24h | 7d | 30d

Overview

  • psf
  • black

12 Mar 2026
Published
13 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.02%

KEV

Description

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the value of this argument to write cache files to arbitrary file system locations. Fixed in Black 26.3.1.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
CVE-2026-32274 - Black: Arbitrary file writes from unsanitized user input in cache file name scq.ms/4s9DzJH
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • D-Link
  • DIR-513

29 Mar 2026
Published
29 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

đź”´ CVE-2026-5024: HIGH-severity stack buffer overflow in D-Link DIR-513 (v1.10). Remote, no auth needed, public exploit released. Replace ASAP or isolate device & restrict access. No patch from vendor. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • code-projects
  • Accounting System

29 Mar 2026
Published
29 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%

KEV

Description

A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

⚠️ MEDIUM severity SQL Injection (CVE-2026-5035) found in code-projects Accounting System 1.0 (/view_work.php, Parameter Handler). Public exploit available — review your systems and restrict access if possible. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • n8n-io
  • n8n

25 Mar 2026
Published
25 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.24%

KEV

Description

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
CVE-2026-33696 - n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Microsoft
  • Windows 10 Version 1507

10 Jun 2025
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
41.04%

Description

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
📢 CVE-2025-33073 : élévation de privilèges SYSTEM via délégation Kerberos non contrainte 📝 ## 🔍 Contexte Article publié le 27 mars 2026 par P… https://cyberveille.ch/posts/2026-03-28-cve-2025-33073-elevation-de-privileges-system-via-delegation-kerberos-non-contrainte/ #Active_Directory #Cyberveille
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • quickjs-ng
  • quickjs

12 Mar 2026
Published
12 Mar 2026
Updated

CVSS v4.0
MEDIUM (4.8)
EPSS
0.01%

KEV

Description

A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244e92def4cd. Applying a patch is the recommended action to fix this issue.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
quickjs-ng: 0.11.0 -> 0.13.0; quickjs: mark vulnerable for CVE-2026-3979 https://github.com/NixOS/nixpkgs/pull/503250 https://tracker.security.nixos.org/issues/NIXPKGS-2026-0676 #security
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

10 Mar 2026
Published
27 Mar 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.06%

KEV

Description

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture fallback
CVE-2026-24291 (RegPwn): Critical Windows LPE Exploit Exposes Full System Compromise – Patch Now! + Video Introduction: A newly disclosed Windows Local Privilege Escalation (LPE) vulnerability, designated CVE-2026-24291 and dubbed “RegPwn,” leverages improper registry permission assignments to…
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • code-projects
  • Accounting System

29 Mar 2026
Published
29 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%

KEV

Description

A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-5033 (MEDIUM): SQL injection in code-projects Accounting System 1.0 (/view_costumer.php, cos_id) is being actively exploited. Remote risk — monitor and patch as soon as fixes arrive. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Tenda
  • F453

29 Mar 2026
Published
29 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

🔎 HIGH: CVE-2026-5021 in Tenda F453 v1.0.0.3 enables remote stack buffer overflow via /goform/PPTPUserSetting — no auth needed! PoC is public; patch/mitigate now to block total device compromise. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Wavlink
  • WL-WN579X3-C

28 Mar 2026
Published
28 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture fallback

🚨 HIGH severity buffer overflow in Wavlink WL-WN579X3-C (231124): Remote attackers can exploit UPnP Handler to run code. No patch from vendor. Disable UPnP & block remote access immediately. CVE-2026-5004 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago
Showing 11 to 20 of 22 CVEs