24h | 7d | 30d

CVE-2026-21992

Overview

  • Oracle Corporation
  • Oracle Identity Manager
20 Mar 2026
Published
20 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.02%
KEV

Description

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. Note: Oracle Web Services Manager is installed with an Oracle Fusion Middleware Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 8 Posts
  • 2 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical tensions remain high as the Iran conflict disrupts the Strait of Hormuz, impacting oil prices and global tech supply chains due to halted helium output from Qatar (Mar 20-21, 2026). In technology, Google introduced a mandatory 24-hour wait for Android sideloading from unverified developers (Mar 20, 2026), while Nvidia showcased new AI chips at GTC 2026 (Mar 20, 2026). Cybersecurity saw Oracle patch a critical RCE vulnerability (CVE-2026-21992) (Mar 21, 2026), and Iranian-linked hackers targeted medical tech firm Stryker, wiping devices (Mar 20, 2026). A Trivy supply chain attack also deployed 'CanisterWorm' across npm packages (Mar 20, 2026).

#Cybersecurity #Geopolitics #TechNews

  • 0
  • 1
  • 0
  • 9h ago
Profile picture fallback
HackerWorkspace @hackerworkspace

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

thehackernews.com/2026/03/orac

Short summary: hackerworkspace.com/article/or

  • 0
  • 1
  • 0
  • 7h ago
Profile picture fallback
AllAboutSecurity @allaboutsecurity

CVE-2026-21992: Oracle schließt RCE-Lücke in Fusion Middleware außerhalb des regulären Patch-Zyklus

Die als CVE-2026-21992 klassifizierte Schwachstelle erlaubt es Angreifern, ohne Anmeldedaten beliebigen Code auf betroffenen Systemen auszuführen – sofern diese über das Netz erreichbar sind.

all-about-security.de/cve-2026

#oracle #cve #RCE #fusionMiddleware

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
Oracle Security Alert Advisory - CVE-2026-21992
  • 0
  • 0
  • 1
  • 21h ago
Profile picture fallback
All About Security @allaboutsecurity.bsky.social
CVE-2026-21992: Oracle schließt RCE-Lücke in Fusion Middleware außerhalb des regulären Patch-Zyklus - Die als CVE-2026-21992 klassifizierte Schwachstelle erlaubt es Angreifern, ohne Anmeldedaten beliebigen Code auf betroffenen Systemen auszuführen www.all-about-security.de/cve-2026-219... #oracle
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Oracle patches critical CVE-2026-21992 in Identity Manager and Web Services Manager allowing unauthenticated remote code execution via HTTP. CVSS score 9.8 highlights severity. #OraclePatch #RemoteCodeExec #USA
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Ninja Owl @ninjaowl.ai
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-3888

Overview

  • snapd
17 Mar 2026
Published
18 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.00%
KEV

Description

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

Statistics

  • 4 Posts
  • 4 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture fallback
ちゃんまい @mai_llj
snapdで権限昇格ができてしまうらしい
ubuntuユーザ多そうだしみんなアプデしようね
https://ubuntu.com/security/CVE-2026-3888
  • 1
  • 0
  • 0
  • 21h ago
Profile picture fallback
elhacker.NET @elhackernet

CVE-2026-3888 en Ubuntu: escalada a root aprovechando snap-confine y la limpieza de systemd-tmpfiles

blog.elhacker.net/2026/03/cve-

  • 0
  • 3
  • 1
  • 21h ago

Bluesky

Profile picture fallback
topickapp (IT技術系ニュースサイト) @topickapp.bsky.social
https://www.itmedia.co.jp/enterprise/articles/2603/20/news019.html Ubuntuデスクトップ環境で深刻な権限昇格の脆弱性(CVE-2026-3888)が確認されました。 通常ユーザーがローカル環境からroot権限を取得可能で、機密性などに広範な影響があります。 開発元は修正版を提供済みで、速やかなsnapdパッケージの更新が推奨されます。
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-20131

Overview

  • Cisco
  • Cisco Secure Firewall Management Center (FMC)
04 Mar 2026
Published
20 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.88%
KEV

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Christoph Schmees @PC_Fluesterer

Cisco Zero-Day 36 Tage vor Update ausgenutzt

Am 2026-03-04 hat Cisco ein Update gegen die Sicherheitslücke CVE-2026-20131 veröffentlicht. Sie hat die Einstufung 10 von 10 erhalten: die schlimmste aller vorstellbaren Schwachstellen. Falls¹ die Verwaltungs-Oberfläche (Management Interface) der Secure Firewall Management Center (FMC) Software und Security Cloud Control (SCC) Firewall Management Software aus dem Internet erreichbar ist, kann ein entfernter Angreifer ohne Autorisierung beliebigen Code mit Administrator-Rechten auf den betroffenen Geräten ausführen (RCE). Sehr angemessen für Geräte, die

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #erpresser #exploits #firewall #hersteller #hintertür #sicherheit #UnplugTrump #vorfälle

  • 1
  • 2
  • 0
  • 12h ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 Interlock Ransomware exploite un zero-day Cisco FMC (CVE-2026-20131) 36 jours avant divulgation 📝 *Amazon Threat Intelligence a décou… https://cyberveille.ch/posts/2026-03-21-interlock-ransomware-exploite-un-zero-day-cisco-fmc-cve-2026-20131-36-jours-avant-divulgation/ #CVE_2026_20131 #Cyberveille
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-33017

Overview

  • langflow-ai
  • langflow
20 Mar 2026
Published
21 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.44%
KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 9 hours ago

Bluesky

Profile picture fallback
Ninja Owl @ninjaowl.ai
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 1
  • 0
  • 9h ago
Profile picture fallback
Eyal Estrin ☁️ @eyalestrin.bsky.social
CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours #patchmanagement
  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-32975

Overview

  • Pending
24 Jun 2025
Published
03 Nov 2025
Updated
CVSS
Pending
EPSS
0.13%
KEV

Description

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

Statistics

  • 2 Posts
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CRITICAL: Quest KACE vuln (CVE-2025-32975) under active exploitation, mainly in education. No patch yet — segment networks, monitor KACE activity, and restrict access. Global risk. Details: radar.offseq.com/threat/critic

  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
CVE-2025-32975 allows unauthenticated access to Quest KACE SMA, leading to potential administrative takeover; organizations must patch immediately.
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-24291

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Mar 2026
Published
20 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.06%
KEV

Description

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 6 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
RegPwn: The 0-Day That Weaponized Windows Accessibility for Stealth Privilege Escalation + Video Introduction: A newly disclosed Local Privilege Escalation (LPE) vulnerability, tracked as CVE-2026-24291 and dubbed "RegPwn," demonstrates a sophisticated shift in adversary tradecraft. Exploiting…
  • 1
  • 1
  • 0
  • 6h ago

CVE-2026-1581

Overview

  • tomdever
  • wpForo Forum
19 Feb 2026
Published
23 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
11.33%
KEV

Description

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 5 hours ago

Fediverse

Profile picture fallback
HackerWorkspace @hackerworkspace

wpForo Forum <= 2.4.14 - SQL Injection (CVE-2026-1581)

pentest-tools.com/vulnerabilit

Short summary: hackerworkspace.com/article/wp

  • 0
  • 1
  • 0
  • 5h ago

CVE-2025-66376

Overview

  • Zimbra
  • Collaboration
05 Jan 2026
Published
19 Mar 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
11.43%
KEV

Description

Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Iran-linked Handala returns with a new domain after U.S. seizures, tied to MOIS. Stryker wipes linked, APT28 exploits Zimbra CVE-2025-66376 on Ukrainian gov mail, Interlock ransomware abuses Cisco zero-day. #IranOps #Ukraine #CiscoExploit
  • 0
  • 1
  • 0
  • 16h ago

CVE-2026-4373

Overview

  • jetmonsters
  • JetFormBuilder — Dynamic Blocks Form Builder
21 Mar 2026
Published
21 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.10%
KEV

Description

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that the path belongs to the WordPress uploads directory. Combined with an insufficient same-file check in 'File_Tools::is_same_file' that only compares basenames, this makes it possible for unauthenticated attackers to exfiltrate arbitrary local files as email attachments by submitting a crafted form request when the form is configured with a Media Field and a Send Email action with file attachment.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 18 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 JetFormBuilder for WordPress is HIGH risk (CVE-2026-4373): Absolute path traversal in all versions allows unauth attackers to exfiltrate files via crafted Media Field form. Review & secure deployments! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 18h ago

CVE-2026-4261

Overview

  • husobj
  • Expire Users
21 Mar 2026
Published
21 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on_expire_default_to_role' meta through the 'save_extra_user_profile_fields' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔥 HIGH severity: CVE-2026-4261 in Expire Users (WordPress, all versions) lets Subscribers escalate to Admin via missing authorization in 'save_extra_user_profile_fields'. Patch urgently or mitigate! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 19h ago
Showing 1 to 10 of 34 CVEs