24h | 7d | 30d

CVE-2026-21262

Overview

  • Microsoft
  • Microsoft SQL Server 2016 Service Pack 3 (GDR)
10 Mar 2026
Published
16 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.10%
KEV

Description

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
Microsoft corrige Zero-Day crítico en SQL Server que permite a atacantes tomar el control total como admin | CVE-2026-21262 www.newstecnicas.info.ve/2026/03/micr...
  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-4208

Overview

  • TYPO3
  • Extension "E-Mail MFA Provider"
  • ralffreit/mfa-email
17 Mar 2026
Published
17 Mar 2026
Updated
CVSS v4.0
HIGH (7.7)
EPSS
0.05%
KEV

Description

The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ HIGH severity: CVE-2026-4208 in TYPO3 "E-Mail MFA Provider" lets attackers bypass MFA by reusing/omitting codes due to faulty state reset. Patch or disable the extension and monitor logs for abuse. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-15573

Overview

  • SolaX Power
  • Pocket WiFi 3.0
12 Feb 2026
Published
12 Feb 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to devices.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Michael @themimitoof

Dans mon expérimentation solaire à la maison, je découvre que mon onduleur SolaX X1-Micro 2 en 1 est une petite merguez :
- qui n'expose pas API (voila pourquoi l'app est bancale)
- les settings ne sont pas accessibles
- probablement incapable de ce mettre à jour
- force l'utilisation du cloud SolaX et son MQTT pas très sécurisé (CVE-2025-15573) et avec une métrique toutes les 5 minutes.

J'ai trouvé ces deux ressources pour le moment :
- github.com/squishykid/solax/is
- forum.hacf.fr/t/integration-po

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-3814

Overview

  • UTT
  • HiPER 810G
09 Mar 2026
Published
10 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-3814 - UTT HiPER 810G getOneApConfTempEntry strcpy buffer overflow scq.ms/3N8bDqk
  • 0
  • 0
  • 0
  • 14h ago

CVE-2023-22799

Overview

  • https://github.com/rails/globalid
09 Feb 2023
Published
02 Aug 2024
Updated
CVSS
Pending
EPSS
1.63%
KEV

Description

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Heads up, #openSUSE community! A new security advisory (openSUSE-SU-2026:10347-1) is out for Tumbleweed addressing CVE-2023-22799 in the GlobalID gem (ruby4.0-rubygem-globalid). Read more: 👉 tinyurl.com/2e3f2k7y #Security
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-25866

Overview

  • Mobatek
  • MobaXterm
09 Mar 2026
Published
11 Mar 2026
Updated
CVSS v4.0
HIGH (8.5)
EPSS
0.02%
KEV

Description

MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlier in the search order, resulting in arbitrary code execution in the context of the affected user.

Statistics

  • 1 Post
Last activity: 6 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-25866 - MobaXterm < 26.1 Notepad++ Unquoted Service Path scq.ms/3Nuc1zv
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-2413

Overview

  • elemntor
  • Ally – Web Accessibility & Usability
11 Mar 2026
Published
11 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
14.93%
KEV

Description

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global_remediations()` method, where it is directly concatenated into an SQL JOIN clause without proper sanitization for SQL context. While `esc_url_raw()` is applied for URL safety, it does not prevent SQL metacharacters (single quotes, parentheses) from being injected. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via time-based blind SQL injection techniques. The Remediation module must be active, which requires the plugin to be connected to an Elementor account.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
RS Web Solutions (RSWEBSOLS) @rswebsols

Severe SQL Injection Vulnerability in Ally Plugin Poses Risk to Over 400,000 WordPress Websites #wordpress

A critical SQL injection in the Ally WordPress plugin endangers over 400,000 sites (CVE-2026-2413, CVSS 7.5). Upgrading to Ally 4.1.0 is essential to mitigate risk. Learn more in our detailed post and update your site now: ift.tt/1WYSFdO

Source: ift.tt/1WYSFdO | Image: ift.tt/nEQ53R1

  • 0
  • 0
  • 0
  • 20h ago

CVE-2024-54133

Overview

  • rails
  • rails
10 Dec 2024
Published
07 Mar 2025
Updated
CVSS v4.0
LOW (2.3)
EPSS
0.12%
KEV

Description

Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just posted a comprehensive guide on the new #openSUSE Tumbleweed security update for CVE-2024-54133, which affects the Ruby on Rails Active Storage gem. Read more:👉 tinyurl.com/4p6d4ec6 #Security
  • 0
  • 0
  • 0
  • 20h ago
Showing 21 to 28 of 28 CVEs