Overview
- Microsoft
- Azure MCP Server Tools
10 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV
Description
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
Statistics
- 2 Posts
- 1 Interaction
Last activity: 20 hours ago
Bluesky
Overview
- lostisland
- faraday
09 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
MEDIUM (5.8)
EPSS
0.01%
KEV
Description
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's build_exclusive_url method (in lib/faraday/connection.rb) uses Ruby's URI#merge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs (e.g. //evil.com/path) are treated as network-path references that override the base URL's host/authority component. This means that if any application passes user-controlled input to Faraday's get(), post(), build_url(), or other request methods, an attacker can supply a protocol-relative URL like //attacker.com/endpoint to redirect the request to an arbitrary host, enabling Server-Side Request Forgery (SSRF). This vulnerability is fixed in 2.14.1.
Statistics
- 1 Post
- 1 Interaction
Last activity: 19 hours ago
Bluesky
Overview
- OliveTin
- OliveTin
05 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.06%
KEV
Description
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, but can still call the KillAction RPC directly and successfully stop a running action. This is a broken access control issue that causes unauthorized denial of service against legitimate action executions. This issue has been patched in version 3000.11.0.
Statistics
- 1 Post
Last activity: 20 hours ago
Overview
- Siemens
- SINEC Security Monitor
08 Oct 2024
Published
10 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
2.95%
KEV
Description
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command.
This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS.
Statistics
- 1 Post
Last activity: 19 hours ago
Overview
- chartbrew
- chartbrew
06 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.23%
KEV
Description
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- siyuan-note
- siyuan
06 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.03%
KEV
Description
SiYuan is a personal knowledge management system. Prior to version 3.5.9, an unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint "GET /api/icon/getDynamicIcon" when type=8, attacker-controlled content is embedded into SVG output without escaping. Because the endpoint is unauthenticated and returns image/svg+xml, a crafted URL can inject executable SVG/HTML event handlers (for example onerror) and run JavaScript in the SiYuan web origin. This can be chained to perform authenticated API actions and exfiltrate sensitive data when a logged-in user opens the malicious link. This issue has been patched in version 3.5.9.
Statistics
- 1 Post
Last activity: 17 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- DeltaWW
- COMMGR2
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV
Description
Delta Electronics COMMGR2 has
Stack-based Buffer Overflow vulnerability.
Statistics
- 1 Post
Last activity: 18 hours ago
Overview
- misskey-dev
- misskey
09 Mar 2026
Published
10 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.04%
KEV
Description
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper input validation. This vulnerability occurs regardless of whether federation is enabled or not. This vulnerability could lead to a significant data breach. This vulnerability is fixed in 2026.3.1.
Statistics
- 1 Post
Last activity: 21 hours ago