Overview
Description
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.
Statistics
- 1 Post
Last activity: 11 hours ago
Overview
- Copeland
- Copeland XWEB 300D PRO
27 Feb 2026
Published
03 Mar 2026
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.26%
KEV
Description
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the devices field when accessing the get
setup route, leading to remote code execution.
Statistics
- 1 Post
Last activity: 15 hours ago
Overview
- Unisoc (Shanghai) Technologies Co., Ltd.
- T8100/T9100/T8200/T8300
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.16%
KEV
Description
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
Description
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the userβs existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
- Kubernetes
- ingress-nginx
09 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV
Description
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Statistics
- 1 Post
Last activity: 19 hours ago
Fediverse
[Security Advisory] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection #devopsish https://groups.google.com/a/kubernetes.io/g/dev/c/NoW4Ollgoxc/m/m1to2nAqAAAJ?utm_medium=email&utm_source=footer
Overview
- SUSE
- SUSE Linux Enterprise Server
- kernel
05 Mar 2026
Published
05 Mar 2026
Updated
CVSS v3.1
HIGH (7.3)
EPSS
0.04%
KEV
Description
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
Statistics
- 1 Post
Last activity: 5 hours ago
Overview
- OpenClaw
- OpenClaw
05 Mar 2026
Published
10 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.05%
KEV
Description
OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...% to execute unapproved commands beyond the allowlisted operations.
Statistics
- 1 Post
Last activity: 22 hours ago
Overview
- SourceCodester
- Client Database Management System
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%
KEV
Description
A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Statistics
- 1 Post
Last activity: 9 hours ago
Overview
- code-projects
- Student Web Portal
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.04%
KEV
Description
A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Statistics
- 1 Post
Last activity: 7 hours ago
Overview
- zephyrproject-rtos
- Zephyr
- Zephyr
05 Mar 2026
Published
05 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
0.04%
KEV
Description
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
Statistics
- 1 Post
Last activity: 22 hours ago