2026-03-24
2026-03-24 12:16Z
HIGH

CVE-2019-25626 — River_past_cam_do_project River_past_cam_do: River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25626

River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input. CVSSv3.1 8.4 (HIGH) · EPSS 5th percentile

CWECWE 434VNDRiverVNDRiver Past Cam Do ProjectTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-24
2026-03-24 11:00Z
HIGH

Spotting issues in DeFi with dimensional analysis

Trail of Bits·blog.trailofbits.com

Trail of Bits presents dimensional analysis as a methodology for identifying arithmetic and logic bugs in DeFi smart contracts by applying physics-inspired dimensional reasoning to token formulas and price calculations. The post demonstrates real vulnerabilities (including CAP Labs audit finding TOB-CAP-17) and advocates for explicit dimensional annotation practices in Solidity, similar to F#'s units-of-measure system, with Reserve Protocol cited as a best-practice example.

SRFApplicationSRFWebTYPResearchTYPTechniqueSTGDiscovery
72
Edit Score
2026-03-24
2026-03-24 07:37Z
HIGH

Silver Fox: The Only Tax Audit Where the Fine Print Installs Malware

Sekoia.io·sekoia.ioin the wild

Sekoia's TDR team documents Silver Fox, a China-based intrusion set operating dual-track campaigns since 2025 targeting South Asia with tax-themed phishing. The group evolved from ValleyRAT delivery via malicious PDFs to abusing misconfigured Chinese RMM tools and custom Python stealers, maintaining consistent infrastructure while adapting payloads to evade detection. Three distinct campaign waves show progression from Taiwan-focused APT-style operations to broader opportunistic cybercrime across eight South Asian countries.

SRFApplicationSRFOsTACTA0005TACTA0001TACTA0002TACTA0006TACTA0007TACTA0003
78
Edit Score
2026-03-24
2026-03-24 06:16Z
CRIT

CVE-2026-4753 — Out: Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4753

Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. CVSSv3.1 9.1 (CRITICAL) · EPSS 19th percentile

CWECWE 125TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-24
2026-03-24 06:16Z
CRIT

CVE-2026-4750 — Out: Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4750

Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0. CVSSv3.1 9.1 (CRITICAL) · EPSS 19th percentile

CWECWE 125TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-24
2026-03-24 05:16Z
CRIT

CVE-2026-4283 — DSGVO: The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4283

The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accepting a `process_now` parameter from unauthenticated users, which bypasses the intended email-confirmation flow and immediately triggers irreversible account anonymization. This makes it possible for unauthenticated attackers to permanently destroy any non-administrator user accoun CVSSv3.1 9.1 (CRITICAL) · EPSS 33th percentile

CWECWE 862VNDDsgvoTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-24
2026-03-24 00:16Z
HIGH

CVE-2026-4021 — Contest: The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4021

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in `users-registry-check-after-email-or-pin-confirmation.php` using the user's email string in a `WHERE ID = %s` clause instead of the numeric user ID, combined with an unauthenticated key-based login endpoint in `ajax-functions-frontend.php`. When the non-default `RegMa CVSSv3.1 8.1 (HIGH) · EPSS 40th percentile

CWECWE 287VNDContestTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-24
2026-03-24 00:16Z
CRIT

CVE-2026-4001 — Woocommerce: The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4001

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to insufficient sanitization and validation of user-submitted field values before passing them to PHP's eval() function. The sanitize_values() method strips HTML tags but does not escape single quotes or prev CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile

CWECWE 95VNDWoocommerceTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 00:16Z
HIGH

CVE-2026-3533 — Jupiter: The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3533

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and including, 4.14.1. This makes it possible for Authenticated attackers with Subscriber-level access and above, to upload files with dangerous types that can lead to Remote Code Execution on servers configured to handle .phar files as CVSSv3.1 8.8 (HIGH) · EPSS 48th percentile

CWECWE 434VNDJupiterTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-24
2026-03-24 00:16Z
CRIT

CVE-2026-33211 — Linuxfoundation Tekton_pipelines: Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33211

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permission to create `ResolutionRequests` (e.g. by creating `TaskRuns` or `PipelineRuns` that use the git resolver) can read arbitrary files from the resolver pod's filesystem, including Se CVSSv3.1 9.6 (CRITICAL)

CWECWE 22VNDLinuxfoundationVNDTektonTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-03-24
2026-03-24 00:16Z
CRIT

CVE-2026-33195 — Rubyonrails Rails: Active Storage allows users to attach cloud and local files in Rails applications.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33195

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but some applicatio CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDActiveVNDRubyonrailsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-24
2026-03-24 00:00Z
INFO

Security Automation with Elastic Workflows: From Alert to Response

Elastic Security Labs·elastic.co

Elastic released Workflows, a native SIEM automation platform embedded in Kibana that enables security teams to build alert triage and response playbooks without external tools. The feature supports alert triggers, threat intel enrichment (VirusTotal, etc.), ES|QL queries, conditional branching, case creation, team notifications, and AI-driven classification and investigation via Agent Builder.

SRFApplicationSRFCloudVNDElasticTYPTool
62
Edit Score
2026-03-23
2026-03-23 16:16Z
HIGH

CVE-2026-32845 — cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32845

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecked arithmetic operations in sparse accessor validation to cause heap buffer over-reads in cgltf_calc_index_bound(), resulting in denial of service crashes and potential memory discl CVSSv3.1 8.4 (HIGH) · EPSS 4th percentile

CWECWE 190TYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-23
2026-03-23 15:30Z
INFO

v3.4.0.51

Mythic releases·github.com

Mythic v3.4.0.51 released with a Dockerfile tag bump to match the release version. No detailed changelog or feature/fix information is provided in the release notes.

VNDMythicTYPTool
15
Edit Score
2026-03-23
2026-03-23 15:00Z
HIGH

Discovering Unexpected Okta Attack Paths with BloodHound

SpecterOps·specterops.io

SpecterOps released OktaHound, a BloodHound data collector for Okta that maps identity entities, roles, policies, and trust relationships to discover attack paths and privilege escalation vectors. The tool extends BloodHound's graph analysis to hybrid environments, revealing misconfigurations in Okta RBAC, SCIM password sync abuse, SWA credential exposure, and dangerous AD agent deployments that grant Domain Admin privileges.

TACTA0004TACTA0007SRFIdentitySRFCloudTACTA0008VNDOktaTYPResearchTYPTool
82
Edit Score
2026-03-23
2026-03-23 14:06Z
INFO

v3.4.0.50

Mythic releases·github.com

Mythic v3.4.0.50 released with a Dockerfile tag bump to match the release version. No detailed changelog or feature/fix information is provided in the GitHub release page.

SRFApplicationVNDMythicTYPTool
15
Edit Score
2026-03-23
2026-03-23 13:16Z
CRIT

CVE-2026-31851 — Nexxtsolutions Nebula300plus_firmware: Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31851

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction. CVSSv3.1 9.8 (CRITICAL) · EPSS 11th percentile

CWECWE 307VNDNexxtsolutionsVNDNexxtTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-23
2026-03-23 13:16Z
CRIT

CVE-2026-31848 — Nexxtsolutions Nebula300plus_firmware: This allows unauthorized administrative access to protected endpoints.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31848

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cookie value without proper authentication. This allows unauthorized administrative access to protected endpoints. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile

CWECWE 312VNDNexxtsolutionsVNDNexxtTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-23
2026-03-23 13:16Z
HIGH

CVE-2026-31847 — Nexxtsolutions Nebula300plus_firmware: Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31847

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system. CVSSv3.1 8.8 (HIGH) · EPSS 10th percentile

CWECWE 912VNDNexxtsolutionsVNDHiddenTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-23
2026-03-23 12:16Z
CRIT

CVE-2026-4585 — The manipulation of the argument File leads to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4585

A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond i CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-23
2026-03-23 10:11Z
HIGH

entra-ca-insight — Discover gaps in Entra Conditional Access policies before attackers do

GitHub · Azure / Entra tools·github.comGITHUB POC

entra-ca-insight is a proactive gap-detection tool for Microsoft Entra Conditional Access policies that enumerates all possible access combinations and evaluates them offline against tenant policy configurations. Unlike reactive log-based approaches, it discovers unused gaps before exploitation by analyzing identity types, applications, platforms, locations, and client types to identify scenarios where no strong control (MFA, Auth Strength, or block) is enforced.

TACTA0007SRFIdentitySRFCloudVNDMicrosoftTYPResearchTYPToolSTGDiscoveryTECT1087
78
Edit Score
2026-03-23
2026-03-23 06:16Z
HIGH

CVE-2026-4601 — Jsrsasign_project Jsrsasign: Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without retrying, and then solves for x from the resulting signature. CVSSv3.1 8.7 (HIGH) · EPSS 4th percentile

CWECWE 325VNDJsrsasign ProjectTYPVulnerability
8.7
CVSS v3.1
94
Edit Score
2026-03-23
2026-03-23 06:16Z
CRIT

CVE-2026-4599 — Kjur Jsrsasign: Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4599

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation. CVSSv3.1 9.1 (CRITICAL) · EPSS 26th percentile

CWECWE 1023VNDKjurTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-23
2026-03-23 03:16Z
HIGH

CVE-2026-4566 — Belkin F9k1122_firmware: Executing a manipulation of the argument webpage can lead to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4566

A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 121CWECWE 119VNDBelkinTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-23
2026-03-23 00:00Z
HIGH

NICKEL ALLEY strategy: Fake it 'til you make it

Sophos X-Ops·news.sophos.comin the wild

Sophos CTU researchers document NICKEL ALLEY (North Korean state-sponsored threat group) conducting sustained social engineering campaigns targeting software developers through fake job postings, LinkedIn profiles, and GitHub repositories. The group delivers PyLangGhost RAT and BeaverTail malware via ClickFix tactics, malicious npm packages, and VS Code task automation, with primary objectives of cryptocurrency theft and supply-chain compromise. Active campaigns observed throughout 2025 demonstrate the group's operational maturity and infrastructure agility, leveraging Vercel for payload hosting and rotating staging domains.

SRFApplicationTACTA0005TACTA0001TACTA0002TACTA0006TACTA0007SRFWebTACTA0003
78
Edit Score