24h | 7d | 30d

Overview

  • Microsoft
  • Azure Kubernetes Service

02 Apr 2026
Published
04 Apr 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.05%

KEV

Description

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture fallback

CVE-2026-33105 hits Azure Kubernetes Service with CVSS 10.0. Unauthenticated remote privilege escalation - Microsoft patched it but check your AKS clusters. Critical severity, no user interaction required.

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • MervinPraison
  • PraisonAI

03 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
Pending

KEV

Description

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. This issue has been patched in version 4.5.97.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL vuln in PraisonAI (<4.5.97): CVE-2026-34953 allows any bearer token to bypass auth & gain full access to all agent capabilities. Patch to 4.5.97+ now! No exploits yet. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Intermesh
  • groupoffice

02 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.45%

KEV

Description

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker can achieve Arbitrary File Write, leading directly to Remote Code Execution (RCE) on the server. This issue has been patched in versions 6.8.156, 25.0.90, and 26.0.12.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-34838 (CRITICAL, CVSS 10): Group-Office <6.8.156, <25.0.90, <26.0.12 vulnerable to insecure deserialization (CWE-502). Authenticated attackers can achieve RCE by injecting malicious serialized objects. Patch now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Dan McInerney
  • pymetasploit3
  • pymetasploit3

03 Apr 2026
Published
03 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.85%

KEV

Description

Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions.

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL vuln: pymetasploit3 ≤1.0.6 (CVE-2026-5463) lets attackers inject commands via newline chars in console.run_module_with_output(), risking full session compromise. Avoid untrusted input, watch for patches. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Omnissa
  • Omnissa Workspace ONE UEM

11 Aug 2025
Published
11 Aug 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
3.95%

KEV

Description

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
Omnissa Workspace ONE UEM存在敏感信息洩漏漏洞(CVE-2025-25231) 附POC
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • ShaneIsrael
  • fireshare

02 Apr 2026
Published
02 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.09%

KEV

Description

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file (app/server/fireshare/api.py). An unauthenticated attacker can exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. This issue has been patched in version 1.5.3.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-34745 in ShaneIsrael fireshare (<1.5.3) enables unauth’d file writes to any server path via /api/uploadChunked/public. Upgrade to 1.5.3 ASAP or restrict access. Full details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Microsoft
  • Microsoft Devices Pricing Program

05 Mar 2026
Published
27 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.40%

KEV

Description

Microsoft Devices Pricing Program Remote Code Execution Vulnerability

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

XBOW autonomous AI found 3 critical RCEs in Microsoft Cloud - first time AI discovered production vulnerabilities without source code access. CVE-2026-21536 was flagged as one of March Patch Tuesday's most severe issues. The arms race between researchers and hackers has shifted.

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • FreeBSD
  • FreeBSD

26 Mar 2026
Published
02 Apr 2026
Updated

CVSS
Pending
EPSS
0.18%

KEV

Description

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution in the kernel is possible by an authenticated user that is able to send packets to the kernel's NFS server while kgssapi.ko is loaded into the kernel. In userspace, applications which have librpcgss_sec loaded and run an RPC server are vulnerable to remote code execution from any client able to send it packets. We are not aware of any such applications in the FreeBSD base system.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • MervinPraison
  • PraisonAI

03 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
Pending

KEV

Description

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith() method to the _safe_getattr wrapper, achieving arbitrary OS command execution on the host. This issue has been patched in version 1.5.90.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-34938 in PraisonAI <1.5.90 lets attackers bypass sandbox protections and achieve arbitrary OS command execution. Immediate upgrade to v1.5.90+ required. Full system compromise possible. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • MervinPraison
  • PraisonAI

03 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
Pending

KEV

Description

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-34952 (CRITICAL): PraisonAI < 4.5.97 lets unauthenticated users access /ws & /info — enumerate agents & send arbitrary messages. High confidentiality & integrity risk. Patch to 4.5.97+ now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago
Showing 11 to 20 of 39 CVEs