24h | 7d | 30d

CVE-2026-3119

Overview

  • ISC
  • BIND 9
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
0.01%
KEV

Description

Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Carsten Strotmann @cstrotm

es gibt neue BIND 9 Versionen, in denen wurden Sicherheitsprobleme vorheriger Versionen gefixed:

kb.isc.org/docs/cve-2026-1519
kb.isc.org/docs/cve-2026-3104
kb.isc.org/docs/cve-2026-3119
kb.isc.org/docs/cve-2026-3591

u.a. Denial-of-Service bei BIND 9 Revolvern (CPU-Auslastung, Speicherauslastung, Crash).

Die ISC-Repositories haben die neuen Versionen

- 9.18.47
- 9.20.21

Ich empfehle ein Update, sobald die neuen BIND 9 Versionen in den Repositories der Linux-Distribution verfügbar ist.

  • 0
  • 1
  • 0
  • 10h ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
BIND 9.20.xの脆弱性(DNSサービスの停止)について(CVE-2026-3119) - フルリゾルバー(キャッシュDNSサーバー)/権威DNSサーバーの双方が対象、 バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-tkey.html
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-3591

Overview

  • ISC
  • BIND 9
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS v3.1
MEDIUM (5.4)
EPSS
0.01%
KEV

Description

A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Carsten Strotmann @cstrotm

es gibt neue BIND 9 Versionen, in denen wurden Sicherheitsprobleme vorheriger Versionen gefixed:

kb.isc.org/docs/cve-2026-1519
kb.isc.org/docs/cve-2026-3104
kb.isc.org/docs/cve-2026-3119
kb.isc.org/docs/cve-2026-3591

u.a. Denial-of-Service bei BIND 9 Revolvern (CPU-Auslastung, Speicherauslastung, Crash).

Die ISC-Repositories haben die neuen Versionen

- 9.18.47
- 9.20.21

Ich empfehle ein Update, sobald die neuen BIND 9 Versionen in den Repositories der Linux-Distribution verfügbar ist.

  • 0
  • 1
  • 0
  • 10h ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
BIND 9.20.xの脆弱性(ACLのバイパス)について(CVE-2026-3591) - フルリゾルバー(キャッシュDNSサーバー)/権威DNSサーバーの双方が対象、 バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-sig0.html
  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-38617

Overview

  • Linux
  • Linux
22 Aug 2025
Published
18 Mar 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.

Statistics

  • 1 Post
  • 5 Interactions
Last activity: 9 hours ago

Bluesky

Profile picture fallback
0xor0ne @0xor0ne.bsky.social
Exploiting a use-after-free vulnerability in the Linux kernel’s packet socket subsystem, caused by a race condition between packet_set_ring() and packet_notifier() (CVE-2025-38617) blog.calif.io/p/a-race-wit... #infosec
  • 2
  • 3
  • 0
  • 9h ago

CVE-2026-3888

Overview

  • snapd
17 Mar 2026
Published
18 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.00%
KEV

Description

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 5 hours ago

Fediverse

Profile picture fallback
fernand0 @fernand0

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit thehackernews.com/2026/03/ubun

  • 1
  • 0
  • 1
  • 5h ago

CVE-2026-20079

Overview

  • Cisco
  • Cisco Secure Firewall Management Center (FMC)
04 Mar 2026
Published
05 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.06%
KEV

Description

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Caitlin Condon @catc0n

After 2+ weeks of semi-painful exploit development, @yeslikethefood and team have a full RCA out for Cisco Secure Firewall Management Center (FMC) CVE-2026-20079.

The bug is a CVSS 10, but there are significant prerequisites that may limit exploitability in real-world scenarios. There are between 300 and 700 FMC systems on the public internet as of today.

vulncheck.com/blog/cisco-fmc-a

  • 0
  • 1
  • 0
  • 1h ago

CVE-2026-28760

Overview

  • RATOC Systems, Inc.
  • RATOC RAID Monitoring Manager for Windows
26 Mar 2026
Published
26 Mar 2026
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.01%
KEV

Description

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 14 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🛡️ HIGH-severity: CVE-2026-28760 in RATOC RAID Monitoring Manager for Windows (<2.00.009.260220) allows DLL hijacking — local attackers may run code as admin. Patch ASAP, restrict installer access, and audit installs. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 14h ago

CVE-2026-33660

Overview

  • n8n-io
  • n8n
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
0.11%
KEV

Description

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 20 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CRITICAL RCE in n8n (CVE-2026-33660): Auth'd users can exploit Merge node SQL to read files & execute code on n8n host. Patch to 2.14.1/2.13.3/1.123.26 ASAP. Limit permissions if you can't patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 20h ago

CVE-2026-0940

Overview

  • Lenovo
  • ThinkPad T14 Gen 5 BIOS
11 Mar 2026
Published
13 Mar 2026
Updated
CVSS v4.0
HIGH (8.4)
EPSS
0.02%
KEV

Description

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-0940 - Lenovo ThinkPad BIOS Initialization Vulnerability scq.ms/4s7kZ4U
  • 0
  • 1
  • 0
  • 21h ago

CVE-2026-3783

Overview

  • curl
  • curl
11 Mar 2026
Published
11 Mar 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture fallback
Securitycipher @securitycipher.bsky.social
Bearer Token Leaked to Attacker via .netrc Despite CVE-2026-3783 Fix https://hackerone.com/reports/3611825
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-33494

Overview

  • ory
  • oathkeeper
26 Mar 2026
Published
26 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
Pending
KEV

Description

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../admin/secrets`) that resolves to a protected path after normalization, but is matched against a permissive rule because the raw, un-normalized path is used during rule evaluation. Version 26.2.0 contains a patch.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CRITICAL: ory oathkeeper (<26.2.0) vulnerable to path traversal (CVE-2026-33494). Attackers can bypass authorization via crafted URLs. Upgrade to 26.2.0+ immediately. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago
Showing 11 to 20 of 58 CVEs