24h | 7d | 30d

Overview

  • Microsoft
  • Microsoft SQL Server 2016 Service Pack 3 (GDR)

10 Mar 2026
Published
16 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.10%

KEV

Description

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
Microsoft corrige Zero-Day crítico en SQL Server que permite a atacantes tomar el control total como admin | CVE-2026-21262 www.newstecnicas.info.ve/2026/03/micr...
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • TYPO3
  • Extension "E-Mail MFA Provider"
  • ralffreit/mfa-email

17 Mar 2026
Published
17 Mar 2026
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.05%

KEV

Description

The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

⚠️ HIGH severity: CVE-2026-4208 in TYPO3 "E-Mail MFA Provider" lets attackers bypass MFA by reusing/omitting codes due to faulty state reset. Patch or disable the extension and monitor logs for abuse. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • SolaX Power
  • Pocket WiFi 3.0

12 Feb 2026
Published
12 Feb 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

Dans mon expérimentation solaire à la maison, je découvre que mon onduleur SolaX X1-Micro 2 en 1 est une petite merguez :
- qui n'expose pas API (voila pourquoi l'app est bancale)
- les settings ne sont pas accessibles
- probablement incapable de ce mettre à jour
- force l'utilisation du cloud SolaX et son MQTT pas très sécurisé (CVE-2025-15573) et avec une métrique toutes les 5 minutes.

J'ai trouvé ces deux ressources pour le moment :
- github.com/squishykid/solax/is
- forum.hacf.fr/t/integration-po

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • UTT
  • HiPER 810G

09 Mar 2026
Published
10 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.08%

KEV

Description

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
CVE-2026-3814 - UTT HiPER 810G getOneApConfTempEntry strcpy buffer overflow scq.ms/3N8bDqk
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • https://github.com/rails/globalid

09 Feb 2023
Published
02 Aug 2024
Updated

CVSS
Pending
EPSS
1.63%

KEV

Description

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Heads up, #openSUSE community! A new security advisory (openSUSE-SU-2026:10347-1) is out for Tumbleweed addressing CVE-2023-22799 in the GlobalID gem (ruby4.0-rubygem-globalid). Read more: 👉 tinyurl.com/2e3f2k7y #Security
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Mobatek
  • MobaXterm

09 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
HIGH (8.5)
EPSS
0.02%

KEV

Description

MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlier in the search order, resulting in arbitrary code execution in the context of the affected user.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
CVE-2026-25866 - MobaXterm < 26.1 Notepad++ Unquoted Service Path scq.ms/3Nuc1zv
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • elemntor
  • Ally – Web Accessibility & Usability

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
14.93%

KEV

Description

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global_remediations()` method, where it is directly concatenated into an SQL JOIN clause without proper sanitization for SQL context. While `esc_url_raw()` is applied for URL safety, it does not prevent SQL metacharacters (single quotes, parentheses) from being injected. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via time-based blind SQL injection techniques. The Remediation module must be active, which requires the plugin to be connected to an Elementor account.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

Severe SQL Injection Vulnerability in Ally Plugin Poses Risk to Over 400,000 WordPress Websites #wordpress

A critical SQL injection in the Ally WordPress plugin endangers over 400,000 sites (CVE-2026-2413, CVSS 7.5). Upgrading to Ally 4.1.0 is essential to mitigate risk. Learn more in our detailed post and update your site now: ift.tt/1WYSFdO

Source: ift.tt/1WYSFdO | Image: ift.tt/nEQ53R1

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • rails
  • rails

10 Dec 2024
Published
07 Mar 2025
Updated

CVSS v4.0
LOW (2.3)
EPSS
0.12%

KEV

Description

Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
Just posted a comprehensive guide on the new #openSUSE Tumbleweed security update for CVE-2024-54133, which affects the Ruby on Rails Active Storage gem. Read more:👉 tinyurl.com/4p6d4ec6 #Security
  • 0
  • 0
  • 0
  • 20h ago
Showing 21 to 28 of 28 CVEs