24h | 7d | 30d

CVE-2026-4744

Overview

  • rizonesoft
  • Notepad3
24 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

Out-of-bounds Read vulnerability in rizonesoft Notepad3 (‎scintilla/oniguruma/src modules). This vulnerability is associated with program files regcomp.C‎. This issue affects Notepad3: before 6.25.714.1.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🛡️ CRITICAL: CVE-2026-4744 in rizonesoft Notepad3 (<6.25.714.1) enables out-of-bounds reads — possible data disclosure & crashes. Patch ASAP, restrict access, and avoid untrusted files. More info: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-4746

Overview

  • timeplus-io
  • proton
24 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
Pending
KEV

Description

Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src‎ modules). This vulnerability is associated with program files inflate.C. This issue affects proton: before 1.6.16.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-4746 in timeplus-io proton (<1.6.16) allows remote out-of-bounds writes — risk of code execution, system takeover. No auth or user action needed. Patch when available, restrict access now. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-20163

Overview

  • Splunk
  • Splunk Enterprise
11 Mar 2026
Published
12 Mar 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.07%
KEV

Description

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-20163 - Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise scq.ms/4rm6icV
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-20127

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.86%
KEV

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root&nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.&nbsp;

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
CISA、シスコの深刻な脆弱性を早急に対応するよう通知(CVE-2026-20127) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-33211

Overview

  • tektoncd
  • pipeline
23 Mar 2026
Published
23 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.6)
EPSS
Pending
KEV

Description

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including ServiceAccount tokens. The file contents are returned base64-encoded in `resolutionrequest.status.data`. Versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2 contain a patch.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-33211 in Tekton Pipelines (git resolver) enables path traversal attacks via pathInRepo, exposing sensitive files (like ServiceAccount tokens). Upgrade to fixed versions immediately. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-1390

Overview

  • OpenAnolis
  • Anolis OS
  • libcap
18 Feb 2025
Published
18 Feb 2025
Updated
CVSS v3.1
MEDIUM (6.1)
EPSS
0.04%
KEV

Description

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🔐 Critical security update for the #Ubuntu community! USN-8114-1 addresses CVE-2025-1390, a privilege escalation flaw in the gvfs package. Read more: 👉 tinyurl.com/mupkdd5p #Security
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-30769

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-30769: New BYOVD Killer Enters the Arena—TVicPort64sys Weaponized for Kernel Takeover + Video Introduction: The Bring Your Own Vulnerable Driver (BYOVD) attack technique continues to be a favored method for adversaries seeking to disable security controls and gain kernel-level privileges.…
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-22898

Overview

  • QNAP Systems Inc.
  • QVR Pro
20 Mar 2026
Published
20 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.37%
KEV

Description

A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
QNAPのQVR Proに致命的な脆弱性(CVE-2026-22898) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-22557

Overview

  • Ubiquiti Inc
  • UniFi Network Application
19 Mar 2026
Published
19 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.02%
KEV

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

Statistics

  • 2 Posts
Last activity: 20 hours ago

Fediverse

Profile picture fallback
The IT Nerd @The_IT_Nerd

Ubiquiti Unifi Users Should Update Their Gear ASAP To Protect Themselves From Three Absolutely Critical Vulnerabilities

Users of Ubiquiti Unifi gear should be aware of CVE-2026-22557 which details a super critical vulnerability that can lead to account takeovers. This is what the CVE says: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could…

itnerd.blog/2026/03/23/ubiquit

  • 0
  • 0
  • 1
  • 20h ago

CVE-2026-1090

Overview

  • GitLab
  • GitLab
11 Mar 2026
Published
12 Mar 2026
Updated
CVSS v3.1
HIGH (8.7)
EPSS
0.06%
KEV

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-1090 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab scq.ms/3Nxr2R5
  • 0
  • 0
  • 0
  • 7h ago
Showing 31 to 40 of 46 CVEs