24h | 7d | 30d

CVE-2026-4599

Overview

  • jsrsasign
23 Mar 2026
Published
23 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔥 CRITICAL: CVE-2026-4599 in jsrsasign 7.0.0 – 11.1.1 lets attackers recover private keys via DSA nonce bias. No auth needed — patch ASAP or add nonce checks! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-20127

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.86%
KEV

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
CISA、シスコの深刻な脆弱性を早急に対応するよう通知(CVE-2026-20127) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-14174

Overview

  • Google
  • Chrome
12 Dec 2025
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.87%
KEV

Description

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 DarkSword : un kit d'exploitation iOS utilisé dans des attaques mondiales par plusieurs acteurs 📝 ## 🔍 Contexte Publié le 19 mars 20… https://cyberveille.ch/posts/2026-03-22-darksword-un-kit-d-exploitation-ios-utilise-dans-des-attaques-mondiales-par-plusieurs-acteurs/ #CVE_2025_14174 #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-1390

Overview

  • OpenAnolis
  • Anolis OS
  • libcap
18 Feb 2025
Published
18 Feb 2025
Updated
CVSS v3.1
MEDIUM (6.1)
EPSS
0.04%
KEV

Description

The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🔐 Critical security update for the #Ubuntu community! USN-8114-1 addresses CVE-2025-1390, a privilege escalation flaw in the gvfs package. Read more: 👉 tinyurl.com/mupkdd5p #Security
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-30769

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-30769: New BYOVD Killer Enters the Arena—TVicPort64sys Weaponized for Kernel Takeover + Video Introduction: The Bring Your Own Vulnerable Driver (BYOVD) attack technique continues to be a favored method for adversaries seeking to disable security controls and gain kernel-level privileges.…
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-22730

Overview

  • VMware
  • Spring AI
  • Spring AI
18 Mar 2026
Published
19 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.02%
KEV

Description

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2026-22730 : Injection SQL dans Spring AI MariaDB permettant un contournement du contrôle d'accès 📝 ## 🔍 Contexte Publié le 19 ma… https://cyberveille.ch/posts/2026-03-22-cve-2026-22730-injection-sql-dans-spring-ai-mariadb-permettant-un-contournement-du-controle-d-acces/ #Bugdazz #Cyberveille
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-32968

Overview

  • MB connect line
  • MB connect line mbCONNECT24
23 Mar 2026
Published
23 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.11%
KEV

Description

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.

Statistics

  • 2 Posts
  • 4 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
CVE-2026-32968, CVE-2026-32969

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 1
  • 1
  • 0
  • 13h ago
Profile picture fallback
CERT@VDE @certvde

VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual

Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
CVE-2026-32968, CVE-2026-32969

certvde.com/en/advisories/vde-

helmholz.csaf-tp.certvde.com/.

  • 1
  • 1
  • 0
  • 13h ago

CVE-2026-32969

Overview

  • MB connect line
  • MB connect line mbCONNECT24
23 Mar 2026
Published
23 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.11%
KEV

Description

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Statistics

  • 2 Posts
  • 4 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
CVE-2026-32968, CVE-2026-32969

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 1
  • 1
  • 0
  • 13h ago
Profile picture fallback
CERT@VDE @certvde

VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual

Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
CVE-2026-32968, CVE-2026-32969

certvde.com/en/advisories/vde-

helmholz.csaf-tp.certvde.com/.

  • 1
  • 1
  • 0
  • 13h ago

CVE-2026-28295

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • gvfs
26 Feb 2026
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 5 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
⚠️ URGENT: Canonical issues USN-8114-1 for @Ubuntu 22.04-25.10. Critical GVfs RCE vulns (CVE-2026-28295, CVE-2026-28296) in FTP backend. Read more: 👉 tinyurl.com/mupeehtp #Security
  • 0
  • 1
  • 0
  • 5h ago

CVE-2026-28296

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • gvfs
26 Feb 2026
Published
26 Feb 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 5 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
⚠️ URGENT: Canonical issues USN-8114-1 for @Ubuntu 22.04-25.10. Critical GVfs RCE vulns (CVE-2026-28295, CVE-2026-28296) in FTP backend. Read more: 👉 tinyurl.com/mupeehtp #Security
  • 0
  • 1
  • 0
  • 5h ago
Showing 31 to 40 of 45 CVEs