24h | 7d | 30d

Overview

  • Bytedesk

08 Mar 2026
Published
11 Mar 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.14%

KEV

Description

A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.4.5.1 is able to mitigate this issue. The patch is named 975e39e4dd527596987559f56c5f9f973f64eff7. Upgrading the affected component is recommended.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

ZAST identified and verified four vulnerabilities in Bytedesk <= 1.3.9:

- CVE-2026-3748 and CVE-2026-3749: dangerous SVG upload flows leading to stored XSS
- CVE-2026-3788 and CVE-2026-3789: SSRF in model-provider enumeration endpoints

Bytedesk is an enterprise IM and customer-service platform with about 405 GitHub stars.

The common lesson across both clusters is that user-controlled values were trusted in boundary-critical roles:
- uploaded SVG content was treated as safe browser-served image material
- caller-supplied apiUrl values were treated as trusted upstream configuration

These cases are worth reviewing as classes, not isolated defects.

Full report: blog.zast.ai/vulnerability%20r

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • MariaDB Foundation
  • MariaDB Server

03 Mar 2026
Published
16 Mar 2026
Updated

CVSS v3.1
MEDIUM (4.3)
EPSS
0.02%

KEV

Description

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture fallback
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago
Showing 71 to 77 of 77 CVEs