24h | 7d | 30d

CVE-2026-20131

Overview

  • Cisco
  • Cisco Secure Firewall Management Center (FMC)
04 Mar 2026
Published
25 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.92%
KEV

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 Cisco corrige 4 failles critiques dans Webex Services et Identity Services Engine 📝 ## 🔐 Contexte Publié le 16 avril 2026 sur netcost-security.f… https://cyberveille.ch/posts/2026-04-19-cisco-corrige-4-failles-critiques-dans-webex-services-et-identity-services-engine/ #CVE_2026_20131 #Cyberveille
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-6573

Overview

  • PHPEMS
19 Apr 2026
Published
19 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
Pending
KEV

Description

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚩 SSRF alert: CVE-2026-6573 in PHPEMS 11.0 (MEDIUM, CVSS 5.3) affects /app/exam/controller/exams.master.php via uploadfile argument. Exploit is public — review exposure! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-3055

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
31 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
55.71%
KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture fallback
Taggart :ifin: @mttaggart

Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations

picussecurity.com/resource/blo

  • 3
  • 5
  • 0
  • 19h ago

CVE-2026-4368

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
HIGH (7.7)
EPSS
0.02%
KEV

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture fallback
Taggart :ifin: @mttaggart

Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations

picussecurity.com/resource/blo

  • 3
  • 5
  • 0
  • 19h ago

CVE-2026-21513

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
10 Apr 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
31.03%
KEV

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
(in)sicurezza digitale @blog

PRISMEX: la suite di cyberspionaggio di APT28 che prende di mira Ucraina e alleati NATO con steganografia e cloud C2

APT28 ha lanciato una nuova campagna di cyberspionaggio contro Ucraina e alleati NATO con PRISMEX, una suite di malware inedita che combina steganografia 'Bit Plane Round Robin', COM hijacking e abuso di Filen.io come C2 cifrato. La campagna sfrutta due vulnerabilità Microsoft Office — CVE-2026-21509 e CVE-2026-21513 — con exploit pronti settimane prima della divulgazione pubblica.

insicurezzadigitale.com/prisme

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-6042

Overview

  • musl
  • libc
10 Apr 2026
Published
10 Apr 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.01%
KEV

Description

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Fiona @airtower

Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-21509

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise
26 Jan 2026
Published
01 Apr 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
7.50%
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
(in)sicurezza digitale @blog

PRISMEX: la suite di cyberspionaggio di APT28 che prende di mira Ucraina e alleati NATO con steganografia e cloud C2

APT28 ha lanciato una nuova campagna di cyberspionaggio contro Ucraina e alleati NATO con PRISMEX, una suite di malware inedita che combina steganografia 'Bit Plane Round Robin', COM hijacking e abuso di Filen.io come C2 cifrato. La campagna sfrutta due vulnerabilità Microsoft Office — CVE-2026-21509 e CVE-2026-21513 — con exploit pronti settimane prima della divulgazione pubblica.

insicurezzadigitale.com/prisme

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-40200

Overview

  • musl-libc
  • musl
10 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.02%
KEV

Description

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Fiona @airtower

Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-33827

Overview

  • Microsoft
  • Windows 10 Version 1607
14 Apr 2026
Published
17 Apr 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.06%
KEV

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post
Last activity: 11 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
Microsoft、2026年4月の定例パッチを公開-CVE-2026-33824とCVE-2026-33827などの脆弱性を修正 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-20186

Overview

  • Cisco
  • Cisco Identity Services Engine Software
15 Apr 2026
Published
16 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.23%
KEV

Description

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Cisco patches critical ISE vulnerabilities (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186) enabling remote code execution, root access, and privilege escalation in Identity Services Engine and Webex Services. #CiscoISE #RemoteCode #USA
  • 0
  • 0
  • 0
  • 3h ago
Showing 31 to 40 of 42 CVEs