24h | 7d | 30d

Overview

  • Netcore
  • Power 15AX

26 Mar 2026
Published
26 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

🔥 CVE-2026-4840: HIGH-severity OS command injection in Netcore Power 15AX (≤3.0.0.6938). No patch, public exploit out. Remote code execution possible — immediate mitigation needed! Full compromise risk. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • AdguardTeam
  • AdGuardHome

11 Mar 2026
Published
12 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.79%

KEV

Description

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (h2c). Once the upgrade is accepted, the resulting HTTP/2 connection is handled by the inner mux, which has no authentication middleware attached. All subsequent HTTP/2 requests on that connection are processed as fully authenticated, regardless of whether any credentials were provided. This vulnerability is fixed in 0.107.73.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
CVE-2026-32136 - AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass scq.ms/4low3YA
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Microsoft
  • Microsoft Authenticator for Android

10 Mar 2026
Published
24 Mar 2026
Updated

CVSS v3.1
MEDIUM (5.5)
EPSS
0.05%

KEV

Description

Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
Microsoft Authenticator’s Unclaimed Deep Link: A Full Account Takeover Story (CVE-2026–26123) https://infosecwriteups.com/microsoft-authenticators-unclaimed-deep-link-a-full-account-takeover-story-cve-2026-26123-e0409a920a02?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • LLM-Claw

03 Mar 2026
Published
03 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. A patch should be applied to remediate this issue.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
CVE-2025-12345: The New Citrix Bleed That’s Keeping Security Teams Up at Night + Video Introduction: A newly disclosed critical vulnerability in Citrix NetScaler appliances allows unauthenticated attackers to siphon sensitive data from enterprise environments, echoing the traumatic impact of the…
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • WHILL
  • Model C2 Electric Wheelchair

05 Jan 2026
Published
05 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.12%

KEV

Description

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture fallback

Vulnerabilidade até na cadeira de roda!

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Debian
  • dpkg

07 Mar 2026
Published
09 Mar 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
🛡️ CRITICAL SECURITY UPDATE: #SUSE Linux Micro 6.0 🛡️A new Denial of Service vulnerability (CVE-2026-2219) in the dpkg package has been addressed by SUSE. Read more: 👉 tinyurl.com/yjmhfand #Security
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Google
  • Chrome

24 Mar 2026
Published
25 Mar 2026
Updated

CVSS
Pending
EPSS
0.07%

KEV

Description

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
Google、Chromeの高深刻度 脆弱性 8件を修正(CVE-2026-4673〜4680) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • squid-cache
  • squid

26 Mar 2026
Published
26 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
Pending

KEV

Description

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-33526: Critical Use-After-Free in Squid (<7.5) allows remote attackers to crash Squid via ICP traffic. icp_access rules are ineffective. Upgrade to 7.5+ or disable ICP (icp_port=0) ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Nelio Software
  • Nelio AB Testing
  • nelio-ab-testing

25 Mar 2026
Published
25 Mar 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.7.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-32573 in Nelio AB Testing plugin (≤8.2.7) enables code injection on WordPress sites. No active exploits, but risk of remote code execution. Monitor for patches & harden configs. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Oracle Corporation
  • Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in

20 Jan 2026
Published
02 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.03%

KEV

Description

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
A high-interaction honeypot captured rapid exploitation of CVE-2026-21962 and ongoing attacks on older Oracle WebLogic RCEs using rented VPS, automated scanners, path traversal, and Java deserialization techniques. #OracleWebLogic #RCEAttacks
  • 0
  • 0
  • 0
  • 13h ago
Showing 31 to 40 of 48 CVEs