Overview
- FlowiseAI
- Flowise
07 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.0
HIGH (8.8)
EPSS
0.02%
KEV
Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13.
Statistics
- 1 Post
- 1 Interaction
Last activity: 19 hours ago
Overview
- MBS
- UBR-01 Mk II
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
Pending
KEV
Description
A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.
Statistics
- 1 Post
- 1 Interaction
Last activity: 6 hours ago
Overview
- OpenClaw
- OpenClaw
05 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
HIGH (7.2)
EPSS
0.04%
KEV
Description
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway client, bypassing the operator.approvals permission check that protects direct RPC calls.
Statistics
- 1 Post
- 1 Interaction
Last activity: 16 hours ago
Overview
Description
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models. This issue appears to affect all of Unitreeβs current offerings as of February 26, 2026, and so should be considered a vulnerability in both the firmware generation and extraction processes. At the time of this release, there is no publicly-documented mechanism to subvert the update process and insert poisoned firmware packages without the equipment ownerβs knowledge.
Statistics
- 1 Post
- 1 Interaction
Last activity: Last hour
Overview
- OpenClaw
- OpenClaw
05 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
HIGH (8.5)
EPSS
0.02%
KEV
Description
OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.14 contain a vulnerability in the sandbox browser bridge server in which it accepts requests without requiring gateway authentication, allowing local attackers to access browser control endpoints. A local attacker can enumerate tabs, retrieve WebSocket URLs, execute JavaScript, and exfiltrate cookies and session data from authenticated browser contexts.
Statistics
- 1 Post
- 1 Interaction
Last activity: 16 hours ago
Overview
- Adobe
- Illustrator
10 Mar 2026
Published
11 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV
Description
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Statistics
- 1 Post
- 1 Interaction
Last activity: 15 hours ago
Overview
- Adobe
- Illustrator
10 Mar 2026
Published
11 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV
Description
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Statistics
- 1 Post
- 1 Interaction
Last activity: 11 hours ago
Overview
Description
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
π‘οΈ CVE-2026-4008: HIGH severity stack buffer overflow in Tenda W3 (v1.0.0.3(2204)) lets remote attackers execute code or cause DoS β no auth needed. Public exploit available, patch or restrict access now! https://radar.offseq.com/threat/cve-2026-4008-stack-based-buffer-overflow-in-tenda-40f87be9 #OffSeq #Tenda #Infosec #Vuln
Overview
- useplunk
- plunk
11 Mar 2026
Published
11 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
Pending
KEV
Description
Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to any host accessible from the server. This vulnerability is fixed in 0.7.0.
Statistics
- 1 Post
Last activity: 7 hours ago
Fediverse
π¨ CVE-2026-32096: CRITICAL SSRF in Plunk < 0.7.0 lets unauthenticated attackers trigger arbitrary outbound HTTP requests via SNS webhook. Upgrade to 0.7.0+ ASAP. Monitor egress and review webhook configs. https://radar.offseq.com/threat/cve-2026-32096-cwe-918-server-side-request-forgery-4e688d7e #OffSeq #SSRF #CloudSecurity
Overview
- lyc8503
- UptimeFlare
07 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.03%
KEV
Description
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig (safe for client use) and workerConfig (server-only, contains sensitive data) from the same module. Due to pages/incidents.tsx importing and using workerConfig directly inside client-side component code, the entire workerConfig object was included in the client-side JavaScript bundle served to all visitors. This issue has been patched via commit 377a596.
Statistics
- 1 Post
Last activity: 6 hours ago