24h | 7d | 30d

CVE-2026-3748

Overview

  • Bytedesk
08 Mar 2026
Published
11 Mar 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.14%
KEV

Description

A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.4.5.1 is able to mitigate this issue. The patch is named 975e39e4dd527596987559f56c5f9f973f64eff7. Upgrading the affected component is recommended.

Statistics

  • 1 Post
Last activity: 14 hours ago

Fediverse

Profile picture fallback
ZAST AI @zastai

ZAST identified and verified four vulnerabilities in Bytedesk <= 1.3.9:

- CVE-2026-3748 and CVE-2026-3749: dangerous SVG upload flows leading to stored XSS
- CVE-2026-3788 and CVE-2026-3789: SSRF in model-provider enumeration endpoints

Bytedesk is an enterprise IM and customer-service platform with about 405 GitHub stars.

The common lesson across both clusters is that user-controlled values were trusted in boundary-critical roles:
- uploaded SVG content was treated as safe browser-served image material
- caller-supplied apiUrl values were treated as trusted upstream configuration

These cases are worth reviewing as classes, not isolated defects.

Full report: blog.zast.ai/vulnerability%20r

  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-44168

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-44173

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-44170

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-44171

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-44172

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-3494

Overview

  • MariaDB Foundation
  • MariaDB Server
03 Mar 2026
Published
16 Mar 2026
Updated
CVSS v3.1
MEDIUM (4.3)
EPSS
0.02%
KEV

Description

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 10h ago
Showing 71 to 77 of 77 CVEs