24h | 7d | 30d

Overview

  • Oracle Corporation
  • Oracle Identity Manager

20 Mar 2026
Published
20 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.02%

KEV

Description

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager and Oracle Web Services Manager. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager and Oracle Web Services Manager. Note: Oracle Web Services Manager is installed with an Oracle Fusion Middleware Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • onnx
  • onnx

18 Mar 2026
Published
18 Mar 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.01%

KEV

Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available.

Statistics

  • 2 Posts

Last activity: 23 hours ago

Bluesky

Profile picture fallback
ONNX Hub silent=True suppresses all trust verification, enabling supply chain attacks on ML model loading (CVE-2026-28500, CVSS 9.1, no patch available)
  • 0
  • 0
  • 1
  • 23h ago

Overview

  • MiCode
  • FileExplorer
  • net.micode.fileexplorer

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.08%

KEV

Description

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
CVE-2026-29515 - MiCode FileExplorer SwiFTP Server Authentication Bypass scq.ms/4cALdYB
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • projectworlds
  • Online Notes Sharing System

22 Mar 2026
Published
22 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%

KEV

Description

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

🛡️ CVE-2026-4540: MEDIUM-severity SQL Injection in projectworlds Online Notes Sharing System v1.0. Exploit code is public, no active attacks yet. Patch or mitigate — focus on the 'Benutzer' param in /login.php. More info: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Adobe
  • Adobe Commerce

13 Jun 2024
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
94.15%

Description

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
How a Single Malicious XML Payload Exposed LG’s API to Remote Code Execution (CVE-2024-34102) + Video Introduction: The discovery of a critical security vulnerability in LG Electronics’ API infrastructure highlights the persistent danger of improperly configured XML parsers. When a researcher…
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • WellChoose
  • IFTOP

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.26%

KEV

Description

IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
CVE-2026-3826 - WellChoose|IFTOP - Local File Inclusion scq.ms/46W0PlL
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • smub
  • ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.05%

KEV

Description

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `update_settings()` function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible for authenticated attackers with the `exactmetrics_save_settings` capability to modify any plugin setting, including the `save_settings` option that controls which user roles have access to plugin functionality. The admin intended to delegate configuration access to a trusted user, not enable that user to delegate access to everyone. By setting `save_settings` to include `subscriber`, an attacker can grant plugin administrative access to all subscribers on the site.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
CVE-2026-1993 - ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update scq.ms/4lnBQ0x
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • ultrajson
  • ultrajson

20 Mar 2026
Published
20 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.04%

KEV

Description

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the Python interpreter (segmentation fault) when the product of the indent parameter and the nested depth of the input exceeds INT32_MAX. It can also get stuck in an infinite loop if the indent is a large negative number. Both are caused by an integer overflow/underflow whilst calculating how much memory to reserve for indentation. And both can be used to achieve denial of service. To be vulnerable, a service must call ujson.dump()/ujson.dumps()/ujson.encode() whilst giving untrusted users control over the indent parameter and not restrict that indentation to reasonably small non-negative values. A service may also be vulnerable to the infinite loop if it uses a fixed negative indent. An underflow always occurs for any negative indent when the input data is at least one level nested but, for small negative indents, the underflow is usually accidentally rectified by another overflow. This issue has been fixed in version 5.12.0.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 6 hours ago

Bluesky

Profile picture fallback
#Fedora 43 users: A critical buffer overflow vulnerability (CVE-2026-32875) has been found in python-ujson. If you're a developer, this is a MUST-FIX. Read more: 👉 tinyurl.com/5825xtrz #Security
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
Critical Security Advisory for #Fedora 42: python-ujson 5.12.0 is out, fixing CVE-2026-32875 (buffer overflow DoS) and CVE-2026-32874 (memory leak). 🛡️ Read more: 👉 tinyurl.com/45nmxz5e #Security
  • 0
  • 1
  • 0
  • 6h ago

Overview

  • D-Link
  • DHP-1320

21 Mar 2026
Published
21 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-4529: HIGH severity stack-based buffer overflow in D-Link DHP-1320 (1.00WWB04) via SOAP Handler. Public exploit out. Device is EOL, no patch — isolate or replace now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

Pending
Published
04 Oct 2023
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Issue has been found to be non-reproducible, therefore not a viable flaw.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture fallback
Is your website secure? A new vulnerability (CVE-2023-4567) in the SPIP publishing engine highlights the importance of constant vigilance. Read more: 👉 tinyurl.com/38p8hufh #Security #ubuntu
  • 0
  • 0
  • 0
  • 4h ago
Showing 11 to 20 of 26 CVEs