2026-03-13
2026-03-13 19:55Z
CRIT

CVE-2026-32746 — Gnu Inetutils: telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32746

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. CVSSv3.1 9.8 (CRITICAL) · EPSS 9th percentile

CWECWE 120VNDGnuTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-13
2026-03-13 19:54Z
CRIT

CVE-2026-32304 — Locutus Locutus: Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-32304

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from CVE-2026-29091 which was call_user_func_array using eval() in v2.x. This finding affects create_function using new Function() in v3.x. This vulnerability is fixed in 3.0.14. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94CWECWE 88VNDLocutusTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-13
2026-03-13 19:54Z
CRIT

CVE-2026-31806 — Freerdp Freerdp: Because these values are used during bitmap decoding and memory operations without proper bounds

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31806

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly validated against the actual desktop dimensions. A malicious RDP server can supply crafted bmp.width and bmp.height values that exceed the expected surface size. Because these values CVSSv3.1 9.8 (CRITICAL)

CWECWE 122CWECWE 131VNDFreerdpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-13
2026-03-13 19:54Z
CRIT

CVE-2026-25823 — HMS: Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25823

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile

CWECWE 121VNDHmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-13
2026-03-13 19:54Z
CRIT

CVE-2026-25818 — HMS: Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25818

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption parameter. CVSSv3.1 9.1 (CRITICAL) · EPSS 5th percentile

CWECWE 315VNDHmsTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-13
2026-03-13 19:54Z
HIGH

CVE-2026-25817 — HMS: Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25817

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway, provided the attacker has credentials. CVSSv3.1 8.8 (HIGH) · EPSS 56th percentile

CWECWE 94VNDHmsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-13
2026-03-13 19:54Z
CRIT

CVE-2026-23941 — Erlang Erlang\/inets: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23941

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, CVSSv3.1 9.4 (CRITICAL) · EPSS 7th percentile

CWECWE 444VNDErlangVNDInconsistentTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-13
2026-03-13 19:53Z
HIGH

CVE-2025-13779 — Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-13779

Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. CVSSv3.1 8.3 (HIGH) · EPSS 7th percentile

CWECWE 306TYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-03-13
2026-03-13 19:53Z
HIGH

CVE-2025-13777 — Authentication: bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-13777

Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. CVSSv3.1 8.3 (HIGH) · EPSS 8th percentile

CWECWE 294TYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-03-13
2026-03-13 09:00Z
HIGH

UEBA in the Real World: Catching Intrusions That Don’t Look Like Intrusions

Sekoia.io·sekoia.io

Sekoia's analysis demonstrates how modern intrusions evade traditional IOC-based detection by leveraging valid credentials and legitimate tools (OAuth, cloud APIs, remote admin utilities) rather than malware. The article presents five real-world attack patterns—credential-based lateral movement, MFA fatigue, OAuth abuse, cloud console misuse, and insider-style exfiltration—that UEBA (User and Entity Behavior Analytics) detects where signature-based rules fail. The core insight is that attackers deliberately blend into normal authentication and administrative workflows, requiring behavioral baselines and contextual correlation rather than artifact-focused detection.

SRFApplicationSRFOsTACTA0004TACTA0001TACTA0007SRFIdentityTACTA0003SRFCloud
72
Edit Score
2026-03-13
2026-03-13 00:00Z
HIGH

Initial access techniques used by Iran-based threat actors

Sophos CTU analysis of Iranian-linked threat groups reveals consistent initial access patterns since 2020: phishing (especially spearphishing with cloud-hosted payloads), rapid exploitation of public-facing vulnerabilities (FortiOS, Exchange ProxyShell, Log4Shell), password spraying against cloud identity platforms, abuse of legitimate RMM tools, and exploitation of default/weak credentials in OT systems. The report documents specific TTPs including multi-step social engineering, payload hosting on trusted cloud services, and immediate post-compromise discovery and persistence actions.

TACTA0001SRFNetworkTACTA0006SRFIdentitySRFCloudVNDMicrosoftVNDFortinetVNDVmware
72
Edit Score
2026-03-13
2026-03-13 00:00Z
HIGH

March Patch Tuesday visits 15 product families

Microsoft released 84 patches across 15 product families in March 2026, addressing 8 Critical-severity vulnerabilities (none in Windows) and 76 Important-severity issues. Six CVEs are assessed as more likely to be exploited within 30 days, including elevation-of-privilege flaws in Windows kernel, SMB, and accessibility infrastructure, plus Office RCE issues exploitable via preview pane. Two CVEs are publicly disclosed; none are currently known to be under active exploitation.

SRFApplicationSRFOsTACTA0004TACTA0002SRFCloudVNDMicrosoftTYPAdvisorySTGPrivesc
68
Edit Score
2026-03-12
2026-03-12 21:16Z
CRIT

CVE-2026-3611 — Honeywell Iq4e_firmware: Authentication controls are only enforced after a web user is created via U.htm, which

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3611

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a web user is created via U.htm, which dynamically enables the user module. Becaus CVSSv3.1 10.0 (CRITICAL) · EPSS 48th percentile

CWECWE 306VNDHoneywellTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-03-12
2026-03-12 18:16Z
CRIT

CVE-2025-13462 — Python Python: This could result in a crafted tar archive being misinterpreted by the tarfile module

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations. CVSSv3.1 9.8 (CRITICAL) · EPSS 6th percentile

CWECWE 434CWECWE 74CWECWE 20TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-12
2026-03-12 17:16Z
CRIT

CVE-2026-21708 — Backup: A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21708

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. CVSSv3.1 9.9 (CRITICAL) · EPSS 76th percentile

CWECWE 89VNDBackupTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-12
2026-03-12 17:16Z
HIGH

CVE-2026-21672 — A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21672

A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers. CVSSv3.1 8.8 (HIGH) · EPSS 28th percentile

CWECWE 538TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-12
2026-03-12 16:16Z
HIGH

CVE-2019-25536 — Netartmedia Real_estate_portal: PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25536

Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features[] parameter to extract sensitive database information or manipulate database queries. CVSSv3.1 8.2 (HIGH)

CWECWE 89VNDNetartmediaTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-12
2026-03-12 16:00Z
HIGH

Leveraging Tailscale Keys

SpecterOps·specterops.io

SpecterOps published a comprehensive red-team tradecraft guide on exploiting compromised Tailscale authentication keys (Trusted Keys and Auth Keys) discovered in CI/CD pipelines. The post details how to provision nodes, enumerate Tailnets, abuse subnet routers and exit nodes for lateral movement, and leverage Tailscale SSH for passwordless access to internal systems and cloud resources.

TACTA0001SRFNetworkTACTA0007SRFIdentitySRFCloudVNDTailscaleTYPResearchTYPTechnique
82
Edit Score
2026-03-12
2026-03-12 15:16Z
CRIT

CVE-2026-21671 — Veeam Veeam_backup_\&_replication: A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21671

A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. CVSSv3.1 9.1 (CRITICAL) · EPSS 56th percentile

CWECWE 94CWECWE 693VNDVeeamTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-12
2026-03-12 15:16Z
CRIT

CVE-2026-21669 — Veeam Veeam_backup_\&_replication: A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21669

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. CVSSv3.1 9.9 (CRITICAL) · EPSS 53th percentile

CWECWE 94CWECWE 693VNDVeeamTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-12
2026-03-12 15:16Z
HIGH

CVE-2026-21668 — Veeam Veeam_backup_\&_replication: A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21668

A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository. CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile

CWECWE 862CWECWE 693VNDVeeamTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-12
2026-03-12 12:15Z
CRIT

CVE-2026-3060 — Lmsys Sglang: SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3060

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDLmsysTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-12
2026-03-12 12:15Z
CRIT

CVE-2026-3059 — Lmsys Sglang: SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3059

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDLmsysTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-12
2026-03-12 02:15Z
HIGH

CVE-2026-3972 — Tenda W3_firmware: The manipulation of the argument funcpara1 results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3972

A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used. CVSSv3.1 8.8 (HIGH) · EPSS 39th percentile

CWECWE 787CWECWE 121CWECWE 119VNDTendaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-12
2026-03-12 01:15Z
HIGH

CVE-2023-43010 — Apple Safari: Processing maliciously crafted web content may lead to memory corruption.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-43010

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption. CVSSv3.1 8.8 (HIGH)

CWECWE 120CWECWE 787VNDAppleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score