Overview
- Adobe
- Illustrator
10 Mar 2026
Published
11 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV
Description
Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Statistics
- 1 Post
Last activity: 2 hours ago
Overview
- MBS
- UBR-01 Mk II
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV
Description
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
- toxicbishop
- DSA-with-tsx
07 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV
Description
DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
- charmbracelet
- soft-serve
07 Mar 2026
Published
07 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.04%
KEV
Description
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is blind (the response from a metadata endpoint won't parse as valid LFS JSON), but an attacker hosting a fake LFS server can chain this into full read access to internal services by returning download URLs that point at internal targets. This issue has been patched in version 0.11.4.
Statistics
- 1 Post
Last activity: 2 hours ago
Overview
- Microsoft
- Windows 10 Version 1607
10 Mar 2026
Published
11 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV
Description
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
Statistics
- 2 Posts
Last activity: 2 hours ago
Bluesky
March Patch Tuesday: 80+ CVEs, and over half are privilege escalation bugs. SIX rated "exploitation more likely."
The quiet months are the dangerous ones. Patch now, thank me later. 🔑
🔗 krebsonsecurity.com/2026/03/micr...
#CyberSecurity #PatchTuesday #CVE202625187 #3DNomadic #NomadBlackBook
Google Project Zero dropped CVE-2026-25187 on Microsoft's lap ➡️ a Winlogon weakness that turns a basic user account into full SYSTEM access. No user interaction. Low complexity. James Forshaw basically handed attackers a skeleton key.
#CyberSecurity #PatchTuesday #3DNomadic #NomadBlackBook #InfoSec