2026-03-20
2026-03-20 06:16Z
CRIT

CVE-2026-32768 — Ctfer-io Chall-manager: In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32768

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. In versions prior to 0.6.5, due to a miswritten NetworkPolicy, a malicious actor can pivot from an instance to any Pod out of the origin namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. In the specific case of sdk/kubernetes.Kompose it does not isolate the instances. This issue has been fixed in CVSSv3.1 9.9 (CRITICAL)

CWECWE 284VNDCtfer IoVNDChallTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-20
2026-03-20 05:16Z
CRIT

CVE-2026-33017 — Langflow Langflow: In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-33017in the wild

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, CVSSv3.1 9.8 (CRITICAL) · EPSS 97th percentile

CWECWE 94CWECWE 306CWECWE 95VNDLangflowTYPVulnerabilitySTAitw exploited
9.8
CVSS v3.1
100
Edit Score
2026-03-20
2026-03-20 03:15Z
HIGH

CVE-2026-32888 — Opensourcepos Open_source_point_of_sale: Versions contain an SQL Injection in the Items search functionality.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32888

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled (search_custom filter), user-supplied input from the search GET parameter is interpolated directly into a HAVING clause without parameterization or sanitization. This allows an authenticated attacker with basic item search permissions to execute ar CVSSv3.1 8.8 (HIGH)

CWECWE 89VNDOpensourceposTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-20
2026-03-20 02:16Z
HIGH

CVE-2026-4447 — Google Chrome: Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4447

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH) · EPSS 13th percentile

CWECWE 693VNDGoogleVNDInappropriateTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-20
2026-03-20 00:16Z
HIGH

CVE-2026-32763 — Kysely Kysely: Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32763

Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The `visitJSONPathLeg()` function appends user-controlled values from `.key()` and `.at()` directly into single-quoted JSON path string literals (`'$.key'`) without escaping single quotes. An attacker can break out of the JSON path string context and inject arbitrary SQL. This is inconsistent with `s CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDKyselyTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-20
2026-03-20 00:16Z
HIGH

CVE-2026-32759 — Filebrowser Filebrowser: The impact ranges from DoS through expensive processing hooks, to command injection amplification when

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32759

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is non-negative, allowing an authenticated user to supply a negative value that instantly satisfies the upload completion condition upon the first PATCH request. This cau CVSSv3.1 8.1 (HIGH) · EPSS 35th percentile

CWECWE 190VNDFilebrowserTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-20
2026-03-20 00:16Z
HIGH

CVE-2026-22733 — Vmware Spring_boot: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22733

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from 3.5.0 through 3.5.11, from 3.4.0 through 3.4.14, from 3.3.0 through 3.3.17, from 2.7.0 through 2.7.31. CVSSv3.1 8.2 (HIGH)

CWECWE 288VNDVmwareVNDSpringTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-20
2026-03-20 00:00Z
HIGH

Linux & Cloud Detection Engineering - TeamPCP Container Attack Scenario

Elastic Security Labs·elastic.co

Elastic Security Labs publishes a detailed detection engineering walkthrough of the TeamPCP cloud-native ransomware campaign, mapping eight stages of container compromise (initial execution, discovery, lateral movement, persistence, tooling, tunneling, encoded payloads, and miner deployment) to concrete Defend for Containers (D4C) runtime telemetry and detection rules. The article demonstrates how behavioral signals—download-to-shell pipes, process killing, Kubernetes API enumeration, systemd persistence attempts, package manager abuse, tunneling tool execution, and base64 decoding—can be chained together to detect the full attack lifecycle rather than isolated suspicious commands.

SRFOsTACTA0004TACTA0005TACTA0001TACTA0003SRFCloudTACTA0008TACTA0011
78
Edit Score
2026-03-19
2026-03-19 23:16Z
HIGH

CVE-2026-32721 — Openwrt Luci: Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32721

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passes SSIDs via a template literal to dom.append(), which processes them through innerHTML, allowing an attacker to craft a malicious SSID containing arbitrary HTML/JavaScript. Exploitati CVSSv3.1 8.6 (HIGH)

CWECWE 79VNDOpenwrtVNDLuciTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-03-19
2026-03-19 23:00Z
CRIT

Intego X9: Never trust my updates

Quarkslab·blog.quarkslab.com

Quarkslab disclosed a critical local privilege escalation chain in Intego X9 for macOS affecting the com.intego.netupdated daemon. The vulnerability chains a PID-reuse XPC authentication bypass with a TOCTOU race condition in the package signature validation mechanism, allowing unprivileged users to install arbitrary packages as root by manipulating update settings and swapping validated packages before installation.

SRFApplicationSRFOsTACTA0004TACTA0005VNDIntegoTYPWriteupTYPVulnerabilitySTGPrivesc
82
Edit Score
2026-03-19
2026-03-19 22:16Z
HIGH

CVE-2026-4342 — Kubernetes Ingress-nginx: This can lead to arbitrary code execution in the context of the ingress-nginx controller

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) CVSSv3.1 8.8 (HIGH) · EPSS 16th percentile

CWECWE 20VNDKubernetesTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-19
2026-03-19 22:16Z
CRIT

CVE-2026-32194 — Microsoft Bing_images: Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32194

Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDMicrosoftTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-19
2026-03-19 21:17Z
CRIT

CVE-2026-32191 — Microsoft Bing_images: Improper neutralization of special elements used in an os command ('os command injection') in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32191

Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. CVSSv3.1 9.8 (CRITICAL)

CWECWE 78VNDMicrosoftTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-19
2026-03-19 21:17Z
CRIT

CVE-2026-32169 — Microsoft Azure_cloud_shell: Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32169

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. CVSSv3.1 10.0 (CRITICAL)

CWECWE 918VNDMicrosoftTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-03-19
2026-03-19 21:17Z
CRIT

CVE-2026-30924 — Getqui Qui: Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30924

qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a logged-in user. An attacker can exploit this by tricking a victim into loading a malicious webpage, which silently interacts with the application using the victim's session and potentia CVSSv3.1 9.6 (CRITICAL)

CWECWE 942VNDGetquiTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-03-19
2026-03-19 21:17Z
CRIT

CVE-2026-30836 — Smallstep Step-ca: Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30836

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0. CVSSv3.1 10.0 (CRITICAL) · EPSS 1th percentile

CWECWE 287CWECWE 295VNDSmallstepTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-03-19
2026-03-19 20:21Z
CRIT

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE)

watchTowr Labs·labs.watchtowr.comCVE-2026-32746CVE-2005-0469

CVE-2026-32746 is a 32-year-old pre-authentication buffer overflow in GNU inetutils telnetd's LINEMODE SLC (Set Linemode Characters) negotiation handler, allowing attackers to corrupt ~400 bytes of adjacent global variables. The vulnerability affects telnetd across major Linux distributions (Ubuntu, Debian, FreeBSD, NetBSD), Citrix NetScaler, TrueNAS, and others. Exploitation is complex due to triplet encoding constraints and 0xFF byte doubling, but achievable on 32-bit systems via heap corruption and free() primitive abuse.

TACTA0001TACTA0002SRFNetworkSRFNetwork ApplianceVNDGnuTYPResearchTYPWriteupTYPVulnerability
88
Edit Score
2026-03-19
2026-03-19 18:16Z
CRIT

CVE-2026-3548 — Wolfssl Wolfssl: Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3548

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted sou CVSSv3.1 9.8 (CRITICAL) · EPSS 6th percentile

CWECWE 787CWECWE 122VNDWolfsslVNDTwoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-19
2026-03-19 18:16Z
HIGH

CVE-2026-2646 — Wolfssl Wolfssl: A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2646

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable. CVSSv3.1 8.1 (HIGH) · EPSS 3th percentile

CWECWE 787CWECWE 122VNDWolfsslTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-19
2026-03-19 16:00Z
CRIT

Graph the Planet: Shai-Hulud 2.0

SpecterOps·specterops.ioin the wild

SpecterOps analyzes the Shai-Hulud 2.0 worm supply-chain attack through an attack path management lens, decomposing how attackers exploited GitHub PWN requests to harvest credentials, weaponized NPM tokens to infect packages, and propagated malware across 13.7k public repositories. The post introduces NPMHound, a BloodHound OpenGraph extension for modeling NPM dependency chains and semantic versioning attack surfaces, and SecretHound for tracking credential exposure in organizational graphs.

TACTA0001TACTA0006TACTA0007SRFCloudTACTA0009SRFSupply ChainVNDGithubVNDPosthog
88
Edit Score
2026-03-19
2026-03-19 15:16Z
HIGH

CVE-2026-30711 — Devome: GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent. CVSSv3.1 8.8 (HIGH) · EPSS 12th percentile

CWECWE 89VNDDevomeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-19
2026-03-19 15:16Z
CRIT

CVE-2026-22557 — A malicious actor with access to the network could exploit a Path Traversal vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22557

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account. CVSSv3.1 10.0 (CRITICAL) · EPSS 10th percentile

CWECWE 22TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-03-19
2026-03-19 14:45Z
INFO

v2.11.0-rc2

AzureHound releases·github.com

AzureHound v2.11.0-rc2 released with a bug fix addressing tenant information handling in application-specific configurations to ensure correct name construction. This is a pre-release candidate containing 13 commits since the previous RC1.

SRFIdentitySRFCloudVNDSpecteropsVNDMicrosoft AzureTYPTool
25
Edit Score
2026-03-19
2026-03-19 12:16Z
CRIT

CVE-2006-10003 — Toddr Xml\: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting CVSSv3.1 9.8 (CRITICAL)

CWECWE 122CWECWE 193VNDToddrTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-19
2026-03-19 09:16Z
CRIT

CVE-2026-27067 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27067

Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through <= 1.3.1. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score