24h | 7d | 30d

Overview

  • NetScaler
  • ADC

23 Mar 2026
Published
31 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
36.74%

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

  • 12 Posts
  • 12 Interactions

Last activity: 4 hours ago

Fediverse

Profile picture fallback

Jemand mit Citrix (Netscaler oder Gateway) unterwegs und ungepatcht? Schwachstelle CVE-2026-3055 wird angegriffen

borncity.com/blog/2026/03/30/s

  • 0
  • 0
  • 1
  • 23h ago
Profile picture fallback

Comme suite à la publication de la pertinente, agréable et incontournable PART 2 de l'analyse de watchTowr:
les nouveaux scans basés sur la présence de
GET /wsfed/passive?wctx

aka "This is Bad™" 😁

plutôt que sur la version, réduisent considérablement le nombre d'appliances exposées.

On passe à une petite centaine d'appliances potentiellement vulnérables sur les internets publics :gentleblob: , dont quelques-unes en Suisse selon ONYPHE. 📉

(CVE-2026-3055 couvre en réalité au moins deux vulnérabilités distinctes de memory overread — /saml/login et /wsfed/passive?wctx ce qui est, disons… discutable™" de la part de Citrix.)

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix  NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data.
  • 3
  • 5
  • 0
  • 19h ago
Profile picture fallback
⚠️📢 Update: Version 1.1: #Citrix NetScaler ADC & Gateway – #Schwachstellen gefährden Organisationen. Seit dem Wochenende häufen sich Berichte über Angriffe auf Citrix-Systeme [WAT26], [XCO26] - min. seit 27.03. finden Angriffsversuche mithilfe von CVE-2026-3055 statt. 👉️ www.bsi.bund.de/dok/1195484
  • 2
  • 2
  • 1
  • 4h ago
Profile picture fallback
~Cisa~ CISA added actively exploited Citrix NetScaler flaw (CVE-2026-3055) to the KEV catalog. - IOCs: CVE-2026-3055 - #CVE20263055 #Citrix #ThreatIntel
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Mar 30) CVE-2026-3055 Citrix NetScalerの境界外読み取りの脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
> 注意喚起: NetScaler ADCおよびNetScaler Gatewayにおける境界外読み取りの脆弱性(CVE-2026-3055)に関する注意喚起 (公開) https://www.jpcert.or.jp/at/2026/at260008.html
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
~Cybergcca~ CCCS issued 10 advisories, warning of critical, actively exploited vulnerabilities in Fortinet FortiClientEMS and Citrix NetScaler. - IOCs: CVE-2026-21643, CVE-2026-3055 - #CVE #Citrix #Fortinet #ThreatIntel
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
The latest update for #CyCognito includes "Emerging Threat: F5 BIG-IP Access Policy Manager Remote Code Execution (CVE-2025-53521)" and "Citrix NetScaler ADC and Gateway Vulnerabilities (CVE-2026-3055 & CVE-2026-4368)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • F5
  • BIG-IP

15 Oct 2025
Published
29 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
19.92%

Description

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 7 Posts
  • 7 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

📢⚠️ Sicherheitswarnung: Version 1.0: F5 BIG-IP – Aktive Ausnutzung einer #Schwachstelle im Access Policy Manager

Am 27.03.2026 gab der Hersteller F5 ein Advisory heraus, in dem Details zu beobachteten Angriffen auf BIG-IP-Instanzen beschrieben wurden. Im Bericht enthalten waren im Wesentlichen Indicators of Compromise (IoCs), anhand derer eine Ausnutzung von CVE-2025-53521 detektiert werden kann.

Mehr Informationen gibt's hier: bsi.bund.de/dok/1195766

@certbund

  • 5
  • 0
  • 0
  • 1h ago
Profile picture fallback

F5 BIG-IP APM vulnerability (CVE-2025-53521) escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately.

Read: hackread.com/critical-f5-big-i

#CyberSecurity #F5 #Vulnerability #DDoS #RCE

  • 1
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
my.f5.com/manage/s/art... K000156741: BIG-IP APM vulnerability CVE-2025-53521 Updated 29th of March.
  • 0
  • 1
  • 0
  • 6h ago
Profile picture fallback
F5 reclassifies BIG-IP APM flaw CVE-2025-53521 from DoS to critical RCE after active exploitation deploying webshells on unpatched devices. Over 240K instances exposed online. #BIGIPAPM #RemoteCodeExecution #USA
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
F5 BIG-IP Access Policy Managerの脆弱性(CVE-2025-53521)に関する注意喚起 #JPCERTCC (Mar 30) www.jpcert.or.jp/at/2026/at26...
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
F5 BIG-IP APM vulnerability (CVE-2025-53521) escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately. Read: hackread.com/critical-f5-... #CyberSecurity #F5 #Vulnerability #DDoS #RCE
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
The latest update for #CyCognito includes "Emerging Threat: F5 BIG-IP Access Policy Manager Remote Code Execution (CVE-2025-53521)" and "Citrix NetScaler ADC and Gateway Vulnerabilities (CVE-2026-3055 & CVE-2026-4368)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Fortinet
  • FortiClientEMS

06 Feb 2026
Published
31 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.05%

KEV

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Statistics

  • 6 Posts
  • 1 Interaction

Last activity: 5 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-21643 an SQL Injection vulnerability (CVSS 9.8) is seeing active exploitation in the wild as reported by @DefusedCyber

Vulnerability detection script available here:
github.com/rxerium/rxerium-tem

This vulnerability currently only affects FortiClientEMS 7.4.4 and it is recommended that you upgrade to 7.4.5 or later as reported by Fortinet:
fortiguard.fortinet.com/psirt/

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback

Critical supply chain attack on Axios npm distributed a Remote Access Trojan (RAT) via a `plain-crypto-js` dependency. Fortinet faces active exploitation of a critical SQL injection flaw (CVE-2026-21643). Geopolitically, Iran-US tensions escalate; a Kuwaiti oil tanker was hit, and Yemen launched strikes against Israeli sites.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Critical bug (CVE-2026-21643) in Fortinet FortiClient EMS is already being exploited. Unauthenticated attackers can run code via the web interface, and thousands of instances are exposed. Patch ASAP (7.4.5+). via @bleepingcomputer.com www.bleepingcomputer.com/news/securit...
  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback
Critical FortiClient EMS SQL Injection (CVE-2026-21643) Actively Exploited: Attackers Bypass WAF via HTTP Headers + Video Introduction: A critical severity SQL injection vulnerability, designated CVE-2026-21643, has been identified in Fortinet’s FortiClient Endpoint Management Server (EMS) and is…
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Fortinet FortiClient EMSの重大な脆弱性が現在攻撃を受けています(CVE-2026-21643) Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) #HelpNetSecurity (Mar 30) www.helpnetsecurity.com/2026/03/30/f...
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
~Cybergcca~ CCCS issued 10 advisories, warning of critical, actively exploited vulnerabilities in Fortinet FortiClientEMS and Citrix NetScaler. - IOCs: CVE-2026-21643, CVE-2026-3055 - #CVE #Citrix #Fortinet #ThreatIntel
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • WPEverest
  • Everest Forms Pro

31 Mar 2026
Published
31 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.22%

KEV

Description

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval(). The sanitize_text_field() function applied to input does not escape single quotes or other PHP code context characters. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code on the server by submitting a crafted value in any string-type form field (text, email, URL, select, radio) when a form uses the "Complex Calculation" feature.

Statistics

  • 2 Posts

Last activity: 5 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-3300 in Everest Forms Pro (all versions) enables unauthenticated RCE via "Complex Calculation" forms. Disable the feature or restrict access ASAP. No patch yet — monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture fallback
🚨 CVE-2026-3300 (CRITICAL 9.8) Submitting a form can lead to full server compromise. Everest Forms Pro allows unauthenticated RCE via eval() misuse in form calculations. 🔎 basefortify.eu/cve_reports/... #CVE #CyberSecurity #WordPress #RCE
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • OpenOLAT
  • OpenOLAT

30 Mar 2026
Published
30 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.05%

KEV

Description

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed (either triggered manually or via the daily cron job), the injected directives are evaluated server-side. By chaining Velocity's #set directive with Java reflection, an attacker can instantiate arbitrary Java classes such as java.lang.ProcessBuilder and execute operating system commands with the privileges of the Tomcat process (typically root in containerized deployments). This issue has been patched in versions 19.1.31, 20.1.18, and 20.2.5.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Our colleague @mal had another look at OpenOLAT and found a nice RCE (CVE-2026-28228 and CVE-2026-28228). If you're interested, details can be found on our blog secfault-security.com/blog/ope

  • 2
  • 1
  • 0
  • 1h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libsoup3

30 Mar 2026
Published
30 Mar 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Fediverse

Profile picture fallback

excited to announce fox found their first browser exploit
nvd.nist.gov/vuln/detail/CVE-2

#hacking #exploit #cybersecurity

  • 1
  • 0
  • 0
  • 19h ago

Overview

  • supsysticcom
  • Contact Form by Supsystic

30 Mar 2026
Published
30 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.22%

KEV

Description

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig `Twig_Loader_String` template engine without sandboxing, combined with the `cfsPreFill` prefill functionality that allows unauthenticated users to inject arbitrary Twig expressions into form field values via GET parameters. This makes it possible for unauthenticated attackers to execute arbitrary PHP functions and OS commands on the server by leveraging Twig's `registerUndefinedFilterCallback()` method to register arbitrary PHP callbacks.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-4257 in Contact Form by Supsystic (all versions) enables unauth RCE via SSTI (Twig). No patch yet. Disable plugin or block endpoints ASAP. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • juliangruber
  • brace-expansion

27 Mar 2026
Published
27 Mar 2026
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
0.05%

KEV

Description

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-33750 impacts brace-expansion in 4 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/451 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Microsoft
  • Windows 10 Version 21H2

13 Jan 2026
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
Windowsのエラー報告サービスに深刻な欠陥、低権限ユーザーが SYSTEM 権限を奪取できる脆弱性(CVE-2026-20817) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • micromatch
  • picomatch

26 Mar 2026
Published
27 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.04%

KEV

Description

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-33671 impacts picomatch in 3 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/452 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 2h ago
Showing 1 to 10 of 54 CVEs