2026-03-27
2026-03-27 01:16Z
CRIT

CVE-2026-33728 — Datadog Dd-trace-java: On JDK version 16 and earlier, an attacker with network access to a JMX

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33728

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exploit this vulnera CVSSv3.1 9.8 (CRITICAL) · EPSS 49th percentile

CWECWE 502VNDDatadogTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-27
2026-03-27 01:16Z
CRIT

CVE-2026-33701 — Linuxfoundation Opentelemetry_instrumentation_for_java: On JDK version 16 and earlier, an attacker with network access to a JMX

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33701

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditio CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDLinuxfoundationVNDOpentelemetryTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-27
2026-03-27 00:16Z
HIGH

CVE-2026-27893 — Vllm Vllm: This enables remote code execution via malicious model repositories even when the user has

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27893

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue. CVSSv3.1 8.8 (HIGH)

CWECWE 693CWECWE 501VNDVllmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-27
2026-03-27 00:00Z
HIGH

Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER

Elastic Security Labs·elastic.co

Elastic Security Labs disclosed BRUSHWORM and BRUSHLOGGER, two custom malware components targeting a South Asian financial institution. BRUSHWORM is a modular backdoor with USB worm propagation, scheduled task persistence, AES-encrypted configuration, and broad file theft capabilities; BRUSHLOGGER is a DLL side-loaded keylogger masquerading as libcurl.dll with system-wide keystroke capture and XOR-encrypted logs. Multiple development versions (V1.exe, V2.exe, etc.) were discovered on VirusTotal, indicating active refinement by an inexperienced threat actor.

SRFApplicationSRFOsTACTA0005TACTA0006TACTA0007TACTA0003TACTA0011TACTA0043
72
Edit Score
2026-03-26
2026-03-26 23:16Z
HIGH

CVE-2026-34352 — Tigervnc Tigervnc: In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-34352

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. CVSSv3.1 8.5 (HIGH) · EPSS 9th percentile

CWECWE 732VNDTigervncTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-03-26
2026-03-26 22:16Z
HIGH

CVE-2025-12805 — Redhat Openshift_ai: This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-12805

A flaw was found in Red Hat OpenShift AI (RHOAI) llama-stack-operator. This vulnerability allows unauthorized access to Llama Stack services deployed in other namespaces via direct network requests, because no NetworkPolicy restricts access to the llama-stack service endpoint. As a result, a user in one namespace can access another user’s Llama Stack instance and potentially view or manipulate sensitive data. CVSSv3.1 8.1 (HIGH) · EPSS 3th percentile

CWECWE 653VNDRedTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-26
2026-03-26 21:17Z
HIGH

CVE-2026-0966 — Libssh Libssh: This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0966

The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSA CVSSv3.1 8.2 (HIGH) · EPSS 24th percentile

CWECWE 124VNDApiVNDLibsshTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-26
2026-03-26 19:17Z
HIGH

CVE-2026-33149 — Tandoor Recipes: Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33149

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.build_absolute_uri() to generate absolute URLs in multiple contexts, including invite link emails, API pagination, and OpenAPI schema generation. An attacker who can send requests to the applicat CVSSv3.1 8.1 (HIGH)

CWECWE 644VNDTandoorTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-26
2026-03-26 19:17Z
CRIT

CVE-2026-30458 — Thedaylightstudio Fuel_cms: An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30458

An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack. CVSSv3.1 9.1 (CRITICAL) · EPSS 33th percentile

CWECWE 620VNDThedaylightstudioVNDDaylightTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-26
2026-03-26 19:16Z
CRIT

CVE-2026-30457 — Thedaylightstudio Dwoo: An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30457

An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code. CVSSv3.1 9.8 (CRITICAL) · EPSS 50th percentile

CWECWE 94VNDThedaylightstudioTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-26
2026-03-26 19:16Z
CRIT

CVE-2026-26213 — Thingino Thingino_firmware: thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26213

thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary commands as root by injecting malicious code through unsanitized HTTP parameter names. Attackers can exploit the eval function in parse_query() and parse_post() functions to achieve remote code execution and perform privileged configuration changes including root CVSSv3.1 9.8 (CRITICAL) · EPSS 46th percentile

CWECWE 78VNDThinginoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-26
2026-03-26 18:16Z
HIGH

CVE-2026-33496 — Ory Oathkeeper: Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33496

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for r CVSSv3.1 8.1 (HIGH)

CWECWE 1289CWECWE 305VNDOryTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-26
2026-03-26 18:16Z
CRIT

CVE-2026-33494 — Ory Oathkeeper: Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33494

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../admin/secrets`) that resolves to a protected path after normalization, but is matched against a permissive rule because the raw, un-normalized path is used during CVSSv3.1 10.0 (CRITICAL)

CWECWE 23VNDOryTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-03-26
2026-03-26 18:16Z
HIGH

CVE-2026-32857 — Firecrawl: version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32857

Firecrawl version 2.8.0 and prior contain a server-side request forgery (SSRF) protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an externally valid URL that passes validation and returns an HTTP redirect to an internal or restricted resource, allowing the browser to follow the redirect and fetch the final destinat CVSSv3.1 8.6 (HIGH) · EPSS 13th percentile

CWECWE 918VNDFirecrawlTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-03-26
2026-03-26 17:49Z
LOW

BloodHound CE v8.9.1

BloodHound releases·github.com

BloodHound CE v8.9.1 released with three bug fixes: TLS 1.2 cipher restrictions (BED-7722), OpenGraph schema_findings table ID column correction (BED-7734), and tagging database deadlock resolution (BED-7446). This is a maintenance release addressing operational stability and security hardening.

SRFApplicationVNDBloodhoundVNDSpecter OpsTYPTool
35
Edit Score
2026-03-26
2026-03-26 16:00Z
HIGH

A year of open source vulnerability trends: CVEs, advisories, and malware

GitHub Security·github.blog

GitHub published its 2025 open source vulnerability trends report, analyzing 4,101 reviewed advisories, 7,197 malware advisories, and 2,903 CVEs. Key findings include a 69% surge in npm malware advisories driven by campaigns like SHA1-Hulud, significant increases in resource exhaustion and SSRF vulnerabilities, and improved CWE tagging specificity. The report provides ecosystem distribution data, vulnerability type rankings, and guidance on prioritizing remediation using CVSS and EPSS scoring.

SRFSupply ChainVNDGithubTYPResearchTYPThreat IntelEXPAuth BypassEXPDeserializationEXPSsrfEXPXss
72
Edit Score
2026-03-26
2026-03-26 16:00Z
INFO

Leveling Up Secure Code Reviews with Claude Code

SpecterOps·specterops.io

SpecterOps publishes a detailed methodology for leveraging Claude Code (Anthropic's LLM) as a force multiplier during secure code reviews in penetration tests. The post demonstrates practical system prompt engineering, context window management, and iterative code flow analysis using BloodHound Community Edition and BadWindowsService as case studies, emphasizing the tool's value in understanding complex codebases and identifying data flow vulnerabilities without relying on false-positive-heavy automated scanning.

SRFApplicationTACTA0007VNDAnthropicVNDSpecteropsTYPTechniqueTYPToolTYPWriteupSTGDiscovery
72
Edit Score
2026-03-26
2026-03-26 14:16Z
HIGH

CVE-2019-25650 — River: Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25650

River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SEH handler address pointing to a pop-pop-ret gadget to trigger code execution and establish a bind shell on port 3110. CVSSv3.1 8.4 (HIGH) · EPSS 5th percentile

CWECWE 787VNDRiverTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-26
2026-03-26 14:16Z
HIGH

CVE-2018-25213 — Nsasoft Nsauditor: 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25213

Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers can craft a payload with SEH chain overwrite and inject shellcode through the DNS Query field to achieve code execution with application privileges. CVSSv3.1 8.4 (HIGH) · EPSS 1th percentile

CWECWE 787VNDNsasoftVNDNsauditorTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-26
2026-03-26 13:16Z
HIGH

CVE-2026-1961 — Foreman: A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-1961

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the c CVSSv3.1 8.0 (HIGH)

CWECWE 78VNDForemanTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-03-26
2026-03-26 13:00Z
HIGH

strongSwan CVE-2026-25075: Integer Underflow in VPN Authentication

Bishop Fox Labs·bishopfox.comCVE-2026-25075

Bishop Fox researchers disclosed CVE-2026-25075, an integer underflow in strongSwan's EAP-TTLS AVP parser affecting versions 4.5.0–6.0.4 (15+ years of releases). Remote unauthenticated attackers can crash the IKE daemon via a malformed AVP header with length=1, causing denial of service; exploitation may require a two-phase attack depending on malloc behavior. The vulnerability is patched in version 6.0.5 and later; Bishop Fox released a safe detection tool that confirms vulnerability without triggering a crash.

SRFNetworkSRFNetwork ApplianceTACTA0040VNDStrongswanTYPToolTYPWriteupTYPVulnerabilitySTGInitial Access
76
Edit Score
2026-03-26
2026-03-26 12:16Z
HIGH

CVE-2018-25206 — KomSeo: Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_item_search' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based injection techniques. CVSSv3.1 8.2 (HIGH) · EPSS 15th percentile

CWECWE 89VNDKomseoTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-26
2026-03-26 12:16Z
HIGH

CVE-2018-25203 — Online: Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25203

Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blind or time-based blind SQL injection payloads in the email field to extract sensitive database information. CVSSv3.1 8.2 (HIGH) · EPSS 31th percentile

CWECWE 89VNDOnlineTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-26
2026-03-26 11:16Z
CRIT

CVE-2026-4809 — plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4809

plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can submit a file containing executable PHP code while declaring a benign image MIME type, resulting in arbitrary file upload. If the uploaded file is stored in a web-accessible and executable location, this may lead to remote code execut CVSSv3.1 9.8 (CRITICAL) · EPSS 68th percentile

CWECWE 434TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-26
2026-03-26 11:16Z
HIGH

CVE-2026-24068 — VSL: This allows an attacker to write files to any location with any data as

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24068

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can connect to this service using the configured protocol. A malicious process is able to call all the functions defined in the corresponding HelperToolProtocol. No validation is performed CVSSv3.1 8.8 (HIGH) · EPSS 15th percentile

CWECWE 306VNDVslTYPVulnerability
8.8
CVSS v3.1
94
Edit Score