CVE-2025-53521

Overview

F5
BIG-IP

15 Oct 2025

Published

27 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.08%

MITRE

KEV

Description

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

1 Post
53 Interactions

Last activity: 4 hours ago

Fediverse

Kevin Beaumont @GossiTheDog

For F5 BIG-IP APM customers, CVE-2025-53521 is being exploited in the wild by a nation state threat actor

It allows unauth RCE and applies to the data plane (not the management interface) - the one available over the internet.

https://my.f5.com/manage/s/article/K000156741

Attackers have been deploying webshells, so boxes are still vuln post patching if already exploited prior.

30
23
0
4h ago

CVE-2020-8561

Overview

Kubernetes
Kubernetes

20 Sep 2021

Published

16 Sep 2024

Updated

CVSS v3.1

MEDIUM (4.1)

EPSS

0.18%

MITRE

KEV

Description

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

Statistics

4 Posts
2 Interactions

Last activity: 5 hours ago

Fediverse

Rory McCune @raesene

Just released another entry in my blog series looking at the unpatchable vulnerabilities of Kubernetes.

Whilst the CVEs are quite old, understanding them is useful, both to understand if you need to apply mitigations and also for some of the low-level Kubernetes implementation details they involve.

https://securitylabs.datadoghq.com/articles/unpatchable-kubernetes-vulnerabilities-cve-2020-8561/

2
0
0
15h ago

Bluesky

Cybersecurity News Everyday @hendryadrian.bsky.social

CVE-2020-8561 exploits an SSRF flaw in Kubernetes API server’s ValidatingWebhookConfiguration and profiling endpoints to expose full responses. Requires cluster-admin creds to escalate impact. #KubernetesSecurity #SSRF #CVE20208561

0
0
0
11h ago

WarthogTK @warthogtk.bsky.social

Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8561 | Datadog Security Labs securitylabs.datadoghq.com/articles/unp...

0
0
1
5h ago

CVE-2026-4681

Overview

PTC
Windchill PDMLink

23 Mar 2026

Published

24 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.38%

MITRE

KEV

Description

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.

Statistics

3 Posts

Last activity: 1 hour ago

Fediverse

Offensive Sequence @offseq

🚨 CRITICAL: CISA flags CVE-2026-4681 in PTC Windchill PLM. German police issued physical warnings — high urgency! No active exploits, but risk to manufacturing & engineering data is severe. Audit & secure now. https://radar.offseq.com/threat/cisa-flags-critical-ptc-vulnerability-that-had-ger-e5854258 #OffSeq #Vulnerability #PLM #InfoSec

0
0
0
15h ago

CyberNetsecIO @netsecio

📰 Police Physically Warn Firms of Critical Unpatched RCE Flaw in PTC Windchill

🚨 CRITICAL FLAW: German police physically warn companies about a 10.0 CVSS RCE bug (CVE-2026-4681) in PTC Windchill & FlexPLM. CISA issues alert. No patch yet! ⚠️ #CVE20264681 #ZeroDay #Manufacturing

🔗 https://cyber.netsecops.io/articles/critical-ptc-windchill-flaw-triggers-unprecedented-police-mobilization-in-germany/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
9h ago

Bluesky

Christina Ayiotis @christinaayiotis.bsky.social

“CISA warns of a critical flaw in PTC Windchill and FlexPLM (CVE-2026-4681), with no patch yet and potential for imminent exploitation.” securityaffairs.com/190049/secur...

0
0
0
1h ago

CVE-2026-33634

Overview

aquasecurity
setup-trivy

23 Mar 2026

Published

27 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.4)

EPSS

26.61%

MITRE

KEV

Description

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. This incident is a continuation of the supply chain attack that began in late February 2026. Following the initial disclosure on March 1, credential rotation was performed but was not atomic (not all credentials were revoked simultaneously). The attacker could have use a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days). This could have allowed the attacker to retain access and execute the March 19 attack. Affected components include the `aquasecurity/trivy` Go / Container image version 0.69.4, the `aquasecurity/trivy-action` GitHub Action versions 0.0.1 – 0.34.2 (76/77), and the`aquasecurity/setup-trivy` GitHub Action versions 0.2.0 – 0.2.6, prior to the recreation of 0.2.6 with a safe commit. Known safe versions include versions 0.69.2 and 0.69.3 of the Trivy binary, version 0.35.0 of trivy-action, and version 0.2.6 of setup-trivy. Additionally, take other mitigations to ensure the safety of secrets. If there is any possibility that a compromised version ran in one's environment, all secrets accessible to affected pipelines must be treated as exposed and rotated immediately. Check whether one's organization pulled or executed Trivy v0.69.4 from any source. Remove any affected artifacts immediately. Review all workflows using `aquasecurity/trivy-action` or `aquasecurity/setup-trivy`. Those who referenced a version tag rather than a full commit SHA should check workflow run logs from March 19–20, 2026 for signs of compromise. Look for repositories named `tpcp-docs` in one's GitHub organization. The presence of such a repository may indicate that the fallback exfiltration mechanism was triggered and secrets were successfully stolen. Pin GitHub Actions to full, immutable commit SHA hashes, don't use mutable version tags.

Statistics

3 Posts
2 Interactions

Last activity: 9 hours ago

Fediverse

TechNadu @technadu

CISA adds CVE-2026-33634 (Trivy) to KEV - active exploitation confirmed.

If it’s in KEV, it’s already a threat.

Source: https://www.cisa.gov/news-events/alerts/2026/03/26/cisa-adds-one-known-exploited-vulnerability-catalog

💬 Is KEV your top patch priority?
🔔 Follow TechNadu

#InfoSec #KEV #CyberSecurity

1
0
0
17h ago

CyberNetsecIO @netsecio

📰 CISA KEV Alert: Actively Exploited Flaws in Langflow AI Framework and Trivy Scanner

📢 CISA KEV UPDATE: Two flaws now under active exploitation! A critical RCE in Langflow AI framework (CVE-2026-33017) and a supply-chain attack via Trivy scanner (CVE-2026-33634). Patch now! ⚠️ #KEV #CyberSecurity #RCE

🔗 https://cyber.netsecops.io/articles/cisa-adds-exploited-trivy-and-langflow-flaws-to-kev-catalog/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
9h ago

Bluesky

TechNadu @technadu.com

New KEV alert ⚠️ CVE-2026-33634 (Trivy) now actively exploited. KEV = real-world risk, not theory. 💬 Patch priority? 🔔 Follow TechNadu #CyberSecurity #KEV #InfoSec

1
0
0
17h ago

CVE-2026-33017

Overview

langflow-ai
langflow

20 Mar 2026

Published

26 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

5.65%

MITRE

KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

3 Posts

Last activity: 1 hour ago

Fediverse

CyberNetsecIO @netsecio

📰 CISA KEV Alert: Actively Exploited Flaws in Langflow AI Framework and Trivy Scanner

📢 CISA KEV UPDATE: Two flaws now under active exploitation! A critical RCE in Langflow AI framework (CVE-2026-33017) and a supply-chain attack via Trivy scanner (CVE-2026-33634). Patch now! ⚠️ #KEV #CyberSecurity #RCE

🔗 https://cyber.netsecops.io/articles/cisa-adds-exploited-trivy-and-langflow-flaws-to-kev-catalog/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
9h ago

Bluesky

Lorenzo Ordóñez @lordman1982.bsky.social

CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours | Sysdig www.sysdig.com/blog/cve-202...

0
0
0
17h ago

BABA Toshiaki @netmarkjp.bsky.social

#ばばさん通信ダイジェスト賛否関わらず話題になった/なりそうなものを共有しています。 CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours

0
0
0
1h ago

CVE-2026-20817

Overview

Microsoft
Windows 10 Version 21H2

13 Jan 2026

Published

26 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.02%

MITRE

KEV

Description

Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

Statistics

3 Posts
1 Interaction

Last activity: 16 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

SYSTEM Takeover: New Windows Error Reporting Flaw (CVE-2026-20817) Demands Immediate Action + Video Introduction: The Windows Error Reporting (WER) service, a critical component designed to capture crash dumps and telemetry, has become the latest attack vector for privilege escalation. Security…

0
1
0
16h ago

CrowdCyber @crowdcyber.bsky.social

Proof-of-Concept Released: Public Exploit Details for Windows Error Reporting LPE (CVE-2026-20817)

0
0
0
23h ago

Undercode Testing @undercode.bsky.social

CVE-2026-20817: Windows Error Reporting Goes Nuclear – How a Single Flaw Forced Microsoft to Nuke Its Own Feature + Video Introduction: A recently patched Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, tracked as CVE-2026-20817, has exposed a critical flaw…

0
0
0
17h ago

CVE-2026-20963

Overview

Microsoft
Microsoft SharePoint Enterprise Server 2016

13 Jan 2026

Published

19 Mar 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

7.10%

MITRE

KEV

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

2 Posts

Last activity: 2 hours ago

Fediverse

alexia @TypeErr0r

Think we’ll ever get this deserialization stuff down? #appsec #infosec

https://securityboulevard.com/2026/03/cve-2026-20963-sharepoint-deserialization-remote-code-execution-vulnerability/

0
0
0
2h ago

Andi @Andi

Zwei kritische Schwachstellen beherrschen die Lage für deutsche Unternehmen.
Das BSI warnt vor einer aktiv ausgenutzten Lücke in Microsoft SharePoint. Die CISA hatte die Schwachstelle am 18. März in ihren Katalog ausgenutzter Sicherheitslücken aufgenommen. CERT-EU veröffentlichte am 25. März ein Advisory und verwies auf Maßnahmen aus der ToolShell-Angriffskampagne des Vorjahres. Der CVSS-Score liegt bei 9.8 von 10 und wurde hochgestuft, nachdem sich herausstellte, dass eine Ausnutzung auch ohne Authentifizierung möglich ist.
Parallel dazu hat CERT-Bund am 24. März Alarm wegen zweier Schwachstellen in Citrix NetScaler ADC und NetScaler Gateway geschlagen. CVE-2026-3055 ermöglicht es nicht authentifizierten Angreifern, aktive Session-Token aus dem Speicher betroffener Geräte auszulesen. CVE-2026-4368 kann durch eine Race Condition zur Übernahme fremder Benutzersitzungen führen. Besonders gefährdet sind Systeme, die als SAML Identity Provider konfiguriert sind, also eine in Unternehmensumgebungen weit verbreitete Konfiguration für Single Sign-On. Sicherheitsforscher bewerten eine baldige aktive Ausnutzung als sehr wahrscheinlich.
Sofortmaßnahmen: SharePoint patchen, NetScaler aktualisieren und aktiven Sessions beenden.

Cybersicherheitswarnung 2026-238220-1032 (25.03.2026) | CERT-Bund WID-SEC-2026-0836 (24.03.2026)
CVE-2026-20963 | CVE-2026-3055 | CVE-2026-4368
#Informationssicherheit #CISO #BSI #SharePoint #Citrix #NetScaler #Patchmanagement #NIS2 #CyberSecurity #ITSicherheit

0
0
0
12h ago

CVE-2026-33701

Overview

open-telemetry
opentelemetry-java-instrumentation

27 Mar 2026

Published

27 Mar 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.50%

MITRE

KEV

Description

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exploit this vulnerability: First, OpenTelemetry Java instrumentation is attached as a Java agent (`-javaagent`) on Java 16 or earlier. Second, JMX/RMI port has been explicitly configured via `-Dcom.sun.management.jmxremote.port` and is network-reachable. Third, gadget-chain-compatible library is present on the classpath. This results in arbitrary remote code execution with the privileges of the user running the instrumented JVM. For JDK >= 17, no action is required, but upgrading is strongly encouraged. For JDK < 17, upgrade to version 2.26.1 or later. As a workaround, set the system property `-Dotel.instrumentation.rmi.enabled=false` to disable the RMI integration.

Statistics

1 Post
4 Interactions

Last activity: 22 hours ago

Fediverse

Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-33701 affects opentelemetry-java-instrumentation <2.26.1. Unauthenticated RCE possible on Java ≤16 via unsafe RMI deserialization. Upgrade to 2.26.1+ or disable RMI now! Details: https://radar.offseq.com/threat/cve-2026-33701-cwe-502-deserialization-of-untruste-08578920 #OffSeq #Java #RCE #Vuln

3
1
0
22h ago

CVE-2024-54492

Overview

Apple
visionOS

11 Dec 2024

Published

03 Nov 2025

Updated

CVSS

Pending

EPSS

0.28%

MITRE

KEV

Description

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.

Statistics

1 Post
8 Interactions

Last activity: 1 hour ago

Fediverse

Mysk🇨🇦🇩🇪 @mysk

Good to know but every vulnerability we discovered and reported to Apple also affected the Lockdown Mode. This includes CVE-2024-54492 that impacted the Passwords app. An option to "Allow Contacting Websites" was added starting iOS 26

#privacy #security #iOS #Apple #infosec
--------
Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked

https://www.macrumors.com/2026/03/27/no-iphone-in-lockdown-mode-has-ever-been-hacked/

2
6
0
1h ago

CVE-2026-1207

Overview

djangoproject
Django
django

03 Feb 2026

Published

03 Feb 2026

Updated

CVSS

Pending

EPSS

5.46%

MITRE

KEV

Description

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

Statistics

1 Post
5 Interactions

Last activity: 16 hours ago

Bluesky

Philippe Vynckier @pvynckier.bsky.social

CrowdSec confirme la première exploitation active de CVE-2026-1207, une faille d'injection SQL dans Django - IT SOCIAL itsocial.fr/cybersecurit...

1
4
0
16h ago