24h | 7d | 30d

Overview

  • tektoncd
  • pipeline

23 Mar 2026
Published
24 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
0.02%

KEV

Description

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-33211 in Tekton Pipelines (git resolver) enables path traversal attacks via pathInRepo, exposing sensitive files (like ServiceAccount tokens). Upgrade to fixed versions immediately. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

24 Jun 2025
Published
24 Mar 2026
Updated

CVSS
Pending
EPSS
0.17%

KEV

Description

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
CVE-2025-32975: Arctic Wolf Observes Exploitation of Quest KACE Systems Management Appliance #patchmanagement
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • OpenAnolis
  • Anolis OS
  • libcap

18 Feb 2025
Published
18 Feb 2025
Updated

CVSS v3.1
MEDIUM (6.1)
EPSS
0.03%

KEV

Description

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
🔐 Critical security update for the #Ubuntu community! USN-8114-1 addresses CVE-2025-1390, a privilege escalation flaw in the gvfs package. Read more: 👉 tinyurl.com/mupkdd5p #Security
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

If you're using the #ElixirLang NodeJS package, be advised there's an information disclosure security vulnerability (CVE-2026-33872).

It'd be quite difficult for an attacker to intentionally exploit, but fairly easy to accidentally trigger yourself. Update to 3.1.4 ASAP.

github.com/revelrylabs/elixir-

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Google
  • Chrome

12 Dec 2025
Published
26 Feb 2026
Updated

CVSS
Pending
EPSS
0.87%

Description

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
📢 DarkSword : chaîne d'exploit iOS zero-day adoptée par plusieurs acteurs de menace 📝 ## 🔍 Contexte Le 18 mars 2026, le **Google Threat Intelligence… https://cyberveille.ch/posts/2026-03-24-darksword-chaine-d-exploit-ios-zero-day-adoptee-par-plusieurs-acteurs-de-menace/ #CVE_2025_14174 #Cyberveille
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
CVE-2026-30769: New BYOVD Killer Enters the Arena—TVicPort64sys Weaponized for Kernel Takeover + Video Introduction: The Bring Your Own Vulnerable Driver (BYOVD) attack technique continues to be a favored method for adversaries seeking to disable security controls and gain kernel-level privileges.…
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • QNAP Systems Inc.
  • QVR Pro

20 Mar 2026
Published
20 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.37%

KEV

Description

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
QNAPのQVR Proに致命的な脆弱性(CVE-2026-22898) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • acowebs
  • Woocommerce Custom Product Addons Pro

23 Mar 2026
Published
24 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.14%

KEV

Description

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to insufficient sanitization and validation of user-submitted field values before passing them to PHP's eval() function. The sanitize_values() method strips HTML tags but does not escape single quotes or prevent PHP code injection. This makes it possible for unauthenticated attackers to execute arbitrary code on the server by submitting a crafted value to a WCPA text field configured with custom pricing formula (pricingType: "custom" with {this.value}).

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
CVE-2026-4001 (CRITICAL 9.8) WooCommerce Custom Product Addons Pro allows unauthenticated RCE via eval() misuse. 🔎 Full analysis: basefortify.eu/cve_reports/... #CVE #CyberSecurity #WordPress #RCE
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • GitLab
  • GitLab

11 Mar 2026
Published
12 Mar 2026
Updated

CVSS v3.1
HIGH (8.7)
EPSS
0.06%

KEV

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
CVE-2026-1090 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab scq.ms/3Nxr2R5
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Sophos
  • Sophos Firewall

25 Mar 2022
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
94.44%

Description

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

200,886,675 sessions. 101 unique source IPs. March 16–23, 2026.

GreyNoise At The Edge intelligence brief highlights:

1. The MEVSPACE RDP brute-force operator returned after a 99.8% infrastructure collapse — single IP generated 7,975,241 sessions before deliberately withdrawing after 4 days. GreyNoise has tracked a surge-withdraw-reconstitute cycle since January 2026, reinforcing that well-resourced operators can reconstitute capacity within days.

2. Two coordinated campaigns emerged: VPSVAULT.HOST (IoT worm weaponizing 21+ CVEs against 12+ manufacturers) and Omegatech (TLS fingerprint randomization with 5,854 unique JA3s per node).

3. Sophos CVE-2022-1040 exploitation stabilized at 638,654 sessions in its fifth consecutive week. Enterprise VPN credential pressure reached week 9 across five vendors with 2.9M+ combined sessions.

4. n8n CVE-2026-21858 (CVSS 10.0) reached 118,086 sessions with links to MuddyWater and ZeroBot. ICS/SCADA reconnaissance expanded with new HMI and PLC vulnerabilities trending.

🔗 greynoise.io/resources/at-the-

  • 1
  • 1
  • 0
  • 1h ago
Showing 31 to 40 of 54 CVEs