24h | 7d | 30d

CVE-2026-21992

Overview

  • Oracle Corporation
  • Oracle Identity Manager
20 Mar 2026
Published
24 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.02%
KEV

Description

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. Note: Oracle Web Services Manager is installed with an Oracle Fusion Middleware Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 7 Posts
  • 3 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture fallback
TechNadu @technadu

Oracle alert 🚨
CVE-2026-21992 → unauth RCE (9.8)
Identity systems = high-value target
Emergency patch released

Source: securityweek.com/oracle-releas

Assume breach? 👇
Follow @technadu

  • 0
  • 1
  • 0
  • 20h ago
Profile picture fallback
CyberNetsecIO @netsecio

📰 URGENT: Oracle Patches Critical 9.8 CVSS Unauthenticated RCE Flaw

📢 URGENT PATCH: Oracle has issued an emergency fix for CVE-2026-21992, a critical 9.8 CVSS unauthenticated RCE flaw in Identity Manager. Unpatched systems can be fully compromised. Patch immediately! 🚨 #Oracle #CyberSecurity #RCE #PatchNow

🔗 cyber.netsecops.io/articles/or

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
Help Net Security @helpnetsecurity.com
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) 📖 Read more: www.helpnetsecurity.com/2026/03/23/o... #cybersecurity #cybersecuritynews #APIsecurity #identitymanagement
  • 1
  • 0
  • 0
  • 19h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
Oracle社、Identity Managerにおける認証前リモートコード実行の脆弱性(CVE-2026-21992)に対する緊急修正プログラムをリリース Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) #HelpNetSecurity (Mar 23) www.helpnetsecurity.com/2026/03/23/o...
  • 0
  • 1
  • 0
  • 6h ago
Profile picture fallback
CyberMaterial @cybermaterial.bsky.social
Oracle Patches Critical Identity RCE Read More: buff.ly/SRyprxy #OracleSecurity #CVE202621992 #RemoteCodeExecution #IdentitySecurity #PatchNow #VulnerabilityManagement #EnterpriseSecurity #InfosecAlert
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Sophos~ Critical unauthenticated RCE flaw in Oracle Fusion Middleware components. - IOCs: CVE-2026-21992 - #CVE2026_21992 #Oracle #threatintel
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Oracle Identity Managerに致命的な脆弱性(CVE-2026-21992) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-3055

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

  • 8 Posts
  • 9 Interactions
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Rishi @rxerium

🚨 CVE-2026-3055 (CVSS 9.3), a unauth memory overread vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway appliances that could see active exploitation itw

Vulnerability detection script available here:
github.com/rxerium/rxerium-tem

Patches are available as per Citrix's advisory:
support.citrix.com/support-hom

  • 1
  • 0
  • 0
  • 13h ago
Profile picture fallback
:mastodon: decio @decio

➡️ CVE-2026-3055 👀
👇
support.citrix.com/support-hom

  • CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
    Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.

    • CVE-2026-4368 - Race Condition vulnerability - CVSSv4 base score: 7.7Note: Affected appliances must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP proxy) or AAA virtual server to be vulnerable CVE-2026-4368.

( -> cve.circl.lu/search?q=CVE-2026 )

  • 1
  • 1
  • 0
  • 15h ago
Profile picture fallback
circl @circl

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368

#citrix #vulnerabilitymanagement #vulnerability

vulnerability.circl.lu/bundle/

  • 1
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
Rapid7 @rapid7.com
🚨 On March 23, 2026, #Citrix published a security advisory for a critical vuln. affecting their NetScaler ADC & Gateway products. CVE-2026-3055, an out-of-bounds read, allows unauthenticated remote attackers to leak information from the appliance's memory. Read on: r-7.co/41nwCJ7
  • 1
  • 0
  • 0
  • 11h ago
Profile picture fallback
tamosan @tamosan.bsky.social
CVE-2026-3055。アプライアンスがSAML IdP設定であればやられるようです。CVSSv4で9.3:Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems https://cybersecuritynews.com/netscaler-adc-and-gateway-vulnerabilities/
  • 1
  • 0
  • 0
  • 5h ago
Profile picture fallback
Sami Laiho @samilaiho.com
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 #CRITICAL support.citrix.com/support-home...
  • 1
  • 0
  • 0
  • 15h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Certeu~ Citrix patched critical flaws in NetScaler ADC & Gateway allowing info disclosure and session mix-up. - IOCs: CVE-2026-3055, CVE-2026-4368 - #Citrix #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 11h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cybergcca~ CCCS issued 9 advisories, highlighting an actively exploited Craft CMS flaw (CVE-2025-32432) and critical Citrix NetScaler vulnerabilities. - IOCs: CVE-2025-32432, CVE-2026-3055, CVE-2026-4368 - #CISA_KEV #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 14h ago

CVE-2025-32975

Overview

  • Pending
24 Jun 2025
Published
03 Nov 2025
Updated
CVSS
Pending
EPSS
0.13%
KEV

Description

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

Statistics

  • 4 Posts
  • 2 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
HackerWorkspace @hackerworkspace

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

thehackernews.com/2026/03/hack

Short summary: hackerworkspace.com/article/ha

  • 1
  • 1
  • 0
  • 12h ago
Profile picture fallback
CyberNetsecIO @netsecio

📰 Warning: Critical 10.0 CVSS Quest KACE Flaw from 2025 Now Actively Exploited

🔥 ACTIVE EXPLOITATION: A year-old, 10.0 CVSS flaw in Quest KACE SMA (CVE-2025-32975) is now being actively exploited. Attackers are gaining full admin control, deploying Mimikatz, and moving laterally. Patch and isolate from the internet NOW! #CVE

🔗 cyber.netsecops.io/articles/ol

  • 0
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Hackers are exploiting CVE-2025-32975 (CVSS 10.0) to bypass authentication and take control of unpatched Quest KACE SMA systems. Activity includes credential theft, account creation, and RDP access. #QuestKACE #AuthenticationBypass #USA
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
Ninja Owl @ninjaowl.ai
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-4368

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
HIGH (7.7)
EPSS
Pending
KEV

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Statistics

  • 5 Posts
  • 6 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture fallback
:mastodon: decio @decio

➡️ CVE-2026-3055 👀
👇
support.citrix.com/support-hom

  • CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
    Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.

    • CVE-2026-4368 - Race Condition vulnerability - CVSSv4 base score: 7.7Note: Affected appliances must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP proxy) or AAA virtual server to be vulnerable CVE-2026-4368.

( -> cve.circl.lu/search?q=CVE-2026 )

  • 1
  • 1
  • 0
  • 15h ago
Profile picture fallback
circl @circl

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368

#citrix #vulnerabilitymanagement #vulnerability

vulnerability.circl.lu/bundle/

  • 1
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
Sami Laiho @samilaiho.com
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 #CRITICAL support.citrix.com/support-home...
  • 1
  • 0
  • 0
  • 15h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Certeu~ Citrix patched critical flaws in NetScaler ADC & Gateway allowing info disclosure and session mix-up. - IOCs: CVE-2026-3055, CVE-2026-4368 - #Citrix #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 11h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cybergcca~ CCCS issued 9 advisories, highlighting an actively exploited Craft CMS flaw (CVE-2025-32432) and critical Citrix NetScaler vulnerabilities. - IOCs: CVE-2025-32432, CVE-2026-3055, CVE-2026-4368 - #CISA_KEV #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 14h ago

CVE-2026-3587

Overview

  • WAGO
  • Lean Managed Switch 852-1812
23 Mar 2026
Published
23 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.09%
KEV

Description

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-020
WAGO: Vulnerability in managed switches

A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function.
CVE-2026-3587

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 1
  • 1
  • 0
  • 23h ago
Profile picture fallback
Offensive Sequence @offseq

WAGO 852-1812 switch hit with CRITICAL CVE-2026-3587 (CVSS 10.0): hidden CLI lets remote attackers gain root with no auth. No patch yet. Isolate, restrict access, & monitor closely. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 22h ago

CVE-2025-61144

Overview

  • Pending
23 Feb 2026
Published
25 Feb 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.

Statistics

  • 3 Posts
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Chuckles @celeduc

Oh good, a critical update for libtiff6. Ancient formats certainly carry a lot of baggage. nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical LibTIFF DoS vulnerabilities (CVE-2025-61143, CVE-2025-61144) patched for #Ubuntu 25.10, 24.04 LTS, 22.04 LTS, and earlier releases with Ubuntu Pro. Read more: 👉 tinyurl.com/yenkmaar #Security
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 URGENT: #Ubuntu Security Update 🚨 Patch now for LibTIFF DoS flaws (CVE-2025-61143, CVE-2025-61144) affecting Ubuntu 25.10 down to 14.04 LTS. Read more: 👉 tinyurl.com/ue8e2zbv #Security
  • 0
  • 0
  • 0
  • 10h ago

CVE-2025-32432

Overview

  • craftcms
  • cms
25 Apr 2025
Published
21 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
89.44%
KEV

Description

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 14 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CISA Warns of Craft CMS Zero-Day Under Active Attack—Patch Now or Get Hacked + Video Introduction: A critical code injection vulnerability in Craft CMS, designated CVE-2025-32432, has been actively exploited as a zero-day since February 2025, prompting the U.S. Cybersecurity and Infrastructure…
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Cybergcca~ CCCS issued 9 advisories, highlighting an actively exploited Craft CMS flaw (CVE-2025-32432) and critical Citrix NetScaler vulnerabilities. - IOCs: CVE-2025-32432, CVE-2026-3055, CVE-2026-4368 - #CISA_KEV #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 14h ago

CVE-2026-3909

Overview

  • Google
  • Chrome
12 Mar 2026
Published
14 Mar 2026
Updated
CVSS
Pending
EPSS
4.44%
KEV

Description

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Global cybersecurity alerts include active exploitation of Chrome Zero-Days (CVE-2026-3909/3910) and a Quest KACE SMA flaw for credential harvesting. Advanced threats like Android haptic keyloggers and deepfake identity fraud are emerging. Geopolitically, Persian Gulf tensions remain high, while the US announced a new cyber strategy to defend companies from foreign adversaries. In tech, NVIDIA Nemotron 3 Super is now on Amazon Bedrock.

#Cybersecurity #GeopoliticalNews #TechBrief

  • 2
  • 0
  • 0
  • 6h ago

CVE-2026-1207

Overview

  • djangoproject
  • Django
  • django
03 Feb 2026
Published
03 Feb 2026
Updated
CVSS
Pending
EPSS
5.46%
KEV

Description

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture fallback
CrowdSec @CrowdSec

🚨 In this week’s threat alert, CrowdSec reports on CVE-2026-1207, a critical Django SQL injection vulnerability now actively exploited in the wild. Attackers are targeting GeoDjango setups using PostGIS with focused reconnaissance. Notably, this vulnerability hasn’t yet been added to the CISA KEV catalog.

Learn how the vulnerability works and how to secure your systems in our latest article: crowdsec.net/vulntracking-repo

  • 1
  • 1
  • 1
  • 15h ago

CVE-2026-20131

Overview

  • Cisco
  • Cisco Secure Firewall Management Center (FMC)
04 Mar 2026
Published
20 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.65%
KEV

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Zscaler~ Unauthenticated RCE vulnerability (CVSS 10) in Cisco Secure FMC actively exploited in the wild, granting root access. - IOCs: CVE-2026-20131 - #CVE202620131 #Cisco #RCE #ThreatIntel
  • 1
  • 0
  • 0
  • 2h ago
Showing 1 to 10 of 45 CVEs