24h | 7d | 30d

Overview

  • Google
  • Chrome

12 Mar 2026
Published
13 Mar 2026
Updated

CVSS
Pending
EPSS
Pending

Description

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 7 Posts
  • 1 Interaction

Last activity: 7 hours ago

Fediverse

Profile picture fallback

A new vulnerability with increased severity was disclosed for Google Chrome (CVE-2026-3909) vuldb.com/?id.350787

  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
@tresronours@parlote.facil.services:

Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code


Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious […]

The post Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
#Chrome: Google released security updates for its Chrome web browser to address two high-severity #zeroday #vulnerabilities CVE-2026-3909 & CVE-2026-3910 that it said have been exploited in the wild. Make sure to update your Chrome today! (restart it): 👇
  • 1
  • 0
  • 1
  • 7h ago
Profile picture fallback
ゼロデイ2つか > "Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild."
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Active exploitation of Chrome zero-days CVE-2026-3909 and CVE-2026-3910 highlights the urgency of endpoint visibility in your SOC. The Skia flaw allows boundary errors leading to code execution, while V8's implementation issue compromises systems remotely.
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Google released an emergency Chrome 146 update fixing two zero-day exploits: an out-of-bounds write in Skia (CVE-2026-3909) and a V8 engine flaw (CVE-2026-3910), patched on multiple platforms. #ZeroDay #ChromeUpdate #USA
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Google
  • Chrome

12 Mar 2026
Published
13 Mar 2026
Updated

CVSS
Pending
EPSS
Pending

Description

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 7 Posts
  • 1 Interaction

Last activity: 7 hours ago

Fediverse

Profile picture fallback

A severe vulnerability was disclosed for Google Chrome (CVE-2026-3910) vuldb.com/?id.350788

  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
@tresronours@parlote.facil.services:

Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code


Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious […]

The post Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
posted by pod_feeder

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
#Chrome: Google released security updates for its Chrome web browser to address two high-severity #zeroday #vulnerabilities CVE-2026-3909 & CVE-2026-3910 that it said have been exploited in the wild. Make sure to update your Chrome today! (restart it): 👇
  • 1
  • 0
  • 1
  • 7h ago
Profile picture fallback
ゼロデイ2つか > "Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild."
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Active exploitation of Chrome zero-days CVE-2026-3909 and CVE-2026-3910 highlights the urgency of endpoint visibility in your SOC. The Skia flaw allows boundary errors leading to code execution, while V8's implementation issue compromises systems remotely.
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Google released an emergency Chrome 146 update fixing two zero-day exploits: an out-of-bounds write in Skia (CVE-2026-3909) and a V8 engine flaw (CVE-2026-3910), patched on multiple platforms. #ZeroDay #ChromeUpdate #USA
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
2.60%

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture fallback

US agencies face a CISA deadline to secure networks after a critical Cisco SD-WAN flaw (CVE-2026-20127) exposed federal systems to long-term intrusion and admin access.

Read: hackread.com/us-agencies-cisa-

#CyberSecurity #Cisco #SDWAN #CISA #Vulnerability

  • 0
  • 1
  • 0
  • 7h ago
Profile picture fallback

Check your deployments about Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability: cisa.gov/known-exploited-vulne

How to mitigate in Cisco SD-WAN Systems can be found here: cisa.gov/news-events/directive

  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture fallback
US agencies face a CISA deadline to secure networks after a critical Cisco SD-WAN flaw (CVE-2026-20127) exposed federal systems to long-term intrusion and admin access. Read: hackread.com/us-agencies-... #CyberSecurity #Cisco #SDWAN #CISA #Vulnerability
  • 1
  • 0
  • 0
  • 7h ago

Overview

  • elemntor
  • Ally – Web Accessibility & Usability

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global_remediations()` method, where it is directly concatenated into an SQL JOIN clause without proper sanitization for SQL context. While `esc_url_raw()` is applied for URL safety, it does not prevent SQL metacharacters (single quotes, parentheses) from being injected. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via time-based blind SQL injection techniques. The Remediation module must be active, which requires the plugin to be connected to an Elementor account.

Statistics

  • 4 Posts

Last activity: 4 hours ago

Fediverse

Profile picture fallback

#WordPress und die PlugIn Hölle. 😵‍💫

"The plugin is used on over 400,000 WordPress sites." 😭

"An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on February 4, 2026."

CVE-2026-2413 (CVSS score 7.5)

"Users are urged to update to Ally version 4.1.0 to mitigate the risk."

securityaffairs.com/189354/sec

#WordPress

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback

Over 200,000 #WordPress sites are exposed due to an SQL injection flaw in the Ally plugin (CVE-2026-2413), allowing attackers to extract database data. Patch released, but many sites remain vulnerable.

Read: hackread.com/sql-injection-vul

#CyberSecurity #SQLInjection #Vulnerability

  • 0
  • 0
  • 1
  • 6h ago

Bluesky

Profile picture fallback
Critical SQLi Bug Hits Ally Plugin Sites Read More: buff.ly/O6ZOGn0 #CVE20262413 #WordPressSecurity #SQLInjection #AllyPlugin #WebAppSecurity #CriticalVulnerability #PatchNow #InfosecAlert
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • n8n-io
  • n8n

19 Dec 2025
Published
12 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
78.98%

Description

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

Statistics

  • 2 Posts
  • 4 Interactions

Last activity: 12 hours ago

Fediverse

Profile picture fallback

⚠️ CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

「 The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched by n8n in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0. CVE-2025-68613 is the first n8n vulnerability to be placed in the KEV catalog 」
thehackernews.com/2026/03/cisa

#n8n #cisa #rce #cybersecurity

  • 2
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture fallback
🚨 CISA signale une faille critique RCE dans #n8n (CVE-2025-68613, score 9.9), toujours active sur 24 700 instances. Correctif déjà disponible. #CyberSecurity #Automatisation
  • 1
  • 1
  • 0
  • 12h ago

Overview

  • Splunk
  • Splunk Enterprise

11 Mar 2026
Published
12 Mar 2026
Updated

CVSS v3.1
HIGH (8.0)
EPSS
Pending

KEV

Description

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 9 hours ago

Fediverse

Profile picture fallback

Critical Splunk RCE Vulnerability (CVE-2026–20163) Lets Attackers Run Shell Commands on Your Server
The discovered vulnerability is a Remote Code Execution (RCE) in Splunk, a popular data processing software. The flaw stems from insufficient input validation in the application's search interface. By constructing a crafted search query, an attacker can exploit the vulnerability and execute arbitrary shell commands on the target server. Specifically, an attacker can utilize the 'enableJavaScript' and 'enableCookies' search commands to trigger the RCE. When the search interface receives a request, it inadvertently executes JavaScript provided by the attacker, enabling further exploitation. The impact of this vulnerability is severe, as it allows unauthorized execution of commands with the privileges of the Splunk user, potentially leading to data breaches or unauthorized access. The researcher received a $15,000 bounty from Splunk for reporting this critical issue. To remediate, Splunk suggests implementing input validation and sanitization for user-supplied search queries. Key lesson: Always validate user inputs to prevent RCE attacks.

medium.com/@EternalSec/critica

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
Critical Splunk RCE Vulnerability (CVE-2026–20163) Lets Attackers Run Shell Commands on Your Server https://medium.com/@EternalSec/critical-splunk-rce-vulnerability-cve-2026-20163-lets-attackers-run-shell-commands-on-your-server-244fcbe3497d?source=rss------bug_bounty-5
  • 0
  • 1
  • 0
  • 9h ago

Overview

  • golang.org/x/net
  • golang.org/x/net/http2
  • golang.org/x/net/http2

26 Feb 2026
Published
27 Feb 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

Statistics

  • 1 Post
  • 6 Interactions

Last activity: 18 hours ago

Fediverse

Profile picture fallback

Traefik v2.11.40 is out! It includes a CRITICAL security fix for CVE-2026-27141. Update your instances NOW to keep your self-hosted setup secure! Also bumps Docker & Golang dependencies.

github.com/traefik/traefik/rel

#selfhosted #homelab

  • 4
  • 2
  • 0
  • 18h ago

Overview

  • steveukx
  • simple-git

10 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for the vulnerability.

Statistics

  • 3 Posts

Last activity: Last hour

Bluesky

Profile picture fallback
📌 CVE-2026-28292: RCE in simple-git via case-sensitivity bypass (CVSS 9.8) https://www.cyberhub.blog/article/21369-cve-2026-28292-rce-in-simple-git-via-case-sensitivity-bypass-cvss-98
  • 0
  • 0
  • 1
  • 23h ago
Profile picture fallback
CVE-2026-28292: simple-git Remote Code Execution - A case-sensitivity bug in simple-git (12.4 million+ weekly npm downloads) allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912)
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Tenda
  • FH451

07 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The manipulation of the argument funcname/funcpara1 results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 16 hours ago

Bluesky

Profile picture fallback
CVE-2026-3677 - Tenda FH451 setcfm fromSetCfm stack-based overflow scq.ms/4rTWrMv
  • 2
  • 0
  • 0
  • 16h ago

Overview

  • undici
  • undici
  • undici

12 Mar 2026
Published
13 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range server_max_window_bits value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination. The vulnerability exists because: * The isValidClientWindowBits() function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15 * The createInflateRaw() call is not wrapped in a try-catch block * The resulting exception propagates up through the call stack and crashes the Node.js process

Statistics

  • 2 Posts
  • 3 Interactions

Last activity: 22 hours ago

Bluesky

Profile picture fallback
🚨 High-severity security fix in undici@7.24.0 just released! Patches CVE-2026-2229 — vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation github.com/nodejs/undic...
  • 1
  • 2
  • 1
  • 22h ago
Showing 1 to 10 of 78 CVEs