24h | 7d | 30d

CVE-2025-32975

Overview

  • Pending
24 Jun 2025
Published
24 Mar 2026
Updated
CVSS
Pending
EPSS
0.17%
KEV

Description

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Patrick C Miller :donor: @patrickcmiller

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems thehackernews.com/2026/03/hack

  • 0
  • 1
  • 0
  • 2h ago

CVE-2025-4615

Overview

  • Palo Alto Networks
  • Cloud NGFW
09 Oct 2025
Published
01 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.4)
EPSS
0.05%
KEV

Description

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: MEDIUM)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2025-4615
  • 0
  • 0
  • 0
  • 12h ago

CVE-2023-4966

Overview

  • Citrix
  • NetScaler ADC
10 Oct 2023
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
94.35%
KEV

Description

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Steele Fortress @steelefortress

CISA just added CVE-2023-4966 to its Known Exploited Vulnerabilities catalog and is giving federal agencies until Thursday to patch Citrix Net Scaler devices.

Read more: steelefortress.com/botzi1

InfoSec

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-23921

Overview

  • Zabbix
  • Zabbix
24 Mar 2026
Published
26 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.03%
KEV

Description

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data through time-based techniques, potentially leading to session identifier disclosure and administrator account compromise.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
【緊急】Zabbix の脆弱性情報 CVE-2026-23921 (CVSS 8.7) – TechHarmony https://blog.usize-tech.com/zabbix-vulnerability-cve-2026-23921/
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-4800

Overview

  • lodash
  • lodash
31 Mar 2026
Published
31 Mar 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.07%
KEV

Description

Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function(). Patches: Users should upgrade to version 4.18.0. Workarounds: Do not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Fediverse

Profile picture fallback
Ulises Gascon @ulisesgascon

🚨 High-severity security fix in lodash@4.18.0 just released!

Patches CVE-2026-4800 — lodash vulnerable to Code Injection via _.template imports key names

github.com/lodash/lodash/secur

  • 0
  • 0
  • 1
  • 19h ago

CVE-2025-14819

Overview

  • curl
  • curl
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Notepad++ v893: Critical cURL Vulnerability Patched—Why Your Text Editor Just Became a Security Frontline + Video Introduction: A routine text editor update has just become a critical security event. Notepad++ version 8.9.3 addresses a significant vulnerability, CVE-2025-14819, lurking within its…
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-32746

Overview

  • GNU
  • inetutils
13 Mar 2026
Published
23 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.03%
KEV

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-32746 - GNU inetutils telnetd LINEMODE SLC Buffer Overflow scq.ms/47zeUG3
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-33419

Overview

  • minio
  • minio
24 Mar 2026
Published
25 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.1)
EPSS
0.06%
KEV

Description

MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Service) AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: (1) distinguishable error responses that enable username enumeration, and (2) absence of rate limiting on authentication attempts. An unauthenticated network attacker can enumerate valid LDAP usernames and then perform unlimited password guessing to obtain temporary AWS-style STS credentials, gaining access to the victim's S3 buckets and objects. This issue has been patched in RELEASE.2026-03-17T21-25-16Z.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
ZAST AI @zastai

ZAST.AI has identified and verified CVE-2026-33419 in MinIO, a widely used Go object storage project.

Project page: github.com/minio/minio
Project footprint: 60.5k+ GitHub stars as of March 31, 2026.

The verified issue affects the LDAP-backed STS authentication flow. The endpoint disclosed whether a username existed, accepted repeated password attempts without effective throttling, and returned temporary AWS-style credentials when authentication succeeded.

This is a representative example of why enterprise security teams need automated exploit verification. Individual signals such as distinct error messages or missing throttling can be easy to underestimate in isolation. The real risk emerges when those behaviors compose into a working path that produces valid credentials.

ZAST.AI promotes findings into reports only after successful PoC validation, which supports a zero-false-positive operating model and helps teams prioritize what is demonstrably real.

Full report: blog.zast.ai/security%20resear

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-34714

Overview

  • Vim
  • Vim
30 Mar 2026
Published
31 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.2)
EPSS
0.02%
KEV

Description

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 vimの脆弱性(Critical: CVE-2026-34714) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #vim security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-23898

Overview

  • Joomla! Project
  • Joomla! CMS
01 Apr 2026
Published
01 Apr 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.06%
KEV

Description

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-23898: HIGH-severity flaw in Joomla! CMS (4.0.0-5.4.3, 6.0.0-6.0.3) lets admin-level attackers delete arbitrary files, risking DoS or system compromise. Patch ASAP, restrict high-priv accounts, monitor for deletions. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago
Showing 11 to 20 of 53 CVEs