
  • 4 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture fallback
jbz @jbz

⚠️ CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

「 The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched by n8n in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0. CVE-2025-68613 is the first n8n vulnerability to be placed in the KEV catalog 」
thehackernews.com/2026/03/cisa

#n8n #cisa #rce #cybersecurity

  • 2
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture fallback
Calimeg @calimegai.bsky.social
🚨 CISA signale une faille critique RCE dans #n8n (CVE-2025-68613, score 9.9), toujours active sur 24 700 instances. Correctif déjà disponible. #CyberSecurity #Automatisation
  • 1
  • 1
  • 0
  • 19h ago

CVE-2026-2413

Overview

  • elemntor
  • Ally – Web Accessibility & Usability
11 Mar 2026
Published
11 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
11.89%
KEV

Description

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global_remediations()` method, where it is directly concatenated into an SQL JOIN clause without proper sanitization for SQL context. While `esc_url_raw()` is applied for URL safety, it does not prevent SQL metacharacters (single quotes, parentheses) from being injected. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via time-based blind SQL injection techniques. The Remediation module must be active, which requires the plugin to be connected to an Elementor account.

Statistics

  • 3 Posts
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Hackread.com @Hackread

Over 200,000 #WordPress sites are exposed due to an SQL injection flaw in the Ally plugin (CVE-2026-2413), allowing attackers to extract database data. Patch released, but many sites remain vulnerable.

Read: hackread.com/sql-injection-vul

#CyberSecurity #SQLInjection #Vulnerability

  • 0
  • 0
  • 1
  • 13h ago

Bluesky

Profile picture fallback
CyberMaterial @cybermaterial.bsky.social
Critical SQLi Bug Hits Ally Plugin Sites Read More: buff.ly/O6ZOGn0 #CVE20262413 #WordPressSecurity #SQLInjection #AllyPlugin #WebAppSecurity #CriticalVulnerability #PatchNow #InfosecAlert
  • 0
  • 0
  • 0
  • 11h ago

CVE-2025-69985

Overview

  • Pending
24 Feb 2026
Published
25 Feb 2026
Updated
CVSS
Pending
EPSS
0.64%
KEV

Description

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can bypass JWT authentication by spoofing the Referer header to match the server's host. Successful exploitation allows the attacker to access the protected /api/runscript endpoint and execute arbitrary Node.js code on the server.

Statistics

  • 1 Post
  • 12 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Dio9sys @Dio9sys

Today's CVE stinker: github.com/joshuavanderpoll/CV

You can get auth bypass on a SCADA HMI that already doesn't require auth, and then run a script by sending the script to `api/runscript`

Is this still a useful CVE? Perhaps! I am not an expert on FUXA HMIs specifically, and I'm sure they didn't intend for their runscript endpoint to be used to run *anything*

but still.

"you can run scripts by sending them to /api/runscript" sure is a funny CVE description.

  • 6
  • 6
  • 0
  • 6h ago

CVE-2026-21262

Overview

  • Microsoft
  • Microsoft SQL Server 2016 Service Pack 3 (GDR)
10 Mar 2026
Published
13 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.08%
KEV

Description

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 6 hours ago

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Emerging Threat: Microsoft SQL Server Elevation of Privilege Vulnerability (CVE-2026-21262)" and "CyCognito Named a Leader and Outperformer in the 2026 #GigaOm Radar for ASM". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 1
  • 1
  • 0
  • 20h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Sophos~ Microsoft patched 84 CVEs, including 8 Critical flaws and 2 publicly disclosed issues. - IOCs: CVE-2026-21536, CVE-2026-21262, CVE-2026-23668 - #PatchTuesday #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-21536

Overview

  • Microsoft
  • Microsoft Devices Pricing Program
05 Mar 2026
Published
13 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.38%
KEV

Description

Microsoft Devices Pricing Program Remote Code Execution Vulnerability

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 6 hours ago

Bluesky

Profile picture fallback
XBOW @xbow.com
In a historic first for Microsoft, XBOW, an autonomous pentesting system, discovered and reported a critical unauthenticated remote code execution vulnerability in the Microsoft Devices Pricing Program (CVE-2026-21536). https://bit.ly/4s2u8vq
  • 0
  • 1
  • 0
  • 7h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Sophos~ Microsoft patched 84 CVEs, including 8 Critical flaws and 2 publicly disclosed issues. - IOCs: CVE-2026-21536, CVE-2026-21262, CVE-2026-23668 - #PatchTuesday #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-29022

Overview

  • mackron
  • dr_libs
03 Mar 2026
Published
04 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.8)
EPSS
0.03%
KEV

Description

dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 12 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
The #Fedora 42 EasyRPG Player update is a masterclass in dependency management. A single audio library (dr_wav) posed a critical code execution risk (CVE-2026-29022). Read more: 👉 tinyurl.com/6csn36wc #Security
  • 1
  • 0
  • 0
  • 14h ago
Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just a heads up for the Fedora and open-source gaming community: CVE-2026-29022 has been patched in easyrpg-player for #Fedora 43. Read more: 👉 tinyurl.com/8nhzu8v6 #Security
  • 0
  • 1
  • 0
  • 12h ago

CVE-2026-2890

Overview

  • strategy11team
  • Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
13 Mar 2026
Published
13 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.05%
KEV

Description

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe_link_return_url`) marking payment records as complete based solely on the Stripe PaymentIntent status without comparing the intent's charged amount against the expected payment amount, and the `verify_intent()` function validating only client secret ownership without binding intents to specific forms or actions. This makes it possible for unauthenticated attackers to reuse a PaymentIntent from a completed low-value payment to mark a high-value payment as complete, effectively bypassing payment for goods or services.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Bold Outlook @boldoutlook

Formidable Forms Vulnerability Let Attackers Reuse Low-Value Stripe Payments for Higher-Cost Purchases boldoutlook.com/formidable-for

#wordpress #WordPressSecurity #cybersecurity #blogging #webdevelopment

  • 0
  • 2
  • 0
  • 3h ago
Showing 1 to 10 of 67 CVEs