2026-03-30
2026-03-30 00:16Z
HIGH

CVE-2026-2370 — Gitlab Gitlab: has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2370

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks. CVSSv3.1 8.1 (HIGH)

CWECWE 233VNDGitlabTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-30
2026-03-30 00:00Z
HIGH

Incident responders, s'il vous plait: Invites lead to odd malware events

Sophos X-Ops·news.sophos.com

Sophos X-Ops tracked a phishing campaign (STAC6405) targeting 80+ organizations since April 2025, primarily in the US, using invitation-themed lures to trick users into installing legitimate RMM tools (LogMeIn Resolve, ScreenConnect) preconfigured to attacker-controlled accounts. In two cases, attackers escalated to deploy an infostealer and a Java-based RAT, suggesting either access-as-a-service resale or active experimentation; campaign infrastructure remains active as of publication.

SRFApplicationSRFOsTACTA0005TACTA0001TACTA0002TACTA0006TACTA0007TACTA0009
76
Edit Score
2026-03-30
2026-03-30 00:00Z
CRIT

TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM

Trend Micro Research·trendmicro.comin the wild

TeamPCP compromised Telnyx Python SDK versions 4.87.1 and 4.87.2 on PyPI, injecting malicious code that activates on import. The payload uses split-file injection, WAV-based steganography to hide credential-stealing malware, and adds Windows persistence via Startup folder placement—a significant evolution from their earlier LiteLLM attack. PyPI quarantined the packages after ~6.5 hours of exposure; affected systems should be treated as fully compromised.

SRFApplicationTACTA0004TACTA0001TACTA0006TACTA0007TACTA0003TACTA0009SRFSupply Chain
92
Edit Score
2026-03-29
2026-03-29 20:07Z
CRIT

Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)

watchTowr Labs·labs.watchtowr.comCVE-2026-3055in the wild0day

watchTowr Labs disclosed that CVE-2026-3055 is not a single vulnerability but at least two distinct memory overread flaws in Citrix NetScaler affecting /saml/login and /wsfed/passive endpoints. The /wsfed/passive variant leaks kilobytes of memory via a malformed wctx parameter lacking a value, returning sensitive data including active administrative session IDs in base64-encoded NSC_TASS cookies. In-the-wild exploitation began by March 27th, 2026, with evidence from watchTowr's honeypot network showing threat actor activity.

SRFNetwork ApplianceTACTA0006TACTA0007VNDCitrixTYPResearchTYPExploitTYPVulnerabilitySTGInitial Access
92
Edit Score
2026-03-29
2026-03-29 17:16Z
HIGH

CVE-2026-34005 — Sofia: In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34005

In Sofia on Xiongmai DVR/NVR (AHB7008T-MH-V2 and NBD7024H-P) 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol (TCP port 34567) request to the NetWork.NetCommon configuration handler, because system() is used. CVSSv3.1 8.8 (HIGH) · EPSS 28th percentile

CWECWE 78VNDSofiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-28
2026-03-28 20:39Z
HIGH

The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)

watchTowr Labs·labs.watchtowr.comCVE-2026-3055

watchTowr Labs disclosed CVE-2026-3055, a memory overread vulnerability in Citrix NetScaler/Gateway when configured as a SAML IdP. The flaw allows unauthenticated attackers to leak sensitive memory contents via malformed SAML requests, potentially exposing credentials and session data. The vulnerability affects versions before 14.1-26.x and is patched in 14.1-60.58, 14.1-66.59, and 13.1-62.23+.

TACTA0001SRFNetwork ApplianceTACTA0006SRFIdentityVNDCitrixTYPWriteupTYPVulnerabilitySTGInitial Access
78
Edit Score
2026-03-28
2026-03-28 19:16Z
CRIT

CVE-2026-3256 — Ktat Http\: HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3256

HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. The CVSSv3.1 9.8 (CRITICAL) · EPSS 41th percentile

CWECWE 338CWECWE 340VNDHttpVNDKtatTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-28
2026-03-28 12:16Z
HIGH

CVE-2018-25225 — Sipp_project Sipp: 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25225

SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets. CVSSv3.1 8.4 (HIGH)

CWECWE 306VNDSipp ProjectVNDSippTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:16Z
HIGH

CVE-2018-25222 — SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25222

SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context. CVSSv3.1 8.4 (HIGH) · EPSS 6th percentile

CWECWE 787TYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:16Z
CRIT

CVE-2017-20227 — Varaneckas Jad_java_decompiler: JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-20227

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDVaraneckasVNDJadTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-28
2026-03-28 12:16Z
HIGH

CVE-2017-20226 — Mapscrn: 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-20226

Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service. CVSSv3.1 8.4 (HIGH) · EPSS 5th percentile

CWECWE 787VNDMapscrnTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:16Z
CRIT

CVE-2017-20225 — Ticalc Tiemu: 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-20225

TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDTicalcVNDTiemuTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-28
2026-03-28 12:16Z
HIGH

CVE-2016-20048 — iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20048

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges. CVSSv3.1 8.4 (HIGH) · EPSS 7th percentile

CWECWE 22TYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:16Z
HIGH

CVE-2016-20046 — Client: zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20046

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges. CVSSv3.1 8.4 (HIGH) · EPSS 5th percentile

CWECWE 787TYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:16Z
HIGH

CVE-2016-20045 — Hnb_project Hierarchical_notebook: HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20045

HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return address to overwrite the stack and achieve code execution. CVSSv3.1 8.4 (HIGH)

CWECWE 787VNDHnb ProjectVNDHnbTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:16Z
HIGH

CVE-2016-20044 — Surf Pinfo: 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20044

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges. CVSSv3.1 8.4 (HIGH)

CWECWE 787VNDSurfVNDPinfoTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:16Z
HIGH

CVE-2016-20043 — Nrss Nrss: RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20043

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the return address and achieve code execution. CVSSv3.1 8.4 (HIGH)

CWECWE 787VNDNrssTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:16Z
HIGH

CVE-2016-20042 — TRN: 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20042

TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges. CVSSv3.1 8.4 (HIGH) · EPSS 5th percentile

CWECWE 787VNDTrnTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:15Z
HIGH

CVE-2016-20041 — Yasr: 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20041

Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution. CVSSv3.1 8.4 (HIGH) · EPSS 7th percentile

CWECWE 22VNDYasrTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:15Z
HIGH

CVE-2016-20040 — TiEmu: 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20040

TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses. CVSSv3.1 8.4 (HIGH) · EPSS 7th percentile

CWECWE 22VNDTiemuTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:15Z
HIGH

CVE-2016-20038 — yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20038

yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context. CVSSv3.1 8.4 (HIGH) · EPSS 1th percentile

CWECWE 787TYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-28
2026-03-28 12:15Z
HIGH

CVE-2016-20037 — xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20037

xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by shellcode to overwrite the instruction pointer and achieve code execution or denial of service. CVSSv3.1 8.4 (HIGH) · EPSS 4th percentile

CWECWE 787TYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-27
2026-03-27 23:17Z
HIGH

CVE-2026-4248 — Ultimate: The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4248

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag being processed within post content via the '[um_loggedin]' shortcode, which generates a valid password reset token for the currently logged-in user viewing the page. This makes it possible for authenticated attackers, with Contributor-level access and above, to craft a malicious CVSSv3.1 8.0 (HIGH) · EPSS 10th percentile

CWECWE 285VNDUltimateTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-03-27
2026-03-27 22:16Z
HIGH

CVE-2026-33943 — Capricorn86 Happy_dom: In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33943

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (RCE) by injecting arbitrary JavaScript expressions inside `export { }` declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content into generated code as an executable expression, a CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDCapricorn86VNDHappyTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-27
2026-03-27 22:16Z
HIGH

CVE-2026-33941 — Handlebarsjs Handlebars: provides the power necessary to let users build semantic templates.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI arguments can inject arbitrary JavaScript that executes when the generated bu CVSSv3.1 8.2 (HIGH)

CWECWE 94CWECWE 79CWECWE 116VNDHandlebarsjsVNDHandlebarsTYPVulnerability
8.2
CVSS v3.1
91
Edit Score