CVE-2026-3055

Overview

NetScaler
ADC

23 Mar 2026

Published

24 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.02%

MITRE

KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

6 Posts
2 Interactions

Last activity: 1 hour ago

Fediverse

benzogaga33 :verified: @benzogaga33

CVE-2026-3055 : appliquez ce patch Citrix avant qu’il ne soit trop tard https://www.it-connect.fr/cve-2026-3055-appliquez-ce-patch-citrix-avant-quil-ne-soit-trop-tard/ #ActuCybersécurité #Vulnérabilités #Cybersécurité

0
1
0
10h ago

HackerWorkspace @hackerworkspace

March 26 Advisory: Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability [CVE-2026-3055] - Censys

https://censys.com/advisory/cve-2026-3055/

Short summary: https://hackerworkspace.com/article/march-26-advisory-citrix-netscaler-adc-and-gateway-out-of-bounds-read-vulnerability-cve-2026-3055-censys

#cybersecurity #vulnerability #exploit

0
0
0
2h ago

Bluesky

LeMagIT @lemagit.bsky.social

🔐 CVE-2026-3055 : faille NetScaler ADC/Gateway similaire à Citrix Bleed, vol de jetons de session sans privilèges. Patch immédiat recommandé. Comment priorisez-vous ce type de correctif ? [lire]

0
1
0
14h ago

Censys @censys.bsky.social

🚨CVE-2026-3055 (CVSS 9.3) Unauth OOB read in Citrix NetScaler (SAML IDP) 🔎 #CensysARC observes 173K exposed Web Properties ⚠️ Attackers could read sensitive memory contents 🛠️ Patch now https://censys.com/advisory/cve-2026-3055/

0
0
0
5h ago

Undercode Testing @undercode.bsky.social

CVE-2026-3055: The CitrixBleed Sequel That Will Unleash Ransomware Chaos—Patch Now or Perish + Video Introduction: History is repeating itself with terrifying precision. Just as the industry struggled to contain the fallout from CitrixBleed (CVE-2023-4966), a new memory overread vulnerability,…

0
0
0
13h ago

Eyal Estrin ☁️ @eyalestrin.bsky.social

Articles about Citrix NetScaler vulnerabilities CVE-2026-3055 and CVE-2026-4368 (26.3.2026) #patchmanagement

0
0
0
1h ago

CVE-2026-33017

Overview

langflow-ai
langflow

20 Mar 2026

Published

26 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

6.14%

MITRE

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

6 Posts
4 Interactions

Last activity: Last hour

Fediverse

/G|T|R|O|N|I|X\ :python: :emacs: :nix: :linux: @gtronix

"CISA: New Langflow flaw actively exploited to hijack AI workflows"

"[...] The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents."

https://www.bleepingcomputer.com/news/security/cisa-new-langflow-flaw-actively-exploited-to-hijack-ai-workflows/

#Cybersecurity

0
0
0
1h ago

Bluesky

BleepingComputer @bleepingcomputer.com

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents.

1
3
1
2h ago

キタきつね @kitafox.bsky.social

CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Mar 25) CVE-2026-33017 Langflowコードインジェクションの脆弱性 www.cisa.gov/news-events/...

0
0
0
17h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

CISA reports active exploitation of CVE-2026-33017, a critical code injection flaw in Langflow AI-agent framework enabling unauthenticated remote Python code execution. Upgrade to Langflow 1.9.0 recommended. #Langflow #CISA #USA

0
0
0
Last hour

HackerNoon @hackernoon.com

I found CVE-2026-33017, a Critical 9.3 unauthenticated RCE in Langflow, by looking at the code path the previous CISA KEV fix (CVE-2025-3248) missed. #aisecurity

0
0
0
8h ago

CVE-2026-20131

Overview

Cisco
Cisco Secure Firewall Management Center (FMC)

04 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.65%

MITRE

KEV

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

5 Posts

Last activity: 5 hours ago

Fediverse

AllAboutSecurity @allaboutsecurity

Cisco Secure FMC: Schwachstelle CVE-2026-20131 erlaubt Remote-Codeausführung – Updates verfügbar

Eine Sicherheitslücke mit dem höchstmöglichen CVSS-Wert von 10,0 betrifft Ciscos Secure Firewall Management Center (FMC). Angreifer können ohne Authentifizierung aus der Ferne beliebigen Code ausführen.

https://www.all-about-security.de/cisco-secure-fmc-schwachstelle-cve-2026-20131-erlaubt-remote-codeausfuehrung-updates-verfuegbar/

#cisco #firewall #remotecode #cve

0
0
1
14h ago

CyberNetsecIO @netsecio

📰 Cisco Firewall Zero-Day Exploited by Interlock Ransomware for Over a Month Before Patch

🚨 ZERO-DAY: A critical Cisco Firewall flaw (CVE-2026-20131) was exploited by Interlock ransomware for 36 days before a patch. CISA has added it to the KEV catalog. Patch now and restrict management interface access! #0day #Ransomware #Cisco

🔗 https://cyber.netsecops.io/articles/cisco-firewall-flaw-cve-2026-20131-exploited-as-zero-day-by-interlock-ransomware/?utm_source=mastodon&…

0
0
0
5h ago

Bluesky

Undercode Testing @undercode.bsky.social

Cisco Firepower Apocalypse: 10/10 RCE Vulnerability Actively Exploited in the Wild—Patch Now! + Video Introduction: A maximum-severity vulnerability (CVE-2026-20131) has been discovered in Cisco’s Secure Firewall Management Center (FMC) software, carrying a perfect CVSS score of 10.0. This…

0
0
0
15h ago

Undercode Testing @undercode.bsky.social

Cisco Secure Firewall 0-Day: Unauthenticated RCE as Root (CVSS 10) — Exploit Analysis & Hardening Guide + Video Introduction: A maximum-severity vulnerability in Cisco Secure Firewall Management Center (FMC) has sent shockwaves through enterprise security teams. Tracked as CVE-2026-20131 with a…

0
0
0
10h ago

CVE-2026-21992

Overview

Oracle Corporation
Oracle Identity Manager

20 Mar 2026

Published

24 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.06%

MITRE

KEV

Description

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. Note: Oracle Web Services Manager is installed with an Oracle Fusion Middleware Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

2 Posts

Last activity: 1 hour ago

Bluesky

Lorenzo Ordóñez @lordman1982.bsky.social

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager thehackernews.com/2026/03/orac...

0
0
0
1h ago

piggo @pigondrugs.bsky.social

~Talos~ Talos highlights identity-centric attacks in 2025, plus alerts for Oracle CVE-2026-21992 and PureLog Stealer. - IOCs: CVE-2026-21992, PureLog Stealer, Qilin - #CVE202621992 #CyberSecurity #ThreatIntel

0
0
0
1h ago

CVE-2026-32746

Overview

GNU
inetutils

13 Mar 2026

Published

23 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.03%

MITRE

KEV

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Statistics

2 Posts

Last activity: 8 hours ago

Fediverse

Gabriel Gasparolo @ggasp

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

0
0
0
11h ago

Bluesky

Undercode Testing @undercode.bsky.social

CVE-2026-32746: Critical Synology DSM Flaw Exposes NAS Devices to Remote Takeover + Video Introduction: Synology DiskStation Manager (DSM), the operating system powering millions of network-attached storage (NAS) devices worldwide, has been found to harbor a critical vulnerability. Tracked as…

0
0
0
8h ago

CVE-2026-3650

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

2 Posts

Last activity: 9 hours ago

Fediverse

TechNadu @technadu

CVE-2026-3650 in Grassroots DICOM (GDCM):

• Memory leak via malformed DICOM parsing
• CVSS 7.5 → DoS risk
• No patch, no maintainer response
• Impacts healthcare imaging pipelines
Mitigate via isolation + strict input controls.

Source: https://www.hipaajournal.com/grassroots-dicom-vulnerability-march-2026/

Follow @technadu for more.

#InfoSec #HealthcareSecurity #Vulnerability

0
0
0
9h ago

Bluesky

TechNadu @technadu.com

High-severity bug in Grassroots DICOM (CVE-2026-3650) Malformed files → memory exhaustion → DoS No patch available yet. Healthcare systems should isolate + restrict exposure ASAP. Follow TechNadu for more updates. #CyberSecurity #InfoSec #Healthcare

0
0
0
9h ago

CVE-2026-4673

Overview

Google
Chrome

24 Mar 2026

Published

25 Mar 2026

Updated

CVSS

Pending

EPSS

0.07%

MITRE

KEV

Description

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Statistics

2 Posts

Last activity: 9 hours ago

Bluesky

セキュリティ対策Lab @securitylab-jp.bsky.social

Google、Chromeの高深刻度脆弱性 8件を修正(CVE-2026-4673〜4680) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews

0
0
0
22h ago

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

The #Fedora 44 Chromium update is out with fixes for 8 high-severity CVEs, including CVE-2026-4673. Read more: 👉 tinyurl.com/mr3kedjt #Security

0
0
0
9h ago

CVE-2026-3104

Overview

ISC
BIND 9

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.03%

MITRE

KEV

Description

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

3 Posts
1 Interaction

Last activity: 8 hours ago

Fediverse

Carsten Strotmann @cstrotm

es gibt neue BIND 9 Versionen, in denen wurden Sicherheitsprobleme vorheriger Versionen gefixed:

https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591

u.a. Denial-of-Service bei BIND 9 Revolvern (CPU-Auslastung, Speicherauslastung, Crash).

Die ISC-Repositories haben die neuen Versionen

- 9.18.47
- 9.20.21

Ich empfehle ein Update, sobald die neuen BIND 9 Versionen in den Repositories der Linux-Distribution verfügbar ist.

0
1
0
8h ago

Bluesky

ohhara @shiojiri.com

（緊急）BIND 9.20.xの脆弱性（メモリリークの発生）について（CVE-2026-3104） - BIND 9.20系列のみが対象、バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-noexist.html

0
0
0
16h ago

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...

0
0
0
23h ago

CVE-2026-1519

Overview

ISC
BIND 9

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.04%

MITRE

KEV

Description

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.

Statistics

3 Posts
1 Interaction

Last activity: 8 hours ago

Fediverse

Carsten Strotmann @cstrotm

es gibt neue BIND 9 Versionen, in denen wurden Sicherheitsprobleme vorheriger Versionen gefixed:

https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591

u.a. Denial-of-Service bei BIND 9 Revolvern (CPU-Auslastung, Speicherauslastung, Crash).

Die ISC-Repositories haben die neuen Versionen

- 9.18.47
- 9.20.21

Ich empfehle ein Update, sobald die neuen BIND 9 Versionen in den Repositories der Linux-Distribution verfügbar ist.

0
1
0
8h ago

Bluesky

ohhara @shiojiri.com

（緊急）BIND 9.xの脆弱性（過剰なCPU負荷の誘発）について（CVE-2026-1519） - バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-nsec3.html

0
0
0
16h ago

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...

0
0
0
23h ago

CVE-2026-3119

Overview

ISC
BIND 9

25 Mar 2026

Published

25 Mar 2026

Updated

CVSS v3.1

MEDIUM (6.5)

EPSS

0.01%

MITRE

KEV

Description

Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

3 Posts
1 Interaction

Last activity: 8 hours ago

Fediverse

Carsten Strotmann @cstrotm

es gibt neue BIND 9 Versionen, in denen wurden Sicherheitsprobleme vorheriger Versionen gefixed:

https://kb.isc.org/docs/cve-2026-1519
https://kb.isc.org/docs/cve-2026-3104
https://kb.isc.org/docs/cve-2026-3119
https://kb.isc.org/docs/cve-2026-3591

u.a. Denial-of-Service bei BIND 9 Revolvern (CPU-Auslastung, Speicherauslastung, Crash).

Die ISC-Repositories haben die neuen Versionen

- 9.18.47
- 9.20.21

Ich empfehle ein Update, sobald die neuen BIND 9 Versionen in den Repositories der Linux-Distribution verfügbar ist.

0
1
0
8h ago

Bluesky

ohhara @shiojiri.com

BIND 9.20.xの脆弱性（DNSサービスの停止）について（CVE-2026-3119） - フルリゾルバー（キャッシュDNSサーバー）／権威DNSサーバーの双方が対象、バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-tkey.html

0
0
0
16h ago

OMO @omo.bsky.social

SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...

0
0
0
23h ago