24h | 7d | 30d

CVE-2026-28356

Overview

  • defnull
  • multipart
12 Mar 2026
Published
13 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.54%
KEV

Description

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking (ReDoS) when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service (DoS) attacks against web applications using this library to parse request headers or multipart/form-data streams. The issue is fixed in 1.2.2, 1.3.1 and 1.4.0-dev.

Statistics

  • 1 Post
  • 36 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture fallback
defnull @defnull

The 'multipart' #python library got an independent #security audit and I only know about that because they found something -> CVE-2026-28356

This is great, actually! Someone looked into it so thoroughly that they found an obscure single-character issue in a regular expression ... and didn't find anything else! Which means I can now be really confident about the security of this library. Nice!

#cve #infosec #sansio

  • 17
  • 19
  • 0
  • 22h ago

CVE-2026-26123

Overview

  • Microsoft
  • Microsoft Authenticator for Android
10 Mar 2026
Published
13 Mar 2026
Updated
CVSS v3.1
MEDIUM (5.5)
EPSS
0.04%
KEV

Description

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.

Statistics

  • 1 Post
  • 12 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture fallback
informapirata ⁂ :privacypride: @informapirata

Microsoft Authenticator potrebbe divulgare i codici di accesso: se lo stai usando, aggiorna subito l'app

Una vulnerabilità in Microsoft Authenticator per iOS e Android ( CVE-2026-26123 ) potrebbe far trapelare i codici di accesso monouso o i deep link di autenticazione a un'app dannosa sullo stesso dispositivo.

malwarebytes.com/blog/news/202

@informatica

  • 11
  • 1
  • 0
  • 15h ago

CVE-2026-3909

Overview

  • Google
  • Chrome
12 Mar 2026
Published
14 Mar 2026
Updated
CVSS
Pending
EPSS
27.12%
KEV

Description

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 4 Posts
  • 7 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Deskmodder @Deskmodder

Google Chrome 146.0.7680.80 schließt CVE-2026-3909 als weiteren Exploit

deskmodder.de/blog/2026/03/14/

  • 4
  • 1
  • 1
  • 21h ago
Profile picture fallback
Ruarí Ødegaard @ruario

@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.

And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂

  • 1
  • 0
  • 0
  • 17h ago
Profile picture fallback
Ruarí Ødegaard @ruario

@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.

  • 0
  • 1
  • 0
  • 17h ago

CVE-2026-3836

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 4 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture fallback
geeknik @geeknik

Your package manager's D-Bus interface is root-privileged, always-on, and crashes instantly if you whisper the wrong locale at it.

CVE-2026-3836.
CVSS 7.5.
No auth required.

The tool patching your system was the hole. Upgrade dnf5 now.
portallinuxferramentas.blogspo

  • 2
  • 2
  • 1
  • 9h ago

CVE-2026-32720

Overview

  • ctfer-io
  • monitoring
13 Mar 2026
Published
13 Mar 2026
Updated
CVSS v4.0
HIGH (7.1)
EPSS
0.04%
KEV

Description

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CVE-2026-32720 (HIGH): ctfer-io monitoring <0.2.1 has improper access control, allowing lateral movement across Kubernetes namespaces — risks sensitive logs/metrics. Patch to 0.2.1+ ASAP! 🔒 radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 21h ago

CVE-2026-4164

Overview

  • Wavlink
  • WL-WN578W2
15 Mar 2026
Published
15 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-4164 (CRITICAL, CVSS 9.3) in Wavlink WL-WN578W2 (v221110): Unauth'd command injection via /cgi-bin/wireless.cgi. Public exploit released. Patch ASAP or restrict access! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 1h ago

CVE-2026-21533

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
13 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
3.14%
KEV

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-21533: The 20,000 RDP Zero-Day That Turns Every Session Host Into a Domain Admin’s Worst Nightmare + Video Introduction: In a stark reminder that legacy protocols remain the Achilles' heel of enterprise security, a threat actor is reportedly selling a zero-day exploit for a Windows Remote…
  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-32708

Overview

  • PX4
  • PX4-Autopilot
13 Mar 2026
Published
13 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.01%
KEV

Description

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message to force an unbounded stack allocation and copy, causing a stack overflow and crash of the Zenoh bridge task. This vulnerability is fixed in 1.17.0-rc2.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 20 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚁 CVE-2026-32708 (HIGH): Stack-based buffer overflow in PX4-Autopilot (<1.17.0-rc2) via Zenoh uORB subscriber. Exploitable w/ local privileges; could crash or compromise drones. Upgrade ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 20h ago

CVE-2026-4163

Overview

  • Wavlink
  • WL-WN579A3
14 Mar 2026
Published
14 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables unauthenticated remote command injection via /cgi-bin/wireless.cgi. Exploit code is public — restrict remote admin & monitor traffic until patched! radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 1
  • 6h ago

CVE-2026-4167

Overview

  • Belkin
  • F9K1122
15 Mar 2026
Published
15 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 HIGH severity: CVE-2026-4167 in Belkin F9K1122 (1.00.33) enables remote code execution via stack buffer overflow — no auth needed, no patch. Isolate, restrict, and monitor now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour
Showing 1 to 10 of 45 CVEs