Overview
- Xerox
- FreeFlow Core
27 Feb 2026
Published
28 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%
KEV
Description
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE.
This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.
Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
https://www.support.xerox.com/en-us/product/core/downloads
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
- EV Energy
- ev.energy
27 Feb 2026
Published
03 Mar 2026
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.04%
KEV
Description
The WebSocket backend uses charging station identifiers to uniquely
associate sessions but allows multiple endpoints to connect using the
same session identifier. This implementation results in predictable
session identifiers and enables session hijacking or shadowing, where
the most recent connection displaces the legitimate charging station and
receives backend commands intended for that station. This vulnerability
may allow unauthorized users to authenticate as other users or enable a
malicious actor to cause a denial-of-service condition by overwhelming
the backend with valid session requests.
Statistics
- 1 Post
Last activity: 7 hours ago
Overview
- Ciser System SL
- CSIP firmware
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.30%
KEV
Description
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).
Statistics
- 1 Post
Last activity: 21 hours ago
Fediverse
🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-2584-cwe-89-improper-neutralization-of-sp-3951e11b #OffSeq #CVE20262584 #SQLi #FirmwareSecurity
Overview
- Mobility46
- mobility46.se
27 Feb 2026
Published
03 Mar 2026
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.04%
KEV
Description
The WebSocket backend uses charging station identifiers to uniquely
associate sessions but allows multiple endpoints to connect using the
same session identifier. This implementation results in predictable
session identifiers and enables session hijacking or shadowing, where
the most recent connection displaces the legitimate charging station and
receives backend commands intended for that station. This vulnerability
may allow unauthorized users to authenticate as other users or enable a
malicious actor to cause a denial-of-service condition by overwhelming
the backend with valid session requests.
Statistics
- 1 Post
Last activity: 7 hours ago
Overview
- SolarWinds
- Web Help Desk
28 Jan 2026
Published
27 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
5.22%
KEV
Description
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
Statistics
- 1 Post
Last activity: 9 hours ago
Bluesky
📢 SolarWinds Web Help Desk: chaîne RCE pré-auth par désérialisation et doubles contournements (CVE-2025-40552/40553/4055…📝 …
https://cyberveille.ch/posts/2026-03-02-solarwinds-web-help-desk-chaine-rce-pre-auth-par-deserialisation-et-doubles-contournements-cve-2025-40552-40553-40554/ #IOC #Cyberveil…
Overview
- UnitreeRobotics
- Unitree Go2
26 Feb 2026
Published
27 Feb 2026
Updated
CVSS v4.0
MEDIUM (6.4)
EPSS
0.08%
KEV
Description
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLite database (unitree_go2.db, table dog_programme) and transmits the programme_text content, including the pyCode field, to the robot. The robot's actuator_manager.py executes the supplied Python as root without integrity verification or content validation. An attacker with local access to the Android device can tamper with the stored programme record to inject arbitrary Python that executes when the user triggers the program via a controller keybinding, and the malicious binding persists across reboots. Additionally, a malicious program shared through the application's community marketplace can result in arbitrary code execution on any robot that imports and runs it.
Statistics
- 2 Posts
Last activity: 8 hours ago
Bluesky
📢 Robots Unitree Go2 : deux failles RCE (CVE-2026-27509, CVE-2026-27510) via DDS et base Android
📝 Selon un billet technique publié par Oli…
https://cyberveille.ch/posts/2026-03-02-robots-unitree-go2-deux-failles-rce-cve-2026-27509-cve-2026-27510-via-dds-et-base-android/ #CVE_2026_27509 #Cyberveille
Overview
Description
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.
Statistics
- 1 Post
Last activity: 13 hours ago
Overview
Description
Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/aws-lambda`) behind an Application Load Balancer (ALB), the `getConnInfo()` function incorrectly selected the first value from the `X-Forwarded-For` header. Because AWS ALB appends the real client IP address to the end of the `X-Forwarded-For` header, the first value can be attacker-controlled. This could allow IP-based access control mechanisms (such as the `ipRestriction` middleware) to be bypassed. Version 4.12.2 patches the issue.
Statistics
- 1 Post
Last activity: 13 hours ago
Overview
- CloudCharge
- cloudcharge.se
26 Feb 2026
Published
03 Mar 2026
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.04%
KEV
Description
The WebSocket backend uses charging station identifiers to uniquely
associate sessions but allows multiple endpoints to connect using the
same session identifier. This implementation results in predictable
session identifiers and enables session hijacking or shadowing, where
the most recent connection displaces the legitimate charging station and
receives backend commands intended for that station. This vulnerability
may allow unauthorized users to authenticate as other users or enable a
malicious actor to cause a denial-of-service condition by overwhelming
the backend with valid session requests.
Statistics
- 1 Post
Last activity: 6 hours ago
Overview
- latepoint
- LatePoint – Calendar Booking Plugin for Appointments and Events
02 Mar 2026
Published
03 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV
Description
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to set the 'wordpress_user_id' field. This makes it possible for authenticated attackers, with Agent-level access and above, to gain elevated privileges by linking a customer to the arbitrary user ID, including administrators, and then resetting the password.
Statistics
- 1 Post
Last activity: 6 hours ago
Fediverse
🚩 CVE-2026-1566 (HIGH): LatePoint WordPress plugin lets Agent users reset admin passwords — leads to full privilege escalation. All versions up to 5.2.7 affected. Restrict Agent roles & monitor now. https://radar.offseq.com/threat/cve-2026-1566-cwe-269-improper-privilege-managemen-02d5d7d7 #OffSeq #WordPress #Vuln #Infosec