2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22499 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22499

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Lella lella allows PHP Local File Inclusion.This issue affects Lella: from n/a through <= 1.2. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22498 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22498

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22496 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22496

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through <= 1.2.10. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22495 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22495

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through <= 1.3.2. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22494 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22494

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through <= 1.3.13. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-22493 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22493

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affects Gaspard: from n/a through <= 1.3. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-22484 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22484

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through <= 1.5.0. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2025-69347 — Authorization: Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69347

Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10. CVSSv3.1 8.6 (HIGH) · EPSS 9th percentile

CWECWE 639TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-03-25
2026-03-25 16:16Z
CRIT

CVE-2026-26832 — Zapolnoch Tesseract_ocr: In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26832

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to child_process.exec() without proper sanitization CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile

CWECWE 78VNDZapolnochTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 15:16Z
CRIT

CVE-2025-59707 — N2ws N2w: In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-59707

In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 52th percentile

CWECWE 290VNDN2wsVNDN2wTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 15:16Z
CRIT

CVE-2025-59706 — N2ws N2w: In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 52th percentile

CWECWE 290VNDN2wsVNDN2wTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 14:16Z
HIGH

CVE-2024-51348 — A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-51348

A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution (RCE) by sending a specially crafted HTTP request. CVSSv3.1 8.8 (HIGH) · EPSS 43th percentile

CWECWE 121TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 11:16Z
HIGH

CVE-2026-31788 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31788

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will deny any hypercalls affecting other domains. In case the guest is booted using secure boot, however, the privcmd driver would be enabling a root user process to modify e.g. kernel mem CVSSv3.1 8.2 (HIGH)

TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 11:16Z
HIGH

CVE-2026-23395 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23395

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending (FLAG_DEFER_SETUP) which can cause more than L2CAP_ECRED_MAX_CID(5) to be allocated in l2cap_ecred_rsp_defer causing an overflow. The spec is quite clear that the same identifier shall not be used on subse CVSSv3.1 8.8 (HIGH)

TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 00:00Z
CRIT

Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach

Trend Micro Research·trendmicro.comin the wild

The litellm Python package on PyPI was compromised in versions 1.82.7 and 1.82.8 with malicious code that steals cloud credentials, SSH keys, and Kubernetes secrets. The attacker hijacked maintainer accounts and injected a sophisticated payload that executes on Python interpreter startup, exfiltrates AWS/GCP/Azure credentials, escalates to Kubernetes cluster takeover, and establishes persistence via container escape. The package received 3.4M downloads on the day of discovery and 95M+ in the preceding month, making this a supply-chain incident with massive blast radius across AI/ML infrastructure.

SRFApplicationTACTA0001TACTA0006SRFCloudTACTA0009SRFSupply ChainVNDLitellmTYPVulnerability
92
Edit Score
2026-03-24
2026-03-24 20:16Z
HIGH

CVE-2026-33331 — Orpc Orpc: Prior to version 1.13.9, a stored cross-site scripting (XSS) vulnerability exists in the OpenAPI

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33331

oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting (XSS) vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specification (such as info.description), they can break out of the JSON context and execute arbitrary JavaScript when a user views the generated API documentation. This issue has been patched CVSSv3.1 8.2 (HIGH)

CWECWE 79VNDOrpcTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-24
2026-03-24 20:16Z
CRIT

CVE-2026-33322 — Minio Minio: From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33322

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. This issue has been patched in RELEASE.2026-03-17T21-25-16Z. CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDMinioTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 20:16Z
HIGH

CVE-2026-22559 — Input: An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22559

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server (Version 10.1.85 and earlier) Mitigation: Update UniFi Network Server to Version 10.1.89 or later. CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile

CWECWE 20VNDInputTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-24
2026-03-24 18:20Z
HIGH

Attack Paths Don’t Stop at Identity Providers

SpecterOps·specterops.io

SpecterOps published research demonstrating how modern federated identity architectures create cross-platform attack paths that transcend individual system boundaries. The article models Okta as a translation layer between upstream identity sources (Active Directory, Entra) and downstream applications (GitHub, SaaS), showing how privilege accumulates across systems and how compromising upstream identity can propagate downstream through federation and synchronization relationships. The research introduces Okta modeling in BloodHound Enterprise to visualize these nested dependencies as attack graphs.

TACTA0001TACTA0007SRFIdentitySRFCloudVNDMicrosoftVNDGithubVNDOktaVNDSpecterops
82
Edit Score
2026-03-24
2026-03-24 16:00Z
CRIT

RTFM: Read The Fatal Manual – When Vendor Documentation Creates Critical Attack Paths

SpecterOps·specterops.ioCVE-2026-0872in the wild

SpecterOps researcher Martin Sohn Christensen disclosed that vendor documentation from 16 major technology companies actively guided administrators to deploy critical Active Directory Certificate Services (AD CS) misconfigurations (ESC1, ESC3, ESC4) that have been known for over four years. Through responsible disclosure coordinated across November 2025–March 2026, some vendors (CyberArk, Iru, ManageEngine, Netskope) remediated within weeks, while others (Cisco, Entrust, FEITIAN, HP, Mitel, Oracle, ServiceNow) remain partially or fully unresolved. The research demonstrates that documentation-induced misconfigurations can create domain-wide attack paths worse than traditional CVEs, affecting countless organizations following official guidance.

SRFOsTACTA0004TACTA0005TACTA0001SRFIdentityVNDCitrixVNDNetskopeVNDDelinea
92
Edit Score
2026-03-24
2026-03-24 15:16Z
HIGH

CVE-2026-27654 — F5 Nginx_plus: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular express CVSSv3.1 8.2 (HIGH)

CWECWE 120CWECWE 122VNDF5VNDNginxTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-24
2026-03-24 13:42Z
INFO

v3.4.0.52

Mythic releases·github.com

Mythic v3.4.0.52 released with a Dockerfile tag bump to match the release version. No detailed changelog or feature information is available in the GitHub release page.

VNDMythicTYPTool
15
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4729 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4729

Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird 149. CVSSv3.1 9.8 (CRITICAL)

CWECWE 120VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4725 — Mozilla Firefox: Sandbox escape due to use-after-free in the Graphics: Canvas2D component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4725

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. CVSSv3.1 10.0 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-03-24
2026-03-24 13:16Z
CRIT

CVE-2026-4724 — Mozilla Firefox: Undefined behavior in the Audio/Video component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4724

Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. CVSSv3.1 9.1 (CRITICAL)

CWECWE 758VNDMozillaVNDUndefinedTYPVulnerability
9.1
CVSS v3.1
96
Edit Score