24h | 7d | 30d

CVE-2026-3055

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.02%
KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

  • 5 Posts
  • 5 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
Taggart @mttaggart

Aww yiss another critical Citrix vuln.

bleepingcomputer.com/news/secu

Detection/remediation details here: docs.netscaler.com/en-us/netsc

  • 1
  • 3
  • 0
  • 15h ago

Bluesky

Profile picture fallback
LeMagIT @lemagit.bsky.social
🔐 CVE-2026-3055 : faille NetScaler ADC/Gateway similaire à Citrix Bleed, vol de jetons de session sans privilèges. Patch immédiat recommandé. Comment priorisez-vous ce type de correctif ? [lire]
  • 0
  • 1
  • 0
  • 1h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Citrix has patched critical vulnerabilities CVE-2026-3055 and CVE-2026-4368 in NetScaler ADC and Gateway appliances, exposing risks of session token theft and session mix-ups. #NetScaler #SAML #USA
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Ncsc~ Update Citrix NetScaler ADC & Gateway immediately to mitigate two flaws (CVE-2026-3055, CVE-2026-4368) causing memory overread and session mixups. - IOCs: CVE-2026-3055, CVE-2026-4368 - #Citrix #NetScaler #ThreatIntel
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-3055: The CitrixBleed Sequel That Will Unleash Ransomware Chaos—Patch Now or Perish + Video Introduction: History is repeating itself with terrifying precision. Just as the industry struggled to contain the fallout from CitrixBleed (CVE-2023-4966), a new memory overread vulnerability,…
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-20963

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016
13 Jan 2026
Published
19 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
7.10%
KEV

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

  • 4 Posts
Last activity: 9 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Certeu~ Unauthenticated RCE flaw (CVE-2026-20963) in Microsoft SharePoint is actively exploited and added to CISA KEV. - IOCs: CVE-2026-20963 - #CVE202620963 #SharePoint #ThreatIntel
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CISA Sounds Alarm: Unauthenticated SharePoint RCE (CVE-2026-20963) Under Active Attack—Patch NOW! + Video Introduction: A critical Microsoft SharePoint vulnerability, initially patched in January 2026, has been escalated to a severity level requiring immediate attention. The Cybersecurity and…
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-20963: Unauthenticated RCE in Microsoft SharePoint—Patch Now Before Hackers Own Your Entire Intranet + Video Introduction: A critical vulnerability initially patched in January 2026 has been escalated to a 9.8 CVSS rating after threat actors demonstrated unauthenticated remote code…
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #Indusface includes "CVE-2026-20963: SharePoint Deserialization Remote Code Execution Vulnerability" and "#AWS WAF vs AppTrana WAF 2026". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-3608

Overview

  • ISC
  • Kea
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.02%
KEV

Description

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

ISC is pleased to announce the releases of Kea 2.6.5 and 3.0.3 (stable) and 3.1.7 (development).

Both stable versions address a vulnerability in Kea DHCP; see our published advisory at kb.isc.org/docs/cve-2026-3608 . Kea 3.1.7 is not susceptible to this CVE, but development versions are not suitable for production use.

The releases are available from the ISC download page at isc.org/download/#Kea.

Thank you for using ISC’s software!

  • 0
  • 2
  • 0
  • 23h ago
Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-3608: HIGH-severity vuln in ISC Kea DHCP (2.6.0 – 2.6.4, 3.0.0 – 3.0.2). Remote attackers can crash daemons, causing DoS. Restrict API/HA access, monitor traffic, and prep failover. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-33017

Overview

  • langflow-ai
  • langflow
20 Mar 2026
Published
26 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.59%
KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

  • 2 Posts
Last activity: 4 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added CVE-2026-33017, an actively exploited Langflow code injection flaw, to its KEV catalog. - IOCs: CVE-2026-33017 - #CVE202633017 #Langflow #threatintel
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Mar 25) CVE-2026-33017 Langflowコードインジェクションの脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-20131

Overview

  • Cisco
  • Cisco Secure Firewall Management Center (FMC)
04 Mar 2026
Published
25 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.65%
KEV

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

  • 3 Posts
Last activity: 1 hour ago

Fediverse

Profile picture fallback
AllAboutSecurity @allaboutsecurity

Cisco Secure FMC: Schwachstelle CVE-2026-20131 erlaubt Remote-Codeausführung – Updates verfügbar

Eine Sicherheitslücke mit dem höchstmöglichen CVSS-Wert von 10,0 betrifft Ciscos Secure Firewall Management Center (FMC). Angreifer können ohne Authentifizierung aus der Ferne beliebigen Code ausführen.

all-about-security.de/cisco-se

#cisco #firewall #remotecode #cve

  • 0
  • 0
  • 1
  • 1h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Cisco Firepower Apocalypse: 10/10 RCE Vulnerability Actively Exploited in the Wild—Patch Now! + Video Introduction: A maximum-severity vulnerability (CVE-2026-20131) has been discovered in Cisco’s Secure Firewall Management Center (FMC) software, carrying a perfect CVSS score of 10.0. This…
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-1519

Overview

  • ISC
  • BIND 9
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.

Statistics

  • 4 Posts
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

ISC's March 2026 maintenance releases of BIND 9 are available at isc.org/download : stable branches 9.18.47 and 9.20.21, and development branch 9.21.20.

Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

kb.isc.org/docs/cve-2026-1519
kb.isc.org/docs/cve-2026-3104
kb.isc.org/docs/cve-2026-3119
kb.isc.org/docs/cve-2026-3591

Thanks for using ISC's software!

  • 2
  • 1
  • 0
  • 19h ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
(緊急)BIND 9.xの脆弱性(過剰なCPU負荷の誘発)について(CVE-2026-1519) - バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-nsec3.html
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cybergcca~ Six security advisories issued for GitLab, Node.js, n8n, Hitachi, ISC BIND, and Cisco. - IOCs: CVE-2026-1166, CVE-2026-1519, CVE-2026-3591 - #Patching #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-3591

Overview

  • ISC
  • BIND 9
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS v3.1
MEDIUM (5.4)
EPSS
Pending
KEV

Description

A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

  • 4 Posts
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

ISC's March 2026 maintenance releases of BIND 9 are available at isc.org/download : stable branches 9.18.47 and 9.20.21, and development branch 9.21.20.

Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

kb.isc.org/docs/cve-2026-1519
kb.isc.org/docs/cve-2026-3104
kb.isc.org/docs/cve-2026-3119
kb.isc.org/docs/cve-2026-3591

Thanks for using ISC's software!

  • 2
  • 1
  • 0
  • 19h ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
BIND 9.20.xの脆弱性(ACLのバイパス)について(CVE-2026-3591) - フルリゾルバー(キャッシュDNSサーバー)/権威DNSサーバーの双方が対象、 バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-sig0.html
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cybergcca~ Six security advisories issued for GitLab, Node.js, n8n, Hitachi, ISC BIND, and Cisco. - IOCs: CVE-2026-1166, CVE-2026-1519, CVE-2026-3591 - #Patching #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-3104

Overview

  • ISC
  • BIND 9
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

  • 3 Posts
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

ISC's March 2026 maintenance releases of BIND 9 are available at isc.org/download : stable branches 9.18.47 and 9.20.21, and development branch 9.21.20.

Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

kb.isc.org/docs/cve-2026-1519
kb.isc.org/docs/cve-2026-3104
kb.isc.org/docs/cve-2026-3119
kb.isc.org/docs/cve-2026-3591

Thanks for using ISC's software!

  • 2
  • 1
  • 0
  • 19h ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
(緊急)BIND 9.20.xの脆弱性(メモリリークの発生)について(CVE-2026-3104) - BIND 9.20系列のみが対象、バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-noexist.html
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-3119

Overview

  • ISC
  • BIND 9
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
Pending
KEV

Description

Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

  • 3 Posts
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

ISC's March 2026 maintenance releases of BIND 9 are available at isc.org/download : stable branches 9.18.47 and 9.20.21, and development branch 9.21.20.

Packages and container images provided by ISC will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:

kb.isc.org/docs/cve-2026-1519
kb.isc.org/docs/cve-2026-3104
kb.isc.org/docs/cve-2026-3119
kb.isc.org/docs/cve-2026-3591

Thanks for using ISC's software!

  • 2
  • 1
  • 0
  • 19h ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
BIND 9.20.xの脆弱性(DNSサービスの停止)について(CVE-2026-3119) - フルリゾルバー(キャッシュDNSサーバー)/権威DNSサーバーの双方が対象、 バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-tkey.html
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-28864

Overview

  • Apple
  • iOS and iPadOS
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 23 hours ago

Fediverse

Profile picture fallback
YAYAFA @yayafa

【セキュリティ ニュース】「iOS 26.4」公開、脆弱性38件を修正 – 旧端末向け「iOS 18.7.7」も(1ページ目 / 全1ページ):Security NEXT yayafa.com/2759965/ #Apple #CVE202628864 #IOS264セキュリティアップデート #IPadOS264 #SCIENCE #Science&Technology #SECURITY #Technology #WebKit脆弱性 #カーネル脆弱性 #キーチェーンアクセス問題 #セキュリティ #テクノロジー #ニュース #対策 #旧端末向けiOS1877 #科学 #科学&テクノロジー

  • 1
  • 0
  • 0
  • 23h ago
Showing 1 to 10 of 48 CVEs