24h | 7d | 30d

Overview

  • MBS
  • UBR-01 Mk II

09 Mar 2026
Published
09 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.22%

KEV

Description

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2025-41757 - A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not vali... https://www.cyberhub.blog/cves/CVE-2025-41757
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Adobe
  • Adobe Commerce

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.13%

KEV

Description

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized view access of data. Exploitation of this issue does not require user interaction.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-21289 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulne... https://www.cyberhub.blog/cves/CVE-2026-21289
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • OliveTin
  • OliveTin

10 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (8.5)
EPSS
0.21%

KEV

Description

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Bluesky

Profile picture fallback
olivetin: add CVE-2026-31817 to `knownVulnerabilities` https://github.com/NixOS/nixpkgs/pull/498868 #security
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
[Backport release-25.11] olivetin: add CVE-2026-31817 to `knownVulnerabilities` https://github.com/NixOS/nixpkgs/pull/498987 #security
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Adobe
  • Adobe Commerce

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.13%

KEV

Description

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized view access of data. Exploitation of this issue does not require user interaction.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-21309 - Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulne... https://www.cyberhub.blog/cves/CVE-2026-21309
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Adobe
  • Illustrator

10 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-21362 - Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in th... https://www.cyberhub.blog/cves/CVE-2026-21362
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • LabRedesCefetRJ
  • WeGIA

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract($_REQUEST) to populate local variables and then directly concatenates these variables into a SQL query executed via PDO::query. This allows an authenticated (or auth-bypassed) attacker to execute arbitrary SQL commands. This can be used to exfiltrate sensitive data from the database or, as demonstrated in this PoC, cause a time-based delay (denial of service). This vulnerability is fixed in 3.6.6.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: CVE-2026-31896 in WeGIA <3.6.6 enables unauthenticated SQL injection via remover_produto_ocultar.php. Attackers can read or modify DB data. Patch to 3.6.6+ ASAP or apply WAF rules. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Acronis
  • Acronis Cyber Protect 17

05 Mar 2026
Published
09 Mar 2026
Updated

CVSS v3.0
HIGH (7.3)
EPSS
0.01%

KEV

Description

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-28721 - Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41... https://www.cyberhub.blog/cves/CVE-2026-28721
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • grafana
  • grafana

07 Dec 2021
Published
21 Oct 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
97.50%

Description

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture fallback
[Kubernetes for Everyone] β€” Exploiting Grafana (CVE-2021-43798) To Gain SSH Access and Extract… https://meetcyber.net/kubernetes-for-everyone-exploiting-grafana-cve-2021-43798-to-gain-ssh-access-and-extract-c3f02bb2ff8b?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • toxicbishop
  • DSA-with-tsx

07 Mar 2026
Published
09 Mar 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.03%

KEV

Description

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-28678 - DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was foun... https://www.cyberhub.blog/cves/CVE-2026-28678
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • backstage
  • backstage

07 Mar 2026
Published
09 Mar 2026
Updated

CVSS v3.1
HIGH (7.7)
EPSS
0.07%

KEV

Description

Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an mkdocs.yml that causes arbitrary Python code execution, completely bypassing TechDocs' security controls. This issue has been patched in version 1.14.3.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
πŸ“Œ CVE-2026-29186 - Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbi... https://www.cyberhub.blog/cves/CVE-2026-29186
  • 0
  • 0
  • 0
  • 8h ago
Showing 31 to 40 of 80 CVEs