24h | 7d | 30d

CVE-2026-27944

Overview

  • 0xJacky
  • nginx-ui
05 Mar 2026
Published
06 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%
KEV

Description

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Joseph Williams @rhudaur

Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
thecyberexpress.com/cve-2026-2

Posted into Cybersecurity Today @cybersecurity-today-rhudaur

  • 1
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
重大なNginx UIの欠陥CVE-2026-27944により、サーバーのバックアップが危険にさらされる Critical Nginx UI flaw CVE-2026-27944 exposes server backups #SecurityAffairs (Mar 8) securityaffairs.com/189123/secur...
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
ohhara @shiojiri.com
Critical Nginx UI flaw CVE-2026-27944 exposes server backups https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-3630

Overview

  • DeltaWW
  • COMMGR2
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV

Description

Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.

Statistics

  • 2 Posts
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔴 CVE-2026-3630: CRITICAL stack-based buffer overflow in DeltaWW COMMGR2 (ver 0) enables unauthenticated RCE. No patch available. Segment networks, enable IDS/IPS, & monitor for exploitation. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2026-3630 – CRITICAL (9.8) Stack-Based Buffer Overflow in Delta Electronics COMMGR2. A memory handling flaw could allow attackers to overwrite stack memory and potentially execute arbitrary code. Full report: basefortify.eu/cve_reports/... #CVE #IndustrialSecurity #CyberSecurity #InfoSec
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-28432

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 11 hours ago

Fediverse

Profile picture fallback
大松鼠 @snullp

@cdn0x12 感觉CVE-2026-28432这个问题长毛象前年(?)似乎也有类似的,后来修好了。

  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
KIP/JΛYCHØU ⁂ :neocat_cofe: @admin

Moe.Pub更新完成!

今回のアップデートでは重大な脆弱性を修正しています。可及的速やかにアップデートしてください。
This update contains serious vulnerability fixes. Please update to this or the latest version of Misskey as soon as possible.
本次更新修复了多个重要漏洞。请尽快更新至此版本或最新版本的 Misskey。

Release2026.3.1:github.com/misskey-dev/misskey
非官方公告:transfem.social/notes/ajkq30j9
Docker更新:misskey-hub.net/cn/docs/for-ad
更新日志:github.com/misskey-dev/misskey
实例:moe.pub / mk.moe.pub
开放注册:True

#fediverse #misskey #CVE202628431 #CVE202628432 #CVE202628433 #CVE #Update

  • 0
  • 2
  • 0
  • 11h ago

CVE-2026-2796

Overview

  • Mozilla
  • Firefox
24 Feb 2026
Published
06 Mar 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
buherator @buherator
It's a bit hard to find in the announcement publications, but this is the technical analysis of one of the #Firefox bugs Anthropic's #LLM agents found (CVE-2026-2796):

https://red.anthropic.com/2026/exploit/
  • 2
  • 0
  • 0
  • Last hour

CVE-2026-21533

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
27 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
2.74%
KEV

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Prof. Dr. Dennis-Kenji Kipker @kenji

Wie lukrativ der Handel mit Exploits ist, wird anhand einer aktuellen #Sicherheitslücke für das #Microsoft Betriebssystem #Windows deutlich: So wird im Darknet offenbar ein #Exploit für rund 220.000 US-Dollar angeboten.

Laut den verfügbaren Berichten geht es um eine #Schwachstelle in den Remote Desktop Services, die Windows 10, Windows 11 und mehrere Server-Versionen betreffen soll und mit welcher der Angreifer seine Systemrechte unbefugt ausweiten kann:

connect.de/news/windows-sicher #cybersecurity

  • 1
  • 1
  • 0
  • 3h ago

CVE-2026-3768

Overview

  • Tenda
  • F453
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚩 CVE-2026-3768 (HIGH, CVSS 8.7): Stack buffer overflow in Tenda F453 v1.0.0.3 — remote, unauthenticated exploit possible. Public exploit code released. Patch ASAP or restrict remote access! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 13h ago

CVE-2026-3804

Overview

  • Tenda
  • i3
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ HIGH severity: CVE-2026-3804 in Tenda i3 v1.0.0.6(2204) enables remote stack-based buffer overflow via /goform/WifiMacFilterSet. Exploit is public — prioritize mitigation or isolation. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 10h ago

CVE-2026-28289

Overview

  • freescout-help-desk
  • freescout
03 Mar 2026
Published
05 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.03%
KEV

Description

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code Execution (RCE) on the server by uploading a malicious .htaccess file using a zero-width space character prefix to bypass the security check. The vulnerability exists in the sanitizeUploadedFileName() function in app/Http/Helper.php. The function contains a Time-of-Check to Time-of-Use (TOCTOU) flaw where the dot-prefix check occurs before sanitization removes invisible characters. This vulnerability is fixed in 1.8.207.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 FreeScout: Zero‑click RCE non authentifié (CVE‑2026‑28289) corrigé en v1.8.207 📝 Source: OX Security (OX Research). https://cyberveille.ch/posts/2026-03-08-freescout-zero-click-rce-non-authentifie-cve-2026-28289-corrige-en-v1-8-207/ #CVE_2026_28289 #Cyberveille
  • 0
  • 1
  • 0
  • 21h ago

CVE-2026-28794

Overview

  • middleapi
  • orpc
06 Mar 2026
Published
06 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.32%
KEV

Description

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.6, a prototype pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the Node.js process and affects all objects, it can lead to severe security breaches, including authentication bypass, denial of service, and potentially Remote Code Execution. This issue has been patched in version 1.13.6.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-28794 - oRPC: Prototype Pollution in `@orpc/client` via `StandardRPCJsonSerializer` Deserialization scq.ms/4b7tqWn
  • 0
  • 1
  • 0
  • 10h ago

CVE-2025-40130

Overview

  • Linux
  • Linux
12 Nov 2025
Published
01 Dec 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpu_latency_qos_add/remove/update_request interfaces lack internal synchronization by design, requiring the caller to ensure thread safety. The current implementation relies on the 'pm_qos_enabled' flag, which is insufficient to prevent concurrent access and cannot serve as a proper synchronization mechanism. This has led to data races and list corruption issues. A typical race condition call trace is: [Thread A] ufshcd_pm_qos_exit() --> cpu_latency_qos_remove_request() --> cpu_latency_qos_apply(); --> pm_qos_update_target() --> plist_del <--(1) delete plist node --> memset(req, 0, sizeof(*req)); --> hba->pm_qos_enabled = false; [Thread B] ufshcd_devfreq_target --> ufshcd_devfreq_scale --> ufshcd_scale_clks --> ufshcd_pm_qos_update <--(2) pm_qos_enabled is true --> cpu_latency_qos_update_request --> pm_qos_update_target --> plist_del <--(3) plist node use-after-free Introduces a dedicated mutex to serialize PM QoS operations, preventing data races and ensuring safe access to PM QoS resources, including sysfs interface reads.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 6 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Urgent for SUSE Linux Micro 6.2 admins! A new important kernel live patch (SUSE-SU-2026:20643-1) is out for CVE-2025-40130. Read more: 👉 tinyurl.com/2p4d9uu5 #SUSE #Security
  • 0
  • 1
  • 0
  • 6h ago
Showing 1 to 10 of 32 CVEs