24h | 7d | 30d

Overview

  • MBS
  • UBR-01 Mk II

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.10%

KEV

Description

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-41756 - A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files o... https://www.cyberhub.blog/cves/CVE-2025-41756
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • OneUptime
  • oneuptime

10 Mar 2026
Published
10 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
Pending

KEV

Description

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the server trusts this client-supplied header, internal permission checks in BasePermission are skipped and tenant scoping is disabled. This allows attackers to access project data belonging to other tenants, read sensitive User fields via nested relations, leak plaintext resetPasswordToken, and reset the victim’s password and fully take over the account. This results in cross‑tenant data exposure and full account takeover. This vulnerability is fixed in 10.0.21.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
📌 CVE-2026-30956 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isola... https://www.cyberhub.blog/cves/CVE-2026-30956
  • 0
  • 0
  • 0
  • Last hour

Overview

  • express-rate-limit
  • express-rate-limit

07 Mar 2026
Published
09 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking (/56 by default) to all addresses that net.isIPv6() returns true for. This includes IPv4-mapped IPv6 addresses (::ffff:x.x.x.x), which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all IPv4-mapped addresses are zero, a /56 (or any /32 to /80) subnet mask produces the same network key (::/56) for every IPv4 client. This collapses all IPv4 traffic into a single rate-limit bucket: one client exhausting the limit causes HTTP 429 for all other IPv4 clients. This issue has been patched in versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-30827 - express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3... https://www.cyberhub.blog/cves/CVE-2026-30827
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise

10 Mar 2026
Published
12 Mar 2026
Updated

CVSS v3.1
HIGH (8.4)
EPSS
Pending

KEV

Description

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
CVE-2026-26110, a type confusion vulnerability in Microsoft Office, enables unauthorised attackers to execute malicious code locally via the Preview Pane. This flaw affects Office 2016 through 2024 and Microsoft 365 across Windows and macOS, with low attack complexity and no privileges required.
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Pending

10 Mar 2026
Published
10 Mar 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-70244 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup. https://www.cyberhub.blog/cves/CVE-2025-70244
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • IceWhaleTech
  • ZimaOS

05 Mar 2026
Published
06 Mar 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
Pending

KEV

Description

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be bypassed. By altering the path parameter in the delete request, internal OS files and directories can be removed successfully. The backend processes these manipulated requests without validating whether the targeted path belongs to restricted system locations. This demonstrates improper input validation and broken access control on sensitive filesystem operations. No known public patch is available.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
📌 CVE-2026-28442 - ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from delet... https://www.cyberhub.blog/cves/CVE-2026-28442
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • MBS
  • UBR-01 Mk II

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.22%

KEV

Description

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-41757 - A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not vali... https://www.cyberhub.blog/cves/CVE-2025-41757
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Adobe
  • Adobe Commerce

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.13%

KEV

Description

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized view access of data. Exploitation of this issue does not require user interaction.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-21289 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulne... https://www.cyberhub.blog/cves/CVE-2026-21289
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • OliveTin
  • OliveTin

10 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (8.5)
EPSS
0.21%

KEV

Description

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2.

Statistics

  • 2 Posts

Last activity: 20 hours ago

Bluesky

Profile picture fallback
olivetin: add CVE-2026-31817 to `knownVulnerabilities` https://github.com/NixOS/nixpkgs/pull/498868 #security
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
[Backport release-25.11] olivetin: add CVE-2026-31817 to `knownVulnerabilities` https://github.com/NixOS/nixpkgs/pull/498987 #security
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Mozilla
  • Firefox

24 Feb 2026
Published
26 Feb 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
The SUSE-SU-2026:0871-1 advisory for MozillaFirefox is out. It's a big one: 37 CVEs, including multiple sandbox escapes (CVE-2026-2760, -2768) that bypass browser security. Read more: 👉 tinyurl.com/mtuv8f7e #Security #SUSE
  • 0
  • 0
  • 0
  • 1h ago
Showing 31 to 40 of 89 CVEs