24h | 7d | 30d

CVE-2025-4615

Overview

  • Palo Alto Networks
  • Cloud NGFW
09 Oct 2025
Published
01 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.4)
EPSS
0.05%
KEV

Description

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture fallback
ripjyr.bsky.social @ripjyr.bsky.social
Paloaltoの脆弱性情報 「CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: MEDIUM)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2025-4615
  • 0
  • 0
  • 0
  • 18h ago

CVE-2023-4966

Overview

  • Citrix
  • NetScaler ADC
10 Oct 2023
Published
21 Oct 2025
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
94.35%
KEV

Description

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Steele Fortress @steelefortress

CISA just added CVE-2023-4966 to its Known Exploited Vulnerabilities catalog and is giving federal agencies until Thursday to patch Citrix Net Scaler devices.

Read more: steelefortress.com/botzi1

InfoSec

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-23921

Overview

  • Zabbix
  • Zabbix
24 Mar 2026
Published
26 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.03%
KEV

Description

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data through time-based techniques, potentially leading to session identifier disclosure and administrator account compromise.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
【緊急】Zabbix の脆弱性情報 CVE-2026-23921 (CVSS 8.7) – TechHarmony https://blog.usize-tech.com/zabbix-vulnerability-cve-2026-23921/
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-0401

Overview

  • SonicWall
  • SonicOS
24 Feb 2026
Published
24 Feb 2026
Updated
CVSS
Pending
EPSS
0.22%
KEV

Description

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Rémi @remi

Attaque par oreiller à mémoire de forme. Une forme de hack éclair, dite 'blitzHack', fait des ravages dans les chaumières. Tout est documenté dans la CVE-20260401. Correctif nommé 'Padecrandemain' si l'attaque s'est déroulé avec des effets de bords néfastes (fenêtre brisée par exemple) #informatique #ousontmespilules

  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-14819

Overview

  • curl
  • curl
08 Jan 2026
Published
08 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Notepad++ v893: Critical cURL Vulnerability Patched—Why Your Text Editor Just Became a Security Frontline + Video Introduction: A routine text editor update has just become a critical security event. Notepad++ version 8.9.3 addresses a significant vulnerability, CVE-2025-14819, lurking within its…
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-32746

Overview

  • GNU
  • inetutils
13 Mar 2026
Published
23 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.03%
KEV

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Statistics

  • 1 Post
Last activity: 15 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-32746 - GNU inetutils telnetd LINEMODE SLC Buffer Overflow scq.ms/47zeUG3
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-33419

Overview

  • minio
  • minio
24 Mar 2026
Published
25 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.1)
EPSS
0.06%
KEV

Description

MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Service) AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: (1) distinguishable error responses that enable username enumeration, and (2) absence of rate limiting on authentication attempts. An unauthenticated network attacker can enumerate valid LDAP usernames and then perform unlimited password guessing to obtain temporary AWS-style STS credentials, gaining access to the victim's S3 buckets and objects. This issue has been patched in RELEASE.2026-03-17T21-25-16Z.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
ZAST AI @zastai

ZAST.AI has identified and verified CVE-2026-33419 in MinIO, a widely used Go object storage project.

Project page: github.com/minio/minio
Project footprint: 60.5k+ GitHub stars as of March 31, 2026.

The verified issue affects the LDAP-backed STS authentication flow. The endpoint disclosed whether a username existed, accepted repeated password attempts without effective throttling, and returned temporary AWS-style credentials when authentication succeeded.

This is a representative example of why enterprise security teams need automated exploit verification. Individual signals such as distinct error messages or missing throttling can be easy to underestimate in isolation. The real risk emerges when those behaviors compose into a working path that produces valid credentials.

ZAST.AI promotes findings into reports only after successful PoC validation, which supports a zero-false-positive operating model and helps teams prioritize what is demonstrably real.

Full report: blog.zast.ai/security%20resear

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-23898

Overview

  • Joomla! Project
  • Joomla! CMS
01 Apr 2026
Published
01 Apr 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.06%
KEV

Description

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-23898: HIGH-severity flaw in Joomla! CMS (4.0.0-5.4.3, 6.0.0-6.0.3) lets admin-level attackers delete arbitrary files, risking DoS or system compromise. Patch ASAP, restrict high-priv accounts, monitor for deletions. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-33017

Overview

  • langflow-ai
  • langflow
20 Mar 2026
Published
26 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
5.65%
KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture fallback
IT-Connect @it-connect.bsky.social
💣 Langflow Une nouvelle faille a été découverte dans Langflow, un outil open source de création de workflow avec de l'IA. -> CVE-2026-33017 En moins de 24 heures, elle est passée de divulguée à exploitée. 👇 - www.it-connect.fr/langflow-cve... #langflow #infosec #cybersecurite
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-34714

Overview

  • Vim
  • Vim
30 Mar 2026
Published
31 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.2)
EPSS
0.02%
KEV

Description

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
SIOSセキュリティブログを更新しました。 vimの脆弱性(Critical: CVE-2026-34714) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #vim security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 22h ago
Showing 11 to 20 of 42 CVEs