CVE-2026-27944

Overview

0xJacky
nginx-ui

05 Mar 2026

Published

06 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.05%

MITRE

KEV

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

Statistics

4 Posts
1 Interaction

Last activity: Last hour

Fediverse

Joseph Williams @rhudaur

Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
https://thecyberexpress.com/cve-2026-27944-nginx-ui-backup-vulnerability/?utm_source=flipboard&utm_medium=activitypub

Posted into Cybersecurity Today @cybersecurity-today-rhudaur

1
0
0
4h ago

Bluesky

キタきつね @kitafox.bsky.social

重大なNginx UIの欠陥CVE-2026-27944により、サーバーのバックアップが危険にさらされる Critical Nginx UI flaw CVE-2026-27944 exposes server backups #SecurityAffairs (Mar 8) securityaffairs.com/189123/secur...

0
0
0
21h ago

ohhara @shiojiri.com

Critical Nginx UI flaw CVE-2026-27944 exposes server backups https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html

0
0
0
13h ago

Kevin Poireault @leekthehack.bsky.social

VulnWatch Monday: CVE-2026-27944 🔓 A critical vulnerability in Nginx UI allows unauthenticated attackers to download and decrypt full system backups. It affects all versions before 2.3.2.

0
0
0
Last hour

CVE-2026-28432

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

4 Posts
4 Interactions

Last activity: Last hour

Fediverse

大松鼠 @snullp

@cdn0x12 感觉CVE-2026-28432这个问题长毛象前年（？）似乎也有类似的，后来修好了。

0
0
0
14h ago

buherator @buherator

Misskey/Sharkey "extremely severe" vulnerabilities

https://www.openwall.com/lists/oss-security/2026/03/09/7

#Fediverse #ActivityPub #misskey #sharkey

CVE-2026-28431
CVE-2026-28432
CVE-2026-28433

2
0
0
Last hour

KIP/JΛYCHØU ⁂ :neocat_cofe: @admin

Moe.Pub更新完成！

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1：https://github.com/misskey-dev/misskey/releases/tag/2026.3.1
非官方公告：https://transfem.social/notes/ajkq30j9wury01jb
Docker更新：https://misskey-hub.net/cn/docs/for-admin/install/guides/docker/
更新日志：https://github.com/misskey-dev/misskey/blob/master/CHANGELOG.md
实例：https://moe.pub / https://mk.moe.pub
开放注册：True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

0
2
0
13h ago

Bluesky

buherator @buherator.bsky.social

Misskey/Sharkey "extremely severe" vulnerabilities www.openwall.com -> #Fediverse #ActivityPub #misskey #sharkey CVE-2026-28431 CVE-2026-28432 CVE-2026-28433 Original->

0
0
0
Last hour

CVE-2026-3804

Overview

Tenda
i3

09 Mar 2026

Published

09 Mar 2026

Updated

CVSS v4.0

HIGH (8.7)

EPSS

0.05%

MITRE

KEV

Description

A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Statistics

2 Posts
1 Interaction

Last activity: Last hour

Fediverse

Offensive Sequence @offseq

⚠️ HIGH severity: CVE-2026-3804 in Tenda i3 v1.0.0.6(2204) enables remote stack-based buffer overflow via /goform/WifiMacFilterSet. Exploit is public — prioritize mitigation or isolation. https://radar.offseq.com/threat/cve-2026-3804-stack-based-buffer-overflow-in-tenda-c824133f #OffSeq #Vulnerability #Tenda #InfoSec

0
1
0
12h ago

Bluesky

CyberHub @cyberhub.blog

📌 CVE-2026-3804 - A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMa... https://www.cyberhub.blog/cves/CVE-2026-3804

0
0
0
Last hour

CVE-2026-3630

Overview

DeltaWW
COMMGR2

09 Mar 2026

Published

09 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.04%

MITRE

KEV

Description

Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.

Statistics

3 Posts

Last activity: 5 hours ago

Fediverse

Offensive Sequence @offseq

🔴 CVE-2026-3630: CRITICAL stack-based buffer overflow in DeltaWW COMMGR2 (ver 0) enables unauthenticated RCE. No patch available. Segment networks, enable IDS/IPS, & monitor for exploitation. Details: https://radar.offseq.com/threat/cve-2026-3630-cwe-121-stack-based-buffer-overflow--c00e7f15 #OffSeq #ICS #Vuln #CyberSecurity

0
0
1
13h ago

Bluesky

BaseFortify.eu @basefortify.bsky.social

🚨 CVE-2026-3630 – CRITICAL (9.8) Stack-Based Buffer Overflow in Delta Electronics COMMGR2. A memory handling flaw could allow attackers to overwrite stack memory and potentially execute arbitrary code. Full report: basefortify.eu/cve_reports/... #CVE #IndustrialSecurity #CyberSecurity #InfoSec

0
0
0
5h ago

CVE-2026-2796

Overview

Mozilla
Firefox

24 Feb 2026

Published

06 Mar 2026

Updated

CVSS

Pending

EPSS

0.06%

MITRE

KEV

Description

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Statistics

1 Post
3 Interactions

Last activity: 1 hour ago

Fediverse

buherator @buherator

It's a bit hard to find in the announcement publications, but this is the technical analysis of one of the #Firefox bugs Anthropic's #LLM agents found (CVE-2026-2796):

https://red.anthropic.com/2026/exploit/

3
0
0
1h ago

CVE-2026-21533

Overview

Microsoft
Windows 10 Version 1607

10 Feb 2026

Published

27 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

2.74%

MITRE

KEV

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Statistics

1 Post
2 Interactions

Last activity: 4 hours ago

Fediverse

Prof. Dr. Dennis-Kenji Kipker @kenji

Wie lukrativ der Handel mit Exploits ist, wird anhand einer aktuellen #Sicherheitslücke für das #Microsoft Betriebssystem #Windows deutlich: So wird im Darknet offenbar ein #Exploit für rund 220.000 US-Dollar angeboten.

Laut den verfügbaren Berichten geht es um eine #Schwachstelle in den Remote Desktop Services, die Windows 10, Windows 11 und mehrere Server-Versionen betreffen soll und mit welcher der Angreifer seine Systemrechte unbefugt ausweiten kann:

https://www.connect.de/news/windows-sicherheit-cve-2026-21533-darknet-3212047.html #cybersecurity

1
1
0
4h ago

CVE-2026-20841

Overview

Microsoft
Windows Notepad

10 Feb 2026

Published

27 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.10%

MITRE

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

1 Post
2 Interactions

Last activity: Last hour

Fediverse

Rafa Laguna - Game Developer @rafalagoon

Vulnerabilidad grave en la fantástica nueva versión de Bloc de notas:

El CVE:
👉 https://www.cve.org/CVERecord?id=CVE-2026-20841

La explicación:

Si abres un archivo de texto MarkDown (MD) que tenga un enlace... dicho enlace puede EJECUTAR CUALQUIER COSA en la máquina.

La URL que hay adentro del enlace, al cual puedes hacer click, la ejecuta Bloc de notas a pelo utilizando "ShellExecuteExW":

👉 https://learn.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-shellexecuteexw

#ciberseguridad #cybersecurity #windows #notepad #blocdenotas

1
1
0
Last hour

CVE-2026-3768

Overview

Tenda
F453

08 Mar 2026

Published

08 Mar 2026

Updated

CVSS v4.0

HIGH (8.7)

EPSS

0.05%

MITRE

KEV

Description

A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Statistics

1 Post
1 Interaction

Last activity: 15 hours ago

Fediverse

Offensive Sequence @offseq

🚩 CVE-2026-3768 (HIGH, CVSS 8.7): Stack buffer overflow in Tenda F453 v1.0.0.3 — remote, unauthenticated exploit possible. Public exploit code released. Patch ASAP or restrict remote access! https://radar.offseq.com/threat/cve-2026-3768-stack-based-buffer-overflow-in-tenda-9b634f69 #OffSeq #CVE20263768 #RouterSecurity #Infosec

1
0
0
15h ago

CVE-2026-28433

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

3 Posts
4 Interactions

Last activity: Last hour

Fediverse

buherator @buherator

Misskey/Sharkey "extremely severe" vulnerabilities

https://www.openwall.com/lists/oss-security/2026/03/09/7

#Fediverse #ActivityPub #misskey #sharkey

CVE-2026-28431
CVE-2026-28432
CVE-2026-28433

2
0
0
Last hour

KIP/JΛYCHØU ⁂ :neocat_cofe: @admin

Moe.Pub更新完成！

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1：https://github.com/misskey-dev/misskey/releases/tag/2026.3.1
非官方公告：https://transfem.social/notes/ajkq30j9wury01jb
Docker更新：https://misskey-hub.net/cn/docs/for-admin/install/guides/docker/
更新日志：https://github.com/misskey-dev/misskey/blob/master/CHANGELOG.md
实例：https://moe.pub / https://mk.moe.pub
开放注册：True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

0
2
0
13h ago

Bluesky

buherator @buherator.bsky.social

Misskey/Sharkey "extremely severe" vulnerabilities www.openwall.com -> #Fediverse #ActivityPub #misskey #sharkey CVE-2026-28431 CVE-2026-28432 CVE-2026-28433 Original->

0
0
0
Last hour

CVE-2026-28431

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

3 Posts
4 Interactions

Last activity: Last hour

Fediverse

buherator @buherator

Misskey/Sharkey "extremely severe" vulnerabilities

https://www.openwall.com/lists/oss-security/2026/03/09/7

#Fediverse #ActivityPub #misskey #sharkey

CVE-2026-28431
CVE-2026-28432
CVE-2026-28433

2
0
0
Last hour

KIP/JΛYCHØU ⁂ :neocat_cofe: @admin

Moe.Pub更新完成！

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1：https://github.com/misskey-dev/misskey/releases/tag/2026.3.1
非官方公告：https://transfem.social/notes/ajkq30j9wury01jb
Docker更新：https://misskey-hub.net/cn/docs/for-admin/install/guides/docker/
更新日志：https://github.com/misskey-dev/misskey/blob/master/CHANGELOG.md
实例：https://moe.pub / https://mk.moe.pub
开放注册：True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

0
2
0
13h ago

Bluesky

buherator @buherator.bsky.social

Misskey/Sharkey "extremely severe" vulnerabilities www.openwall.com -> #Fediverse #ActivityPub #misskey #sharkey CVE-2026-28431 CVE-2026-28432 CVE-2026-28433 Original->

0
0
0
Last hour