24h | 7d | 30d

CVE-2026-32746

Overview

  • GNU
  • inetutils
13 Mar 2026
Published
23 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.03%
KEV

Description

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.

Statistics

  • 3 Posts
  • 167 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture fallback
abadidea @0xabad1dea

enjoyed this telnetd analysis. (if you can’t believe anyone has a legitimate operational reason to run telnet, you live in a cozy world indeed) labs.watchtowr.com/a-32-year-o

  • 47
  • 90
  • 0
  • 12h ago
Profile picture fallback
✧✦Catherine✦✧ @whitequark

Yes, the vulnerability is so old, it dates from a time when networks charged on a ‘per-packet basis’.

labs.watchtowr.com/a-32-year-o

  • 8
  • 22
  • 0
  • 12h ago

Bluesky

Profile picture fallback
The Lobste.rs RSS feed @lobsters-feed.bsky.social
A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils CVE-2026-32746) https://lobste.rs/s/udbivp #security #c
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-3055

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.02%
KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

  • 4 Posts
  • 5 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Taggart @mttaggart

Aww yiss another critical Citrix vuln.

bleepingcomputer.com/news/secu

Detection/remediation details here: docs.netscaler.com/en-us/netsc

  • 1
  • 3
  • 0
  • 1h ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
NetScaler ADCおよびゲートウェイの重大な脆弱性が悪用される可能性あり(CVE-2026-3055) Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055) #HelpNetSecurity (Mar 24) www.helpnetsecurity.com/2026/03/24/n...
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
ohhara @shiojiri.com
Citrix NetScalerに新たな脆弱性、悪用される可能性危惧する声も:CVE-2026-3055 | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/44790/
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical NetScaler Flaws Expose Enterprise Networks: Immediate Patching Required for CVE-2026-3055 and CVE-2026-4368 + Video Introduction: NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway serve as critical infrastructure components, acting as the front door for application delivery, VPN…
  • 1
  • 0
  • 0
  • 23h ago

CVE-2026-20963

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016
13 Jan 2026
Published
19 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
7.10%
KEV

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

  • 4 Posts
Last activity: Last hour

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
CVE-2026-20963: SharePointの逆シリアル化におけるリモートコード実行の脆弱性 CVE-2026-20963: SharePoint Deserialization Remote Code Execution Vulnerability #SecurityBoulevard (Mar 24) securityboulevard.com/2026/03/cve-...
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
piggo @pigondrugs.bsky.social
~Certeu~ Unauthenticated RCE flaw (CVE-2026-20963) in Microsoft SharePoint is actively exploited and added to CISA KEV. - IOCs: CVE-2026-20963 - #CVE202620963 #SharePoint #ThreatIntel
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CISA Sounds Alarm: Unauthenticated SharePoint RCE (CVE-2026-20963) Under Active Attack—Patch NOW! + Video Introduction: A critical Microsoft SharePoint vulnerability, initially patched in January 2026, has been escalated to a severity level requiring immediate attention. The Cybersecurity and…
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #Indusface includes "CVE-2026-20963: SharePoint Deserialization Remote Code Execution Vulnerability" and "CVE-2026-27739: Angular SSR Request Vulnerability Enabling Server-Side Request Forgery". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-28864

Overview

  • Apple
  • iOS and iPadOS
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔒 CVE-2026-28864 (HIGH): Local attackers can access Apple Keychain items on iOS, iPadOS, macOS, visionOS, watchOS. Patch to latest OS releases now to protect credentials. No known exploits yet. radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 12h ago
Profile picture fallback
YAYAFA @yayafa

【セキュリティ ニュース】「iOS 26.4」公開、脆弱性38件を修正 – 旧端末向け「iOS 18.7.7」も(1ページ目 / 全1ページ):Security NEXT yayafa.com/2759965/ #Apple #CVE202628864 #IOS264セキュリティアップデート #IPadOS264 #SCIENCE #Science&Technology #SECURITY #Technology #WebKit脆弱性 #カーネル脆弱性 #キーチェーンアクセス問題 #セキュリティ #テクノロジー #ニュース #対策 #旧端末向けiOS1877 #科学 #科学&テクノロジー

  • 1
  • 0
  • 0
  • 9h ago

CVE-2026-3608

Overview

  • ISC
  • Kea
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.02%
KEV

Description

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
ISC.org @iscdotorg

ISC is pleased to announce the releases of Kea 2.6.5 and 3.0.3 (stable) and 3.1.7 (development).

Both stable versions address a vulnerability in Kea DHCP; see our published advisory at kb.isc.org/docs/cve-2026-3608 . Kea 3.1.7 is not susceptible to this CVE, but development versions are not suitable for production use.

The releases are available from the ISC download page at isc.org/download/#Kea.

Thank you for using ISC’s software!

  • 0
  • 2
  • 0
  • 9h ago
Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-3608: HIGH-severity vuln in ISC Kea DHCP (2.6.0 – 2.6.4, 3.0.0 – 3.0.2). Remote attackers can crash daemons, causing DoS. Restrict API/HA access, monitor traffic, and prep failover. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-3888

Overview

  • snapd
17 Mar 2026
Published
18 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.00%
KEV

Description

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

Statistics

  • 1 Post
  • 9 Interactions
Last activity: 22 hours ago

Fediverse

Profile picture fallback
knoppix @knoppix95

A new Ubuntu vulnerability (CVE-2026-3888) allows local users to escalate privileges to root via a timing-based exploit in Ubuntu Desktop 24.04 and newer. ⏱️
The flaw affects systems using older versions of snapd and requires immediate patching. 🔐

🔗 infosecurity-magazine.com/news

#TechNews #Ubuntu #Linux #SecurityFlaw #CVE #PrivilegeEscalation #RootAccess #Cybersecurity #LinuxSecurity #PatchNow #Snap #SystemVulnerabilities #DataProtection #TechUpdates #Privacy #OpenSource #Canonical

  • 3
  • 6
  • 0
  • 22h ago

CVE-2026-0672

Overview

  • Python Software Foundation
  • CPython
20 Jan 2026
Published
03 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.0)
EPSS
0.14%
KEV

Description

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 6 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
SUSE #Python 3.11.15 security advisory (SUSE-SU-2026:20796-1) is out. Rating: Important. 8 CVEs addressed including CVE-2026-0672 (CVSS 8.7) for control character injection in cookies. Read more: 👉 tinyurl.com/28c9s5sk #SUSE
  • 0
  • 1
  • 0
  • 6h ago

CVE-2026-28877

Overview

  • Apple
  • iOS and iPadOS
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture fallback
Rosyna Keller @rosyna

I updated the “Device Name” section of my “How to Fingerprint iOS Users” article to note that iOS 26.4 fixes CVE-2026-28877, which leaked the device name without needing a proper entitlement.

paradisefacade.com/blog/2026/3

  • 0
  • 1
  • 0
  • 16h ago

CVE-2026-33656

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
Last activity: 5 hours ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
CVE-2026-33656: EspoCRM ≤ 9.3.3 — Formula engine ACL gap + path traversal → authenticated RCE (full write-up + PoC)
  • 0
  • 0
  • 1
  • 5h ago

CVE-2026-2343

Overview

  • Unknown
  • PeproDev Ultimate Invoice
25 Mar 2026
Published
25 Mar 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ HIGH: CVE-2026-2343 in PeproDev Ultimate Invoice ≤2.2.5 exposes PII via predictable ZIP archive names in bulk downloads. No auth needed — risk of mass data leaks! Disable feature, restrict access, monitor logs. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago
Showing 1 to 10 of 43 CVEs