24h | 7d | 30d

Overview

  • CODESYS
  • CODESYS Control RTE (SL)

24 Mar 2026
Published
24 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.21%

KEV

Description

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

VDE-2026-011
CODESYS Control V3 - Untrusted boot application

The CODESYS Control runtime system provides a user management mechanism with multiple privilege groups. While only the privileged Administrators and Developer groups are intended to load or debug applications on the controller, users in the restricted Service group are allowed to perform maintenance operations, including explicitly replacing the boot application.
CVE-2025-41660

certvde.com/en/advisories/vde-

codesys.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • steveukx
  • simple-git

10 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.10%

KEV

Description

`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for the vulnerability.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
CVE-2026-28292:simple-git遠程代碼執行漏洞,一個大寫字母即可繞過兩個CVE補丁(CVSS 9.8)
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Fediverse

Profile picture fallback

Turning an encrypted backup into Remote Code Execution in Stackfield’s desktop app (CVE-2026-28373).

rcesecurity.com/2026/03/stackf

  • 0
  • 0
  • 1
  • 4h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917) https://tinyurl.com/2cyftztb
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Apache Software Foundation
  • Apache Struts
  • com.opensymphony:xwork

11 Jan 2026
Published
11 Mar 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

ZAST engine has identified and verified hundreds of previously undisclosed 0-days so far in Q1 2026 across modern web applications, software supply chain code, and IoT systems.

One highlighted case is CVE-2025-68493 in Apache Struts, a widely deployed Java web framework: struts.apache.org/

Ecosystem exposure remains significant. Sonatype reported more than 387,000 downloads in one week for affected org.apache.struts:* artifacts, with most usage concentrated in end-of-life branches. That combination of legacy adoption and delayed remediation is exactly why verification matters for enterprise infrastructure.

Technically, the issue was an XXE in com.opensymphony.xwork2.util.DomHelper.parse(), where SAXParserFactory hardening was incomplete and external entity handling was not fully disabled.

ZAST.AI focuses on autonomous verification. Findings are promoted into reports only after successful PoC validation, which supports our zero-false-positive reporting standard and helps engineering teams spend time on issues that are demonstrably real.

Full report: blog.zast.ai/cybersecurity/art

Source (Sonatype): sonatype.com/blog/years-old-ap

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • immutable-js
  • immutable-js

06 Mar 2026
Published
06 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.06%

KEV

Description

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.

Statistics

  • 2 Posts

Last activity: 3 hours ago

Bluesky

Profile picture fallback
PH70510:WebSphere Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063 CVSS 8.7) https://tinyurl.com/27tvd2v2
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
IBM WebSphere Application Server Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063) https://tinyurl.com/25lyxhlz
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • djangoproject
  • Django
  • django

03 Feb 2026
Published
03 Feb 2026
Updated

CVSS
Pending
EPSS
5.38%

KEV

Description

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
📢 CVE-2026-1207 : Injection SQL dans Django/GeoDjango activement exploitée dans la nature 📝 ## 🔍 Contexte Publié le 23 mars 2026 par CrowdSec, … https://cyberveille.ch/posts/2026-03-23-cve-2026-1207-injection-sql-dans-django-geodjango-activement-exploitee-dans-la-nature/ #CVE_2026_1207 #Cyberveille
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • GNU
  • inetutils

13 Mar 2026
Published
23 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.03%

KEV

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture fallback

Fixed a security vulnerability regarding Telnetd (CVE-2026-32746)

I know I'm late to the game but this is one funny CVE.

A) Who uses telnet these days. Really. Who?
B) That bug has been lurking there for ... a long time. Ooof

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • dendibakh
  • perf-ninja

24 Mar 2026
Published
24 Mar 2026
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
0.05%

KEV

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in dendibakh perf-ninja (labs/misc/pgo/lua modules). This vulnerability is associated with program files ldo.C. This issue affects perf-ninja.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-4745 in dendibakh perf-ninja (CVSS 10) — remote code injection flaw in labs/misc/pgo/lua & ldo.C. No exploits yet, but restrict access, monitor logs, and prep for urgent patches. Full system compromise risk. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • InsightSoftwareConsortium
  • ITK

24 Mar 2026
Published
24 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.04%

KEV

Description

Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-4739 (CRITICAL, CVSS 9.4) in ITK: Integer overflow in Expat XML parser enables remote code execution or DoS in medical/scientific apps. Update to v2.7.1 now. User interaction required. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago
Showing 11 to 20 of 50 CVEs