24h | 7d | 30d

Overview

  • ISC
  • BIND 9

25 Mar 2026
Published
25 Mar 2026
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
0.01%

KEV

Description

Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 4 hours ago

Fediverse

Profile picture fallback

es gibt neue BIND 9 Versionen, in denen wurden Sicherheitsprobleme vorheriger Versionen gefixed:

kb.isc.org/docs/cve-2026-1519
kb.isc.org/docs/cve-2026-3104
kb.isc.org/docs/cve-2026-3119
kb.isc.org/docs/cve-2026-3591

u.a. Denial-of-Service bei BIND 9 Revolvern (CPU-Auslastung, Speicherauslastung, Crash).

Die ISC-Repositories haben die neuen Versionen

- 9.18.47
- 9.20.21

Ich empfehle ein Update, sobald die neuen BIND 9 Versionen in den Repositories der Linux-Distribution verfügbar ist.

  • 0
  • 1
  • 0
  • 4h ago

Bluesky

Profile picture fallback
BIND 9.20.xの脆弱性(DNSサービスの停止)について(CVE-2026-3119) - フルリゾルバー(キャッシュDNSサーバー)/権威DNSサーバーの双方が対象、 バージョンアップを強く推奨 - https://jprs.jp/tech/security/2026-03-26-bind9-vuln-tkey.html
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
SIOSセキュリティブログを更新しました。 BIND 9の脆弱性(High: CVE-2026-1519, CVE-2026-3104, Medium: CVE-2026-3119, CVE-2026-3591)と9.18.47, 9.20.21, 9.21.20のリリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise

26 Jan 2026
Published
22 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
6.58%

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 2 Posts

Last activity: 7 hours ago

Bluesky

Profile picture fallback
Pawn Storm (APT28) deployed PRISMEX malware targeting Ukraine’s defense supply chain and NATO logistics. The campaign uses steganography, COM hijacking, cloud abuse, and exploits CVE-2026-21509/21513. #PawnStorm #Ukraine #APT
  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
~Trendmicro~ Pawn Storm exploits zero-days (CVE-2026-21513, CVE-2026-21509) deploying PRISMEX malware against Ukraine & NATO allies. - IOCs: wellnesscaremed. com - #APT28 #PRISMEX #ThreatIntel
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Linux
  • Linux

22 Aug 2025
Published
18 Mar 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Exploiting a use-after-free vulnerability in the Linux kernel’s packet socket subsystem, caused by a race condition between packet_set_ring() and packet_notifier() (CVE-2025-38617) blog.calif.io/p/a-race-wit... #infosec
  • 2
  • 2
  • 0
  • 2h ago

Overview

  • magic-wormhole
  • magic-wormhole

12 Mar 2026
Published
13 Mar 2026
Updated

CVSS v4.0
HIGH (8.2)
EPSS
0.08%

KEV

Description

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file (wormhole receive) from a malicious party could result in overwriting critical local files, including ~/.ssh/authorized_keys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file (the party who runs wormhole send) can mount the attack. Other parties (including the transit/relay servers) are excluded by the wormhole protocol. This vulnerability is fixed in 0.23.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Fediverse

Profile picture fallback

This month's exciting release fixes our first official[1] CVE for magic wormhole!

To improve your local machine's safety, please upgrade to magic wormhole 0.23.0

pypi.org/project/magic-wormhol

[1] nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 0
  • 0
  • 21h ago

Overview

  • RATOC Systems, Inc.
  • RATOC RAID Monitoring Manager for Windows

26 Mar 2026
Published
26 Mar 2026
Updated

CVSS v3.0
HIGH (7.8)
EPSS
0.01%

KEV

Description

The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 8 hours ago

Fediverse

Profile picture fallback

🛡️ HIGH-severity: CVE-2026-28760 in RATOC RAID Monitoring Manager for Windows (<2.00.009.260220) allows DLL hijacking — local attackers may run code as admin. Patch ASAP, restrict installer access, and audit installs. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 8h ago

Overview

  • n8n-io
  • n8n

25 Mar 2026
Published
25 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.11%

KEV

Description

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.26. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 14 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL RCE in n8n (CVE-2026-33660): Auth'd users can exploit Merge node SQL to read files & execute code on n8n host. Patch to 2.14.1/2.13.3/1.123.26 ASAP. Limit permissions if you can't patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 14h ago

Overview

  • Lenovo
  • ThinkPad T14 Gen 5 BIOS

11 Mar 2026
Published
13 Mar 2026
Updated

CVSS v4.0
HIGH (8.4)
EPSS
0.02%

KEV

Description

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 15 hours ago

Bluesky

Profile picture fallback
CVE-2026-0940 - Lenovo ThinkPad BIOS Initialization Vulnerability scq.ms/4s7kZ4U
  • 0
  • 1
  • 0
  • 15h ago

Overview

  • WHILL
  • Model C2 Electric Wheelchair

05 Jan 2026
Published
05 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.12%

KEV

Description

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 20 hours ago

Fediverse

Profile picture fallback

Vulnerabilidade até na cadeira de roda!

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 20h ago

Overview

  • curl
  • curl

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
Bearer Token Leaked to Attacker via .netrc Despite CVE-2026-3783 Fix https://hackerone.com/reports/3611825
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • NetScaler
  • ADC

23 Mar 2026
Published
24 Mar 2026
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.02%

KEV

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Statistics

  • 2 Posts

Last activity: 21 hours ago

Bluesky

Profile picture fallback
Citrix has patched critical vulnerabilities CVE-2026-3055 and CVE-2026-4368 in NetScaler ADC and Gateway appliances, exposing risks of session token theft and session mix-ups. #NetScaler #SAML #USA
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
~Ncsc~ Update Citrix NetScaler ADC & Gateway immediately to mitigate two flaws (CVE-2026-3055, CVE-2026-4368) causing memory overread and session mixups. - IOCs: CVE-2026-3055, CVE-2026-4368 - #Citrix #NetScaler #ThreatIntel
  • 0
  • 0
  • 0
  • 21h ago
Showing 11 to 20 of 48 CVEs