CVE-2026-3909

Overview

Google
Chrome

12 Mar 2026

Published

14 Mar 2026

Updated

CVSS

Pending

EPSS

27.12%

MITRE

KEV

Description

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

5 Posts
7 Interactions

Last activity: Last hour

Fediverse

Catalin Cimpanu @campuscodi

CISA still lists CVE-2026-3909 as a zero-day, even if Google removed it from its Chrome patch notes

So I presume it's still a zero-day, but patches are coming next week... instead of not being a zero-day in the first place

https://www.cisa.gov/news-events/alerts/2026/03/13/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html

4
3
1
19h ago

Christoph Schmees @PC_Fluesterer

Google Chrome: Zero-Day Exploits 2 und 3 (2026)

Dritter Monat, dritte bereits angegriffene Zero-Day Schwachstelle in Chrome. Wenn wir das extrapolieren, müssten in diesem Jahr zwölf solcher Fälle auftreten. - Google hat gerade Notfall-Updates für Chrome veröffentlicht und das NIST hat die US-Behörden angewiesen, die Updates bis spätestens zum 27. März zu installieren. Beide Sicherheitslücken können bereits beim Besuch einer präparierten Website eine Infektion auslösen, die schlimmstenfalls zu einer vollständigen Übernahme des Systems durch den Angreifer führt.

Die Lücke CVE-2026-3909 steckt in der Grafik-Komponente von Chrome. Deshalb betrifft sie Chrome auf sämtlichen

https://www.pc-fluesterer.info/wordpress/2026/03/16/google-chrome-zero-day-exploits-2-und-3-2026/

#Empfehlung #Warnung #0day #browser #chrome #exploits #google #sicherheit #zeroday

0
0
0
Last hour

Bluesky

セキュリティ対策Lab @securitylab-jp.bsky.social

Google、Chrome緊急アップデート公開 2件の高深刻度脆弱性を修正、いずれも既に悪用を確認(CVE-2026-3909,CVE-2026-3910) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews

0
0
0
12h ago

キタきつね @kitafox.bsky.social

CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Mar 13) CVE-2026-3909 Google Skia 境界外書き込みの脆弱性 CVE-2026-3910 Google Chromium V8 特定されていない脆弱性 www.cisa.gov/news-events/...

0
0
0
10h ago

CVE-2026-21666

Overview

Veeam
Backup and Replication

12 Mar 2026

Published

13 Mar 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.37%

MITRE

KEV

Description

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

Statistics

2 Posts

Last activity: 6 hours ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 Veeam corrige 4 failles RCE critiques dans Backup & Replication et appelle à une mise à jour immédiate 📝 Source: BleepingCompu… https://cyberveille.ch/posts/2026-03-15-veeam-corrige-4-failles-rce-critiques-dans-backup-replication-et-appelle-a-une-mise-a-jour-immediate/ #CVE_2026_21666 #Cyberveille

0
0
0
19h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

Veeam Backup & Replicationに複数の脆弱性 12系と13系で緊急修正(CVE-2026-21666,CVE-2026-21667,CVE-2026-21668) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews

0
0
0
6h ago

CVE-2022-0995

Overview

kernel

25 Mar 2022

Published

02 Aug 2024

Updated

CVSS

Pending

EPSS

20.50%

MITRE

KEV

Description

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

Statistics

1 Post
7 Interactions

Last activity: 21 hours ago

Bluesky

0xor0ne @0xor0ne.bsky.social

Exploiting CVE-2022-0995 (Linux kernel OOB write in watch_queue) using the PageJack technique to create a page level UAF and overwrite struct file to gain LPE. blog.quarkslab.com/pagejack-in-... Credits Jean Vincent #infosec

2
5
0
21h ago

CVE-2026-2861

Overview

Foswiki

21 Feb 2026

Published

16 Mar 2026

Updated

CVSS v4.0

MEDIUM (6.9)

EPSS

0.06%

MITRE

KEV

Description

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.

Statistics

1 Post
3 Interactions

Last activity: 21 hours ago

Fediverse

Michael Daum @nuddlegg

Foswiki 2.1.11 is now available to be downloaded. This release came earlier than expected due to the severe security issues found in previous versions, as detailed in CVE-2026-2861.

#foswiki #wiki #perl #opensource #release #cve #security

https://foswiki.org/Blog/Foswiki2111IsReleased

1
2
0
21h ago

CVE-2025-20435

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

2 Posts
2 Interactions

Last activity: 6 hours ago

Fediverse

geeknik @geeknik

Your phone's "off" switch was never a lock.
CVE-2025-20435: 875M Android devices.
USB in. 60 seconds. PIN cracked, encryption stripped, before the OS even blinks.
Check your MediaTek chip. Patch now. Or hand-deliver your secrets.
https://www.forbes.com/sites/daveywinder/2026/03/15/critical-flaw-875-million-android-phones-at-risk-of-60-second-hack/?streamIndex=0

1
1
1
6h ago

CVE-2026-25253

Overview

OpenClaw
OpenClaw

01 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.07%

MITRE

KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

1 Post
2 Interactions

Last activity: 9 hours ago

Bluesky

AI & ML News @ai-news.at.thenote.app

AWS Launches Managed Openclaw on Lightsail Amid Critical Security Vulnerabilities AWS launched managed OpenClaw on Lightsail for AI agent deployment while security concerns mount. The 250k-star GitHub project is affected by CVE-2026-25253, which enables one-click RCE,… Telegram AI Digest #ai #news

0
2
0
9h ago

CVE-2026-27942

Overview

NaturalIntelligence
fast-xml-parser

26 Feb 2026

Published

26 Feb 2026

Updated

CVSS v4.0

LOW (2.7)

EPSS

0.05%

MITRE

KEV

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.

Statistics

1 Post
1 Interaction

Last activity: 23 hours ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🔍 Lambda Watchdog detected that CVE-2026-27942 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/430 #AWS #Lambda #Security #CVE #DevOps #SecOps

0
1
0
23h ago

CVE-2026-4187

Overview

Tiandy
Easy7 Integrated Management Platform

15 Mar 2026

Published

15 Mar 2026

Updated

CVSS v4.0

MEDIUM (6.9)

EPSS

Pending

MITRE

KEV

Description

A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

1 Post
1 Interaction

Last activity: 15 hours ago

Fediverse

Offensive Sequence @offseq

⚠️ MEDIUM severity: Tiandy Easy7 Integrated Management Platform 7.17.0 has a missing authentication bug (CVE-2026-4187) in Device Identifier Handler. Public exploit exists. No vendor fix yet — review exposure & restrict access. https://radar.offseq.com/threat/cve-2026-4187-missing-authentication-in-tiandy-eas-d0083b25 #OffSeq #Vuln #Tiandy #Cybersecurity

0
1
0
15h ago

CVE-2026-0386

Overview

Microsoft
Windows Server 2008 R2 Service Pack 1

13 Jan 2026

Published

26 Feb 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.08%

MITRE

KEV

Description

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

Statistics

1 Post
1 Interaction

Last activity: 2 hours ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

Microsoft is discontinuing automatic Windows network deployments via WDS and Unattend.xml due to security vulnerability CVE-2026-0386 that allows attackers to execute unauthorized code and steal credentials.

0
1
0
2h ago

CVE-2026-4172

Overview

TRENDnet
TEW-632BRP

15 Mar 2026

Published

15 Mar 2026

Updated

CVSS v4.0

HIGH (8.6)

EPSS

0.04%

MITRE

KEV

Description

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

1 Post
1 Interaction

Last activity: 21 hours ago

Fediverse

Offensive Sequence @offseq

🚩 HIGH severity: CVE-2026-4172 in TRENDnet TEW-632BRP (v1.010B32) — stack-based buffer overflow in /ping_response.cgi (ping_ipaddr). Public exploit, no patch. Isolate, restrict access, and monitor now! https://radar.offseq.com/threat/cve-2026-4172-stack-based-buffer-overflow-in-trend-df028a4c #OffSeq #Infosec #RouterVuln

0
1
0
21h ago