24h | 7d | 30d

Overview

  • curl
  • curl

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

Statistics

  • 1 Post
  • 130 Interactions

Last activity: 15 hours ago

Fediverse

Profile picture fallback

CVE-2026-3784 beat a new #curl record. This flaw existed in curl source code for 24.97 years before it was discovered.

Illustrated in the slightly hard-to-read graph below. The average age of a curl vulnerability when reported is eight years.

curl.se/docs/CVE-2026-3784.html

  • 49
  • 81
  • 0
  • 15h ago

Overview

  • elemntor
  • Ally – Web Accessibility & Usability

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global_remediations()` method, where it is directly concatenated into an SQL JOIN clause without proper sanitization for SQL context. While `esc_url_raw()` is applied for URL safety, it does not prevent SQL metacharacters (single quotes, parentheses) from being injected. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via time-based blind SQL injection techniques. The Remediation module must be active, which requires the plugin to be connected to an Elementor account.

Statistics

  • 5 Posts
  • 1 Interaction

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Vulnerability alert.
A high-severity SQL injection flaw (CVE-2026-2413) in the Ally WordPress Plugin from Elementor could expose data from 250K+ sites.
Patch available in v4.1.0.

Source: bleepingcomputer.com/news/secu

Follow @technadu for security updates.

  • 0
  • 1
  • 0
  • 9h ago
Profile picture fallback

Critical SQL Injection Vulnerability Found in Ally WordPress Plugin Threatens 400,000+ Sites

Introduction: Rising Risks in WordPress Accessibility Tools A serious security flaw has been discovered in Ally, a popular WordPress plugin designed to improve website accessibility. The vulnerability, identified as CVE-2026-2413 and carrying a CVSS score of 7.5, could allow attackers to steal sensitive data from thousands of websites. With over 400,000 active installations,…

undercodenews.com/critical-sql

  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback

#WordPress und die PlugIn Hölle. 😵‍💫

"The plugin is used on over 400,000 WordPress sites." 😭

"An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on February 4, 2026."

CVE-2026-2413 (CVSS score 7.5)

"Users are urged to update to Ally version 4.1.0 to mitigate the risk."

securityaffairs.com/189354/sec

#WordPress

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Security alert. A SQL injection vulnerability (CVE-2026-2413) in the Ally WordPress Plugin from Elementor could affect 250K+ WordPress sites. Admins are urged to update to v4.1.0. Follow TechNadu for cybersecurity updates. #CyberSecurity #WordPress
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
A SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin exposed over 200,000 sites to data extraction via time-based blind SQL attacks. Ally 4.1.0 patch adds sanitization, but 60% remain vulnerable. #WordPress #SQLInjection #USA
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • n8n-io
  • n8n

19 Dec 2025
Published
12 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
78.98%

Description

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

Statistics

  • 5 Posts
  • 1 Interaction

Last activity: 4 hours ago

Bluesky

Profile picture fallback
CISA mandates immediate patching of CVE-2025-68613, a critical 9.9-severity remote code execution vulnerability in n8n workflow automation platform affecting over 103,000 users.
  • 0
  • 1
  • 0
  • 9h ago
Profile picture fallback
CISA added a critical n8n vulnerability (CVE-2025-68613) with a 9.9 CVSS score to its Known Exploited Vulnerabilities catalog due to active exploitation, enabling remote code execution through expression injection in authenticated users.
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
🚨 La #CISA signale une faille critique n8n (CVE-2025-68613, score 9.9) exploitée activement, exposant 24 700 instances à une exécution de code à distance. Correctif déjà disponible. #CyberSecurity #Automatisation
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
CVE-2025-68613 n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
⚠️️ CISA added CVE-2025-68613 (CVSS 10.0) to KEV. Together with CVE-2026-27577 & CVE-2026-27493, n8n workflow expression flaws allow remote code execution and credential theft, potentially leading to full instance compromise. Patch now.  Query: web.title~"n8n.io - Workflow Automation" tag!=honeypot
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Microsoft
  • Microsoft SQL Server 2016 Service Pack 3 (GDR)

10 Mar 2026
Published
12 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.08%

KEV

Description

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 4 Posts

Last activity: 8 hours ago

Bluesky

Profile picture fallback
Microsoft SQL Server Zero-Day Exploit: The 88 Critical Privilege Escalation Threat You Must Patch Now + Video Introduction A critical zero-day vulnerability tracked as CVE-2026-21262 has been disclosed in Microsoft SQL Server, carrying a CVSS score of 8.8 and allowing authenticated attackers to…
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
Microsoft corrige Zero-Day crítico en SQL Server que permite a atacantes tomar el control total como admin | CVE-2026-21262 www.newstecnicas.info.ve/2026/03/micr...
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
Microsoft 2026年3月の定例パッチで-公開済みゼロデイ2件とOffice・Excelの脆弱性が修正(CVE-2026-21262,CVE-2026-26127) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Apple
  • iOS and iPadOS

12 Mar 2026
Published
12 Mar 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 12 hours ago

Bluesky

Profile picture fallback
Apple backported security fixes for CVE-2023-43010 and three additional Coruna exploit vulnerabilities to older iOS, iPadOS, and macOS Sonoma versions to protect devices unable to update to the latest software.
  • 0
  • 1
  • 0
  • 12h ago
Profile picture fallback
Apple publie des correctifs pour une faille WebKit (CVE-2023-43010) ciblant iOS, iPadOS et macOS Sonoma via l’exploit Coruna. Mise à jour urgente pour anciens appareils ! 🔐 #Apple #CyberSecurity #calimeg
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Microsoft
  • .NET 10.0

10 Mar 2026
Published
12 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.04%

KEV

Description

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

Statistics

  • 3 Posts

Last activity: 9 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26127 impacts Microsoft.NETCore.App.Runtime.linux-x64 in 2 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/449 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Microsoft 2026年3月の定例パッチで-公開済みゼロデイ2件とOffice・Excelの脆弱性が修正(CVE-2026-21262,CVE-2026-26127) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • undici
  • undici
  • undici

12 Mar 2026
Published
12 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range server_max_window_bits value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination. The vulnerability exists because: * The isValidClientWindowBits() function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15 * The createInflateRaw() call is not wrapped in a try-catch block * The resulting exception propagates up through the call stack and crashes the Node.js process

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 2 hours ago

Bluesky

Profile picture fallback
🚨 High-severity security fix in undici@7.24.0 just released! Patches CVE-2026-2229 — vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation github.com/nodejs/undic...
  • 1
  • 2
  • 0
  • 2h ago

Overview

  • Adobe
  • DNG SDK

10 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
Pending

KEV

Description

DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 4 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-27280 - DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the cont... https://www.cyberhub.blog/cves/CVE-2026-27280
  • 1
  • 1
  • 0
  • 4h ago

Overview

  • Adobe
  • Acrobat Reader

10 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.03%

KEV

Description

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 23 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-27220 - Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbit... https://www.cyberhub.blog/cves/CVE-2026-27220
  • 1
  • 0
  • 0
  • 23h ago

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise

26 Jan 2026
Published
22 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
9.26%

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 11 hours ago

Bluesky

Profile picture fallback
CVE-2026-21509: Actively Exploited Microsoft Office Security Feature Bypass — PoC Public, CISA KEV Listed
  • 1
  • 0
  • 1
  • 11h ago
Showing 1 to 10 of 88 CVEs