24h | 7d | 30d

CVE-2026-28431

Overview

  • misskey-dev
  • misskey
09 Mar 2026
Published
10 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.04%
KEV

Description

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper input validation. This vulnerability occurs regardless of whether federation is enabled or not. This vulnerability could lead to a significant data breach. This vulnerability is fixed in 2026.3.1.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-28431 (CRITICAL, CVSS 9.2) in Misskey (8.45.0 – <2026.3.1): Improper authorization allows unauthenticated data access. Patch to 2026.3.1 now! Review access controls and monitor logs. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
System Operator @sysop
Last great #misskey CVE went public
https://app.opencve.io/cve/CVE-2026-28431
  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2026-28431 – CRITICAL (9.2) Insufficient permission checks in the Misskey federated social media platform can expose sensitive data. Affected: Misskey versions 8.45.0 → before 2026.3.1 Full report: basefortify.eu/cve_reports/... #CVE #Misskey #CyberSecurity #InfoSec #Fediverse
  • 0
  • 2
  • 0
  • 11h ago

CVE-2026-27944

Overview

  • 0xJacky
  • nginx-ui
05 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%
KEV

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Patrick C Miller :donor: @patrickcmiller

Critical Nginx UI flaw CVE-2026-27944 exposes server backups securityaffairs.com/189123/sec

  • 0
  • 1
  • 1
  • 9h ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Nginx-UIに認証不要でバックアップを取得できる重大な脆弱性(CVE-2026-27944) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-2364

Overview

  • CODESYS
  • CODESYS Installer
10 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.01%
KEV

Description

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.

Statistics

  • 2 Posts
Last activity: 10 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-012
CODESYS Installer - Possible Privilege Escalation

Exploitation of this vulnerability can lead to a privilege escalation on the host system.
CVE-2026-2364

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Offensive Sequence @offseq

🚩 CVE-2026-2364: HIGH severity TOCTOU flaw in CODESYS Installer (all versions) lets local attackers escalate privileges via user-initiated updates. Restrict access & monitor until patch. No active exploits yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-26399

Overview

  • SolarWinds
  • Web Help Desk
23 Sep 2025
Published
10 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
34.22%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture fallback
tomcat @tomcat

⚠️ CISA added 3 actively exploited flaws to KEV.

Most critical: SolarWinds Web Help Desk CVE-2025-26399 (CVSS 9.8) allowing remote command execution.

Other KEV entries hit Omnissa Workspace One UEM and Ivanti Endpoint Manager. Federal agencies ordered to patch.

🔗 Details → thehackernews.com/2026/03/cisa

  • 0
  • 1
  • 0
  • 9h ago
Profile picture fallback
The IT Nerd @The_IT_Nerd

New SolarWinds CVE Continues Patch-Bypass Pattern

The CISA and NVD have published a new critical vulnerability affecting SolarWinds Web Help Desk tracked as CVE-2025-26399 which involves deserialization of untrusted data that could allow remote code execution. What makes this vulnerability particularly notable is that it appears to be a bypass of a previous SolarWinds patch tracked as CVE-2024-28988 which itself was a bypass of an earlier fix which was tracked as…

itnerd.blog/2026/03/10/new-sol

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added three actively exploited vulnerabilities (Omnissa, SolarWinds, Ivanti) to the KEV catalog. - IOCs: CVE-2021-22054, CVE-2025-26399, CVE-2026-1603 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-56132

Overview

  • Pending
30 Sep 2025
Published
01 Oct 2025
Updated
CVSS
Pending
EPSS
2.05%
KEV

Description

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated attackers to determine the existence of user accounts. Version 4.2 introduces user-based lockout mechanisms to mitigate brute-force attacks, user enumeration remains possible by default. In versions prior to 4.2, no such user-level protection is in place, only basic IP-based rate limiting is enforced. This IP-based protection can be bypassed by distributing requests across multiple IPs (e.g., rotating IP or proxies). Effectively bypassing both login and password reset security controls. Successful exploitation allows an attacker to enumerate valid email addresses registered for the application, increasing the risk of follow-up attacks such as password spraying.

Statistics

  • 1 Post
  • 23 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture fallback
Dio9sys @Dio9sys

nvd.nist.gov/vuln/detail/CVE-2

"You can enumerate email addresses by sending a request to password_reset with different test emails and seeing how the server responds"

so we're assigning CVEs to basic HTB tricks now huh?

  • 5
  • 18
  • 0
  • 22h ago

CVE-2026-20127

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
2.60%
KEV

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root&nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.&nbsp;

Statistics

  • 3 Posts
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Jeff Hall - PCIGuru :verified: @jbhall56

WatchTowr reports seeing exploitation attempts for CVE-2026-20127 from numerous unique IP addresses. securityweek.com/recent-cisco-

  • 0
  • 0
  • 1
  • 6h ago
Profile picture fallback
Anonymous :verified: @youranonnewsirc

Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):

Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.

#Cybersecurity #Geopolitics #TechNews

  • 0
  • 0
  • 0
  • 23h ago

CVE-2021-22054

Overview

  • VMware Workspace ONE UEM console
17 Dec 2021
Published
10 Mar 2026
Updated
CVSS
Pending
EPSS
93.74%
KEV

Description

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

Statistics

  • 2 Posts
Last activity: 11 hours ago

Bluesky

Profile picture fallback
Calimeg @calimegai.bsky.social
🚨 La CISA signale des failles actives dans #SolarWinds, #Ivanti et Workspace One (CVE-2021-22054 SSRF, score 7.5). Vigilance urgente recommandée ! #CyberSecurity #Automatisation
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA added three actively exploited vulnerabilities (Omnissa, SolarWinds, Ivanti) to the KEV catalog. - IOCs: CVE-2021-22054, CVE-2025-26399, CVE-2026-1603 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-26118

Overview

  • Microsoft
  • Azure MCP Server Tools
10 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 1 hour ago

Bluesky

Profile picture fallback
The IT Nerd @theitnerd.ca
March Patch Tuesday Commentary From Fortra By Tyler Reguly, Associate Director, Security R&D, Fortra I’m sure that everyone will be talking about CVE-2026-26118 today. After all, it contains those magical three letters MCP – Must Create Panic! The old adage has changed a little these days to…
  • 1
  • 0
  • 1
  • 1h ago

CVE-2026-27685

Overview

  • SAP_SE
  • SAP NetWeaver Enterprise Portal Administration
10 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.04%
KEV

Description

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 18 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-27685 in SAP NetWeaver EP-RUNTIME 7.50 (Admin) enables privileged users to upload malicious serialized data — risking full system compromise. Restrict uploads, monitor privileged actions, patch ASAP! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 18h ago

CVE-2026-22184

Overview

  • zlib software
  • zlib
07 Jan 2026
Published
05 Mar 2026
Updated
CVSS v4.0
MEDIUM (4.6)
EPSS
0.04%
KEV

Description

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 6 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Heads up, #OpenSUSE Leap 16.3 community! 🐧 The mingw-zlib update to 1.3.2 is more than routine maintenance. It kills CVE-2026-22184, a buffer overflow in the untgz utility that posed as a memory leak risk for cross-compilers. Read more: 👉 tinyurl.com/4sam2z44 #Fedora
  • 0
  • 1
  • 0
  • 6h ago
Showing 1 to 10 of 119 CVEs