2026-03-16
2026-03-16 14:19Z
HIGH

CVE-2026-3562 — Philips Hue_bridge_v2_firmware: Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3562

Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass au CVSSv3.1 8.8 (HIGH) · EPSS 14th percentile

CWECWE 347VNDPhilipsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-16
2026-03-16 14:19Z
HIGH

CVE-2026-3561 — Philips Hue_bridge_v2_firmware: Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3561

Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of PUT requests to the characteristics endpoint. The issue results from the la CVSSv3.1 8.0 (HIGH) · EPSS 35th percentile

CWECWE 122VNDPhilipsTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-03-16
2026-03-16 14:19Z
HIGH

CVE-2026-3560 — Philips Hue_bridge_v2_firmware: Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3560

Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function of the HomeKit implementation, which listens on TCP port 8080 by default. The issue results from the lack CVSSv3.1 8.8 (HIGH) · EPSS 27th percentile

CWECWE 122VNDPhilipsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-16
2026-03-16 14:19Z
HIGH

CVE-2026-3559 — Philips Hue_bridge_v2_firmware: Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3559

Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the SRP authentication mechanism in the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from CVSSv3.1 8.1 (HIGH) · EPSS 30th percentile

CWECWE 323VNDPhilipsTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-16
2026-03-16 14:19Z
HIGH

CVE-2026-3558 — Philips Hue_bridge_v2_firmware: Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3558

Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the lack of authenticatio CVSSv3.1 8.1 (HIGH) · EPSS 30th percentile

CWECWE 306VNDPhilipsTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-16
2026-03-16 14:19Z
HIGH

CVE-2026-3557 — Philips Hue_bridge_v2_firmware: Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3557

Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the hap_pair_verify_handler function of the hk_hap service, which listens CVSSv3.1 8.0 (HIGH) · EPSS 41th percentile

CWECWE 122VNDPhilipsTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-03-16
2026-03-16 14:19Z
HIGH

CVE-2026-3556 — Philips Hue_bridge_v2_firmware: Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3556

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fix CVSSv3.1 8.8 (HIGH) · EPSS 27th percentile

CWECWE 122VNDPhilipsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-16
2026-03-16 14:19Z
HIGH

CVE-2026-3555 — Philips Hue_bridge_v2_firmware: Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3555

Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific flaw exists within the handling of custom Zigbee ZCL frames in the Model Info download functionality. CVSSv3.1 8.0 (HIGH) · EPSS 19th percentile

CWECWE 122VNDPhilipsTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-03-16
2026-03-16 14:19Z
HIGH

CVE-2026-3085 — Gstreamer Gstreamer: rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3085

GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payloads. The issue results from the lack of proper validation of the length of user-suppl CVSSv3.1 8.8 (HIGH)

CWECWE 122CWECWE 1284VNDGstreamerTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-16
2026-03-16 14:19Z
HIGH

CVE-2026-3083 — Gstreamer Gstreamer: rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3083

GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of X-QDM RTP payload elements. When parsing the packetid element, the process does not properly validate user- CVSSv3.1 8.8 (HIGH)

CWECWE 787CWECWE 129VNDGstreamerTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-16
2026-03-16 14:19Z
CRIT

CVE-2026-32640 — Danthedeckie Simpleeval: Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. The latest version 1.0.5 has t CVSSv3.1 9.8 (CRITICAL)

CWECWE 94CWECWE 915VNDDanthedeckieVNDSimpleevalTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-16
2026-03-16 14:19Z
CRIT

CVE-2026-32635 — Angular Angular_cli: Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32635

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular's ability to internationalize attributes. Enabling internationalizati CVSSv3.1 9.0 (CRITICAL) · EPSS 18th percentile

CWECWE 79VNDAngularTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2026-03-16
2026-03-16 14:19Z
CRIT

CVE-2026-32621 — Apollo: Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target prototype-inheritable properties. Alternatively, CVSSv3.1 9.9 (CRITICAL) · EPSS 11th percentile

CWECWE 1321VNDApolloTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-16
2026-03-16 14:18Z
HIGH

CVE-2026-25083 — GROWI: OpenAI thread/message API endpoints do not perform authorization.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25083

GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages. CVSSv3.1 8.3 (HIGH) · EPSS 5th percentile

CWECWE 862VNDGrowiTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-03-16
2026-03-16 14:17Z
HIGH

CVE-2025-14287 — Lfprojects Mlflow: A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py`

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-14287

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, which are then executed using `os.system()`. This allows attackers to execute arbitrary commands by supplying malicious input through the `--container` parameter of the CLI. The iss CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDLfprojectsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-16
2026-03-16 14:17Z
CRIT

CVE-2017-20224 — Telesquare Sdt-cs3b1_firmware: SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-20224

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files, or manipulate server content for remote code execution or denial of service. CVSSv3.1 9.8 (CRITICAL)

CWECWE 434VNDTelesquareTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-16
2026-03-16 14:17Z
CRIT

CVE-2017-20223 — Telesquare Sdt-cs3b1_firmware: SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-20223

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls. CVSSv3.1 9.8 (CRITICAL)

CWECWE 639VNDTelesquareTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-16
2026-03-16 14:17Z
CRIT

CVE-2016-20030 — ZKTeco: ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20030

ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses. CVSSv3.1 9.8 (CRITICAL) · EPSS 13th percentile

CWECWE 551VNDZktecoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-16
2026-03-16 14:17Z
CRIT

CVE-2016-20026 — ZKTeco: ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20026

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 23th percentile

CWECWE 798VNDZktecoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-16
2026-03-16 14:17Z
HIGH

CVE-2016-20025 — ZKTeco: ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20025

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation. CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile

CWECWE 552VNDZktecoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-16
2026-03-16 14:17Z
CRIT

CVE-2016-20024 — ZKTeco: ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-20024

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation. CVSSv3.1 9.8 (CRITICAL) · EPSS 9th percentile

CWECWE 538VNDZktecoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-16
2026-03-16 07:18Z
CRIT

Nuclei Templates v10.4.0 – Release Notes

Nuclei Templates v10.4.0 release adds 94 new templates covering 47 CVEs, including critical RCE vulnerabilities in Qwik, Langflow, Group-Office, and SPIP, plus authentication bypasses in Ivanti, SolarWinds Web Help Desk, and Four-Faith devices. The release includes significant bug fixes reducing false positives and negatives across multiple templates, with enriched metadata and improved detection logic.

SRFApplicationTACTA0001TACTA0002SRFWebTACTA0003VNDProjectdiscoveryTYPToolTYPVulnerability
9.8
CVSS v3.1
82
Edit Score
2026-03-16
2026-03-16 00:00Z
CRIT

Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack

Trend Micro Research·trendmicro.comin the wild

Trend Micro documents an enhanced Warlock ransomware campaign exploiting unpatched Microsoft SharePoint servers with a significantly expanded post-exploitation toolkit including TightVNC for persistent remote access, Yuze for SOCKS5 tunneling, and a BYOVD technique leveraging the NSec driver to disable security products at kernel level. The group maintains redundant C&C channels via Velociraptor, VS Code tunnels, and Cloudflare Tunnel, conducts DCSync attacks for credential theft, and deploys ransomware via GPO to achieve rapid enterprise-wide encryption.

SRFApplicationSRFOsTACTA0004TACTA0005TACTA0001TACTA0002SRFNetworkTACTA0006
82
Edit Score
2026-03-13
2026-03-13 19:55Z
HIGH

CVE-2026-4092 — Google Clasp: Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4092

Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences. CVSSv3.1 8.8 (HIGH)

CWECWE 22VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-13
2026-03-13 19:55Z
HIGH

CVE-2026-3999 — Pointsharp Id_server: A broken access control may allow an authenticated user to perform a horizontal privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3999

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations. CVSSv3.1 8.8 (HIGH) · EPSS 5th percentile

CWECWE 639VNDPointsharpTYPVulnerability
8.8
CVSS v3.1
94
Edit Score