24h | 7d | 30d

CVE-2026-28431

Overview

  • misskey-dev
  • misskey
09 Mar 2026
Published
10 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.04%
KEV

Description

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper input validation. This vulnerability occurs regardless of whether federation is enabled or not. This vulnerability could lead to a significant data breach. This vulnerability is fixed in 2026.3.1.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
System Operator @sysop
Last great #misskey CVE went public
https://app.opencve.io/cve/CVE-2026-28431
  • 0
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2026-28431 – CRITICAL (9.2) Insufficient permission checks in the Misskey federated social media platform can expose sensitive data. Affected: Misskey versions 8.45.0 → before 2026.3.1 Full report: basefortify.eu/cve_reports/... #CVE #Misskey #CyberSecurity #InfoSec #Fediverse
  • 0
  • 2
  • 0
  • 22h ago

CVE-2026-2364

Overview

  • CODESYS
  • CODESYS Installer
10 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.01%
KEV

Description

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer.

Statistics

  • 2 Posts
Last activity: 22 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-012
CODESYS Installer - Possible Privilege Escalation

Exploitation of this vulnerability can lead to a privilege escalation on the host system.
CVE-2026-2364

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
Offensive Sequence @offseq

🚩 CVE-2026-2364: HIGH severity TOCTOU flaw in CODESYS Installer (all versions) lets local attackers escalate privileges via user-initiated updates. Restrict access & monitor until patch. No active exploits yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-26399

Overview

  • SolarWinds
  • Web Help Desk
23 Sep 2025
Published
10 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
34.22%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
tomcat @tomcat

⚠️ CISA added 3 actively exploited flaws to KEV.

Most critical: SolarWinds Web Help Desk CVE-2025-26399 (CVSS 9.8) allowing remote command execution.

Other KEV entries hit Omnissa Workspace One UEM and Ivanti Endpoint Manager. Federal agencies ordered to patch.

🔗 Details → thehackernews.com/2026/03/cisa

  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback
The IT Nerd @The_IT_Nerd

New SolarWinds CVE Continues Patch-Bypass Pattern

The CISA and NVD have published a new critical vulnerability affecting SolarWinds Web Help Desk tracked as CVE-2025-26399 which involves deserialization of untrusted data that could allow remote code execution. What makes this vulnerability particularly notable is that it appears to be a bypass of a previous SolarWinds patch tracked as CVE-2024-28988 which itself was a bypass of an earlier fix which was tracked as…

itnerd.blog/2026/03/10/new-sol

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-26118

Overview

  • Microsoft
  • Azure MCP Server Tools
10 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 13 hours ago

Bluesky

Profile picture fallback
The IT Nerd @theitnerd.ca
March Patch Tuesday Commentary From Fortra By Tyler Reguly, Associate Director, Security R&D, Fortra I’m sure that everyone will be talking about CVE-2026-26118 today. After all, it contains those magical three letters MCP – Must Create Panic! The old adage has changed a little these days to…
  • 1
  • 0
  • 1
  • 13h ago

CVE-2026-3740

Overview

  • itsourcecode
  • University Management System
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.02%
KEV

Description

A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_student causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 20 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-3740 - A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php... https://www.cyberhub.blog/cves/CVE-2026-3740
  • 0
  • 1
  • 0
  • 20h ago

CVE-2026-22184

Overview

  • zlib software
  • zlib
07 Jan 2026
Published
05 Mar 2026
Updated
CVSS v4.0
MEDIUM (4.6)
EPSS
0.04%
KEV

Description

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 18 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Heads up, #OpenSUSE Leap 16.3 community! 🐧 The mingw-zlib update to 1.3.2 is more than routine maintenance. It kills CVE-2026-22184, a buffer overflow in the untgz utility that posed as a memory leak risk for cross-compilers. Read more: 👉 tinyurl.com/4sam2z44 #Fedora
  • 0
  • 1
  • 0
  • 18h ago

CVE-2026-27944

Overview

  • 0xJacky
  • nginx-ui
05 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%
KEV

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Patrick C Miller :donor: @patrickcmiller

Critical Nginx UI flaw CVE-2026-27944 exposes server backups securityaffairs.com/189123/sec

  • 0
  • 1
  • 1
  • 21h ago

CVE-2026-20841

Overview

  • Microsoft
  • Windows Notepad
10 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.11%
KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture fallback
Bryan King (W8DBK) @bdking71

Microsoft turned Notepad into a "smart" AI assistant and accidentally handed hackers a "one-click" execution engine. Here is the technical breakdown of CVE-2026-20841 and why feature creep is killing your security. 🛑💻

#CyberSecurity #Windows11 #Infosec

bdking71.wordpress.com/2026/03

  • 0
  • 1
  • 0
  • 19h ago

CVE-2026-25765

Overview

  • lostisland
  • faraday
09 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
MEDIUM (5.8)
EPSS
0.01%
KEV

Description

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's build_exclusive_url method (in lib/faraday/connection.rb) uses Ruby's URI#merge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs (e.g. //evil.com/path) are treated as network-path references that override the base URL's host/authority component. This means that if any application passes user-controlled input to Faraday's get(), post(), build_url(), or other request methods, an attacker can supply a protocol-relative URL like //attacker.com/endpoint to redirect the request to an arbitrary host, enabling Server-Side Request Forgery (SSRF). This vulnerability is fixed in 2.14.1.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 12 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
AI Copilot Neo Strikes Again: Uncovering CVE-2026-25765 – A Deep Dive into AI-Powered SSRF Discovery + Video Introduction: The intersection of artificial intelligence and cybersecurity has reached a new milestone with ProjectDiscovery’s Neo, an AI security copilot, earning its first CVE credit for…
  • 0
  • 1
  • 0
  • 12h ago

CVE-2026-28790

Overview

  • OliveTin
  • OliveTin
05 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.06%
KEV

Description

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, but can still call the KillAction RPC directly and successfully stop a running action. This is a broken access control issue that causes unauthorized denial of service against legitimate action executions. This issue has been patched in version 3000.11.0.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-28790 - OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to termi... https://www.cyberhub.blog/cves/CVE-2026-28790
  • 0
  • 0
  • 0
  • 13h ago
Showing 1 to 10 of 63 CVEs