24h | 7d | 30d

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
CVE-2026-26133: Microsoft Copilot AI Command Injection Exposes Sensitive Data via Malicious Emails Introduction: A critical vulnerability, designated CVE-2026-26133, has been discovered in Microsoft 365 Copilot, revealing a novel attack vector where malicious text embedded in standard emails can…
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

10 Mar 2026
Published
12 Mar 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
Pending

KEV

Description

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
LnkMeMaybe Deep Dive: Exploiting CVE-2026-25185 for Silent Authentication Coercion + Video Introduction: In the ever-evolving landscape of cybersecurity, the seemingly innocuous Windows shortcut (.lnk) file has once again proven to be a potent attack vector. Recently patched as CVE-2026-25185, a…
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • itsourcecode
  • University Management System

11 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
Pending

KEV

Description

A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3944 - A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. Thi... https://www.cyberhub.blog/cves/CVE-2026-3944
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
Analyzing "Zombie Zip" Files (CVE-2026-0866) isc.sans.edu/diary/32786?n
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Microsoft
  • ASP.NET Core 10.0

10 Mar 2026
Published
12 Mar 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26130 impacts Microsoft.AspNetCore.App.Runtime.linux-x64 in 4 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/448 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • OneUptime
  • oneuptime

10 Mar 2026
Published
10 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
Pending

KEV

Description

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the server trusts this client-supplied header, internal permission checks in BasePermission are skipped and tenant scoping is disabled. This allows attackers to access project data belonging to other tenants, read sensitive User fields via nested relations, leak plaintext resetPasswordToken, and reset the victim’s password and fully take over the account. This results in cross‑tenant data exposure and full account takeover. This vulnerability is fixed in 10.0.21.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-30956 - OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isola... https://www.cyberhub.blog/cves/CVE-2026-30956
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • OliveTin
  • OliveTin

10 Mar 2026
Published
11 Mar 2026
Updated

CVSS v3.1
HIGH (8.5)
EPSS
0.21%

KEV

Description

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file path, allowing an attacker to use directory traversal sequences (e.g., ../../../) to write files to arbitrary locations on the filesystem. This vulnerability is fixed in 3000.11.2.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-31817 - OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists e... https://www.cyberhub.blog/cves/CVE-2026-31817
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • parse-community
  • parse-server

07 Mar 2026
Published
09 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.07%

KEV

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is not set (clientId for Google/Apple, appIds for Facebook), JWT verification silently skips audience claim validation. This allows an attacker to use a validly signed JWT issued for a different application to authenticate as any user on the target Parse Server. This issue has been patched in versions 8.6.10 and 9.5.0-alpha.11.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
CVE-2026-30863 - Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters scq.ms/4cA5zRU
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Honeywell
  • IQ4E

12 Mar 2026
Published
12 Mar 2026
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
Pending

KEV

Description

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a web user is created via U.htm, which dynamically enables the user module. Because this function is accessible prior to authentication, a remote user can create a new account with administrative read/write permissions enabling the user module and imposing authentication under attacker-controlled credentials. This action can effectively lock legitimate operators out of local and web-based configuration and administration.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-3611 impacts Honeywell IQ4E (v3.50_3.44) — missing web HMI authentication lets remote attackers create admin accounts, lock out operators, and control building systems. Restrict access & create user accounts ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Tenda
  • FH451

07 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.07%

KEV

Description

A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
CVE-2026-3679 - Tenda FH451 QuickIndex formQuickIndex stack-based overflow scq.ms/47w987Y
  • 0
  • 0
  • 0
  • 2h ago
Showing 31 to 40 of 73 CVEs