24h | 7d | 30d

Overview

  • Microsoft
  • Windows Server 2012

14 Oct 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
68.44%

Description

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
Weekly Purple Team Episode: CVE-2025-59287 - Exploiting & Detecting the Critical WSUS RCE
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • siyuan-note
  • siyuan

26 Mar 2026
Published
26 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-33670 in SiYuan (<3.6.2) lets remote attackers exploit /api/file/readDir for path traversal, exposing sensitive files. Patch to 3.6.2+ ASAP! Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • plank
  • laravel-mediable

26 Mar 2026
Published
26 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.39%

KEV

Description

plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can submit a file containing executable PHP code while declaring a benign image MIME type, resulting in arbitrary file upload. If the uploaded file is stored in a web-accessible and executable location, this may lead to remote code execution. At the time of publication, no patch was available and the vendor had not responded to coordinated disclosure attempts.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL vuln in plank/laravel-mediable <=6.4.0 (CVE-2026-4809): attackers can upload malicious PHP files by spoofing MIME types. No patch yet. Disable client MIME trust & enforce server-side checks! Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Tenda
  • W3

12 Mar 2026
Published
12 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.09%

KEV

Description

A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
CVE-2026-4008 - Tenda W3 POST Parameter wifiSSIDset stack-based overflow scq.ms/4lpyom5
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
Node.jsに深刻なDoS 脆弱性(CVE-2026-21710)など rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • F5
  • NGINX Open Source

24 Mar 2026
Published
24 Mar 2026
Updated

CVSS v3.1
HIGH (8.2)
EPSS
0.02%

KEV

Description

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
nginxに深刻なバッファオーバーフロー 脆弱性(CVE-2026-27654)など rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Cisco
  • Cisco Secure Firewall Management Center (FMC)

04 Mar 2026
Published
25 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.65%

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&nbsp;on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

📰 Cisco Firewall Zero-Day Exploited by Interlock Ransomware for Over a Month Before Patch

🚨 ZERO-DAY: A critical Cisco Firewall flaw (CVE-2026-20131) was exploited by Interlock ransomware for 36 days before a patch. CISA has added it to the KEV catalog. Patch now and restrict management interface access! #0day #Ransomware #Cisco

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • path-to-regexp
  • path-to-regexp

26 Mar 2026
Published
26 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.). For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in path-to-regexp@0.1.12 only prevents ambiguity for two parameters. With three or more, the generated lookahead does not block single separator characters, so capture groups overlap and cause catastrophic backtracking. Patches: Upgrade to path-to-regexp@0.1.13 Custom regex patterns in route definitions (e.g., /:a-:b([^-/]+)-:c([^-/]+)) are not affected because they override the default capture group. Workarounds: All versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change /:a-:b-:c to /:a-:b([^-/]+)-:c([^-/]+). If paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length.

Statistics

  • 2 Posts

Last activity: 20 hours ago

Bluesky

Profile picture fallback
🚨 High-severity security fix in path-to-regexp@0.1.13 just released! Patches CVE-2026-4867 — regular Expression Denial of Service via multiple route parameters github.com/pillarjs/pat...
  • 0
  • 0
  • 1
  • 20h ago

Overview

  • Open-Xchange GmbH
  • OX Dovecot Pro

27 Mar 2026
Published
27 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No publicly available exploits are known.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-27858 (HIGH, 7.5): OX Dovecot Pro’s managesieve is at risk of remote DoS via unauthenticated memory exhaustion. Restrict access, monitor logs, and patch ASAP. No public exploits yet, but stay alert. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • NetScaler
  • ADC

23 Mar 2026
Published
24 Mar 2026
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.02%

KEV

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 11 hours ago

Bluesky

Profile picture fallback
Articles about Citrix NetScaler vulnerabilities CVE-2026-3055 and CVE-2026-4368 (26.3.2026) #patchmanagement
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
The latest update for #CyCognito includes "Citrix NetScaler ADC and Gateway Vulnerabilities (CVE-2026-3055 & CVE-2026-4368)" and "Emerging Threat: Ubiquiti UniFi Network Application Path Traversal (CVE-2026-22557)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 1
  • 0
  • 11h ago
Showing 31 to 40 of 60 CVEs