CVE-2026-3055

Overview

NetScaler
ADC

23 Mar 2026

Published

24 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.02%

MITRE

KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

6 Posts
6 Interactions

Last activity: 3 hours ago

Fediverse

Taggart @mttaggart

Aww yiss another critical Citrix vuln.

https://www.bleepingcomputer.com/news/security/citrix-urges-admins-to-patch-netscaler-flaws-as-soon-as-possible/

Detection/remediation details here: https://docs.netscaler.com/en-us/netscaler-console-service/instance-advisory/remediate-vulnerabilities-cve-2026-3055

1
3
0
21h ago

benzogaga33 :verified: @benzogaga33

CVE-2026-3055 : appliquez ce patch Citrix avant qu’il ne soit trop tard https://www.it-connect.fr/cve-2026-3055-appliquez-ce-patch-citrix-avant-quil-ne-soit-trop-tard/ #ActuCybersécurité #Vulnérabilités #Cybersécurité

0
1
0
3h ago

Bluesky

LeMagIT @lemagit.bsky.social

🔐 CVE-2026-3055 : faille NetScaler ADC/Gateway similaire à Citrix Bleed, vol de jetons de session sans privilèges. Patch immédiat recommandé. Comment priorisez-vous ce type de correctif ? [lire]

0
1
0
7h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Citrix has patched critical vulnerabilities CVE-2026-3055 and CVE-2026-4368 in NetScaler ADC and Gateway appliances, exposing risks of session token theft and session mix-ups. #NetScaler #SAML #USA

0
0
0
20h ago

piggo @pigondrugs.bsky.social

~Ncsc~ Update Citrix NetScaler ADC & Gateway immediately to mitigate two flaws (CVE-2026-3055, CVE-2026-4368) causing memory overread and session mixups. - IOCs: CVE-2026-3055, CVE-2026-4368 - #Citrix #NetScaler #ThreatIntel

0
0
0
18h ago

Undercode Testing @undercode.bsky.social

CVE-2026-3055: The CitrixBleed Sequel That Will Unleash Ransomware Chaos—Patch Now or Perish + Video Introduction: History is repeating itself with terrifying precision. Just as the industry struggled to contain the fallout from CitrixBleed (CVE-2023-4966), a new memory overread vulnerability,…

0
0
0
7h ago

CVE-2026-33017

Overview

langflow-ai
langflow

20 Mar 2026

Published

26 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

6.14%

MITRE

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

3 Posts

Last activity: 1 hour ago

Bluesky

piggo @pigondrugs.bsky.social

~Cisa~ CISA added CVE-2026-33017, an actively exploited Langflow code injection flaw, to its KEV catalog. - IOCs: CVE-2026-33017 - #CVE202633017 #Langflow #threatintel

0
0
0
18h ago

キタきつね @kitafox.bsky.social

CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Mar 25) CVE-2026-33017 Langflowコードインジェクションの脆弱性 www.cisa.gov/news-events/...

0
0
0
10h ago

HackerNoon @hackernoon.com

I found CVE-2026-33017, a Critical 9.3 unauthenticated RCE in Langflow, by looking at the code path the previous CISA KEV fix (CVE-2025-3248) missed. #aisecurity

0
0
0
1h ago

CVE-2026-20963

Overview

Microsoft
Microsoft SharePoint Enterprise Server 2016

13 Jan 2026

Published

19 Mar 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

7.10%

MITRE

KEV

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

3 Posts

Last activity: 15 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

CISA Sounds Alarm: Unauthenticated SharePoint RCE (CVE-2026-20963) Under Active Attack—Patch NOW! + Video Introduction: A critical Microsoft SharePoint vulnerability, initially patched in January 2026, has been escalated to a severity level requiring immediate attention. The Cybersecurity and…

0
0
0
20h ago

Undercode Testing @undercode.bsky.social

CVE-2026-20963: Unauthenticated RCE in Microsoft SharePoint—Patch Now Before Hackers Own Your Entire Intranet + Video Introduction: A critical vulnerability initially patched in January 2026 has been escalated to a 9.8 CVSS rating after threat actors demonstrated unauthenticated remote code…

0
0
0
17h ago

OpsMatters @opsmatters.com

The latest update for #Indusface includes "CVE-2026-20963: SharePoint Deserialization Remote Code Execution Vulnerability" and "#AWS WAF vs AppTrana WAF 2026". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF

0
0
0
15h ago

CVE-2026-32746

Overview

GNU
inetutils

13 Mar 2026

Published

23 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.03%

MITRE

KEV

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Statistics

2 Posts

Last activity: 1 hour ago

Fediverse

Gabriel Gasparolo @ggasp

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

0
0
0
4h ago

Bluesky

Undercode Testing @undercode.bsky.social

CVE-2026-32746: Critical Synology DSM Flaw Exposes NAS Devices to Remote Takeover + Video Introduction: Synology DiskStation Manager (DSM), the operating system powering millions of network-attached storage (NAS) devices worldwide, has been found to harbor a critical vulnerability. Tracked as…

0
0
0
1h ago

CVE-2026-3650

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

2 Posts

Last activity: 2 hours ago

Fediverse

TechNadu @technadu

CVE-2026-3650 in Grassroots DICOM (GDCM):

• Memory leak via malformed DICOM parsing
• CVSS 7.5 → DoS risk
• No patch, no maintainer response
• Impacts healthcare imaging pipelines
Mitigate via isolation + strict input controls.

Source: https://www.hipaajournal.com/grassroots-dicom-vulnerability-march-2026/

Follow @technadu for more.

#InfoSec #HealthcareSecurity #Vulnerability

0
0
0
3h ago

Bluesky

TechNadu @technadu.com

High-severity bug in Grassroots DICOM (CVE-2026-3650) Malformed files → memory exhaustion → DoS No patch available yet. Healthcare systems should isolate + restrict exposure ASAP. Follow TechNadu for more updates. #CyberSecurity #InfoSec #Healthcare

0
0
0
2h ago

CVE-2026-4673

Overview

Google
Chrome

24 Mar 2026

Published

25 Mar 2026

Updated

CVSS

Pending

EPSS

0.07%

MITRE

KEV

Description

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Statistics

2 Posts

Last activity: 2 hours ago

Bluesky

セキュリティ対策Lab @securitylab-jp.bsky.social

Google、Chromeの高深刻度脆弱性 8件を修正(CVE-2026-4673〜4680) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews

0
0
0
15h ago

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

The #Fedora 44 Chromium update is out with fixes for 8 high-severity CVEs, including CVE-2026-4673. Read more: 👉 tinyurl.com/mr3kedjt #Security

0
0
0
2h ago

CVE-2026-20131

Overview

Cisco
Cisco Secure Firewall Management Center (FMC)

04 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.65%

MITRE

KEV

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

4 Posts

Last activity: 3 hours ago

Fediverse

AllAboutSecurity @allaboutsecurity

Cisco Secure FMC: Schwachstelle CVE-2026-20131 erlaubt Remote-Codeausführung – Updates verfügbar

Eine Sicherheitslücke mit dem höchstmöglichen CVSS-Wert von 10,0 betrifft Ciscos Secure Firewall Management Center (FMC). Angreifer können ohne Authentifizierung aus der Ferne beliebigen Code ausführen.

https://www.all-about-security.de/cisco-secure-fmc-schwachstelle-cve-2026-20131-erlaubt-remote-codeausfuehrung-updates-verfuegbar/

#cisco #firewall #remotecode #cve

0
0
1
7h ago

Bluesky

Undercode Testing @undercode.bsky.social

Cisco Firepower Apocalypse: 10/10 RCE Vulnerability Actively Exploited in the Wild—Patch Now! + Video Introduction: A maximum-severity vulnerability (CVE-2026-20131) has been discovered in Cisco’s Secure Firewall Management Center (FMC) software, carrying a perfect CVSS score of 10.0. This…

0
0
0
8h ago

Undercode Testing @undercode.bsky.social

Cisco Secure Firewall 0-Day: Unauthenticated RCE as Root (CVSS 10) — Exploit Analysis & Hardening Guide + Video Introduction: A maximum-severity vulnerability in Cisco Secure Firewall Management Center (FMC) has sent shockwaves through enterprise security teams. Tracked as CVE-2026-20131 with a…

0
0
0
3h ago

CVE-2026-1519

Overview

ISC
BIND 9

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.04%

MITRE

KEV

Description

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.

Statistics

4 Posts
1 Interaction

Last activity: 1 hour ago

Fediverse

Carsten Strotmann @cstrotm

es gibt neue BIND 9 Versionen, in denen wurden Sicherheitsprobleme vorheriger Versionen gefixed:

https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591

u.a. Denial-of-Service bei BIND 9 Revolvern (CPU-Auslastung, Speicherauslastung, Crash).

Die ISC-Repositories haben die neuen Versionen

- 9.18.47
- 9.20.21

Ich empfehle ein Update, sobald die neuen BIND 9 Versionen in den Repositories der Linux-Distribution verfügbar ist.

0
1
0
1h ago

Bluesky

ohhara @shiojiri.com

（緊急）BIND 9.xの脆弱性（過剰なCPU負荷の誘発）について（CVE-2026-1519） - バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-nsec3.html

0
0
0
9h ago

piggo @pigondrugs.bsky.social

~Cybergcca~ Six security advisories issued for GitLab, Node.js, n8n, Hitachi, ISC BIND, and Cisco. - IOCs: CVE-2026-1166, CVE-2026-1519, CVE-2026-3591 - #Patching #ThreatIntel #Vulnerability

0
0
0
18h ago

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...

0
0
0
16h ago

CVE-2026-3591

Overview

ISC
BIND 9

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

MEDIUM (5.4)

EPSS

0.01%

MITRE

KEV

Description

A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

4 Posts
1 Interaction

Last activity: 1 hour ago

Fediverse

Carsten Strotmann @cstrotm

es gibt neue BIND 9 Versionen, in denen wurden Sicherheitsprobleme vorheriger Versionen gefixed:

https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591

u.a. Denial-of-Service bei BIND 9 Revolvern (CPU-Auslastung, Speicherauslastung, Crash).

Die ISC-Repositories haben die neuen Versionen

- 9.18.47
- 9.20.21

Ich empfehle ein Update, sobald die neuen BIND 9 Versionen in den Repositories der Linux-Distribution verfügbar ist.

0
1
0
1h ago

Bluesky

ohhara @shiojiri.com

BIND 9.20.xの脆弱性（ACLのバイパス）について（CVE-2026-3591） - フルリゾルバー（キャッシュDNSサーバー）／権威DNSサーバーの双方が対象、バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-sig0.html

0
0
0
9h ago

piggo @pigondrugs.bsky.social

~Cybergcca~ Six security advisories issued for GitLab, Node.js, n8n, Hitachi, ISC BIND, and Cisco. - IOCs: CVE-2026-1166, CVE-2026-1519, CVE-2026-3591 - #Patching #ThreatIntel #Vulnerability

0
0
0
18h ago

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...

0
0
0
16h ago

CVE-2026-3104

Overview

ISC
BIND 9

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.03%

MITRE

KEV

Description

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

3 Posts
1 Interaction

Last activity: 1 hour ago

Fediverse

Carsten Strotmann @cstrotm

es gibt neue BIND 9 Versionen, in denen wurden Sicherheitsprobleme vorheriger Versionen gefixed:

https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591

u.a. Denial-of-Service bei BIND 9 Revolvern (CPU-Auslastung, Speicherauslastung, Crash).

Die ISC-Repositories haben die neuen Versionen

- 9.18.47
- 9.20.21

Ich empfehle ein Update, sobald die neuen BIND 9 Versionen in den Repositories der Linux-Distribution verfügbar ist.

0
1
0
1h ago

Bluesky

ohhara @shiojiri.com

（緊急）BIND 9.20.xの脆弱性（メモリリークの発生）について（CVE-2026-3104） - BIND 9.20系列のみが対象、バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-noexist.html

0
0
0
9h ago

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...

0
0
0
16h ago