24h | 7d | 30d

Overview

  • curl
  • curl

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.

Statistics

  • 2 Posts
  • 6 Interactions

Last activity: 13 hours ago

Fediverse

Profile picture fallback

CVE-2026-3783: token leak with redirect and netrc

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances.

  • 3
  • 3
  • 0
  • 21h ago

Bluesky

Profile picture fallback
Critical curl vulnerabilities patched in #Ubuntu today. The update (USN-8084-1) addresses five CVEs, including a high-impact OAuth2 bearer token leak (CVE-2026-3783) and potential SMB heap overflow. Read more: 👉 tinyurl.com/bdhrsx9m #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • curl
  • curl

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

Statistics

  • 2 Posts
  • 7 Interactions

Last activity: 20 hours ago

Fediverse

Profile picture fallback

CVE-2026-3805: use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

curl.se/docs/CVE-2026-3805.html

  • 2
  • 4
  • 0
  • 21h ago
Profile picture fallback

Found this bug on the weekend :)
curl.se/docs/CVE-2026-3805.html

Curl is cool. For the love of the game..

  • 0
  • 1
  • 0
  • 20h ago

Overview

  • sveltejs
  • devalue

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.3)
EPSS
Pending

KEV

Description

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion. This vulnerability is fixed in 5.6.4.

Statistics

  • 2 Posts
  • 8 Interactions

Last activity: 8 hours ago

Fediverse

Profile picture fallback

Okay, so it turns out that this is really, really slow.

Which led to CVE-2026-30226: github.com/sveltejs/devalue/se

  • 0
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture fallback
Okay, so it turns this is really, really slow. Which led to CVE-2026-30226: github.com/sveltejs/dev... Thanks to @ell.iott.dev and the rest of the @svelte.dev team for a well-handled vuln process, a pleasure as always 🫡
  • 0
  • 8
  • 0
  • 8h ago

Overview

  • Palo Alto Networks
  • Cortex XDR Agent

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
MEDIUM (4.0)
EPSS
Pending

KEV

Description

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection.

Statistics

  • 2 Posts

Last activity: 9 hours ago

Bluesky

Profile picture fallback
Paloaltoの脆弱性情報 「CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS (Severity: MEDIUM)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0230
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • n8n-io
  • n8n

19 Dec 2025
Published
04 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
78.98%

Description

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

Statistics

  • 2 Posts

Last activity: 8 hours ago

Bluesky

Profile picture fallback
CISA、既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Mar 11) CVE-2025-68613 n8n 動的に管理されるコードリソースの不適切な制御の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
~Cisa~ CISA added CVE-2025-68613, an actively exploited n8n code execution flaw, to its KEV catalog. - IOCs: CVE-2025-68613 - #CVE202568613 #ThreatIntel #n8n
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Microsoft
  • Microsoft SQL Server 2016 Service Pack 3 (GDR)

10 Mar 2026
Published
10 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.08%

KEV

Description

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Microsoft SQL Server Zero-Day Exploit: The 88 Critical Privilege Escalation Threat You Must Patch Now + Video Introduction A critical zero-day vulnerability tracked as CVE-2026-21262 has been disclosed in Microsoft SQL Server, carrying a CVSS score of 8.8 and allowing authenticated attackers to…
  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
Microsoft 2026年3月の定例パッチで-公開済みゼロデイ2件とOffice・Excelの脆弱性が修正(CVE-2026-21262,CVE-2026-26127) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise

10 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.10%

KEV

Description

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 8 hours ago

Fediverse

Profile picture fallback

Microsoft Flickentag 2026-03

Nach dem fetten Flickentag im Februar ist der für März wieder auf "normales" Maß geschrumpft. Mit den aktuellen Updates adressiert Microsoft (MS) 83 Sicherheitslücken. Von denen sind 8 als kritisch eingestuft. Von denen wiederum sticht eine (CVE-2026-26144) heraus. Ein führender Sicherheitsfachmann findet sie faszinierend. Es handelt sich um einen Fehler in Excel, nämlich "unzureichende Bereinigung von Eingaben". Der Leckerbissen besteht darin, dass ein Angreifer den Fehler nutzen kann, um mit Hilfe der KI Copilot von Ferne Informationen abzusaugen. Dafür sind keine Anmeldung oder Benutzerrechte

pc-fluesterer.info/wordpress/2

#Empfehlung #Hintergrund #Warnung #0day #datenschutz #Microsoft #office #privacy #sicherheit #UnplugTrump #vorbeugen #unplugmicrosoft

  • 1
  • 0
  • 0
  • 18h ago

Bluesky

Profile picture fallback
Common architectural pattern across four Q1 2026 AI assistant vulnerabilities (CVE-2026-26144, CVE-2026-0628, CVE-2026-24307, PleaseFix)
  • 0
  • 0
  • 1
  • 8h ago

Overview

  • curl
  • curl

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 21 hours ago

Fediverse

Profile picture fallback

CVE-2026-3784: wrong proxy connection reuse with credentials

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

curl.se/docs/CVE-2026-3784.html

  • 1
  • 3
  • 0
  • 21h ago

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
2.60%

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 12 hours ago

Bluesky

Profile picture fallback
Check out the analysis by @cryptocat.me for CVE-2026-20127 in Cisco SD WAN. That other PoC posted last week exploits a totally different bug that doesn't match the reported IOCs (some kind of file upload due to path traversal in vManage maybe). We asses with high confidence this is CVE-2026-20127 🔥
  • 1
  • 2
  • 0
  • 12h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 19 hours ago

Fediverse

Profile picture fallback

[ ] "Zombie ZIP : cette technique d'évasion rend aveugles les antivirus"
CVE-2026-0866
⬇️
"Découverte par Chris Aziz, chercheur en sécurité chez Bombadil Systems, la technique Zombie ZIP abuse de la confiance accordée aux moteurs d'analyse à l'en-tête des fichiers ZIP. En effet, cette attaque consiste à manipuler l'en-tête du fichier ZIP de façon à altérer le champ déterminant la méthode de compression au sein de l'archive.

La technique Zombie ZIP consiste à indiquer que les données sont stockées sans aucune compression (méthode STORED ou Method=0), alors que c'est faux ! Le fichier malveillant est bel et bien compressé via l'algorithme standard DEFLATE."
👇
it-connect.fr/zombie-zip-cette

(NDR yet another) " format confusion technique that evades 98% of engines."
⬇️
CVE-2026-0866 | VU#976247 | Published March 10, 2026
👇
github.com/bombadil-systems/zo

💬
⬇️
infosec.pub/post/43258263

  • 1
  • 2
  • 0
  • 19h ago
Showing 1 to 10 of 73 CVEs