2026-03-11
2026-03-11 06:17Z
CRIT

CVE-2023-27573 — Netboxlabs Netbox-docker: before 2.5.0 has a superuser account with default credentials (admin password for the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in CVSSv3.1 9.0 (CRITICAL) · EPSS 17th percentile

CWECWE 798CWECWE 1392VNDNetboxlabsTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2026-03-11
2026-03-11 04:17Z
CRIT

CVE-2026-29515 — Xiaomi Fileexplorer: MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-29515

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status. CVSSv3.1 9.8 (CRITICAL) · EPSS 30th percentile

CWECWE 862CWECWE 303VNDXiaomiVNDMicodeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-11
2026-03-11 00:00Z
HIGH

Evil evolution: ClickFix and macOS infostealers

Sophos X-Ops·news.sophos.comin the wild

Sophos X-Ops documented three evolving ClickFix campaigns targeting macOS users with the MacSync infostealer between November 2025 and February 2026. The campaigns shifted from impersonating OpenAI/ChatGPT download sites to leveraging legitimate ChatGPT shared conversations and Apple domain spoofing, with the latest variant employing multistage shell-based loaders, dynamic AppleScript payloads, and binary patching (including Ledger Live app hijacking for seed phrase theft) instead of native MachO binaries. Threat actors tracked campaign efficacy via stats.php endpoints reporting thousands of successful command-copy interactions to Telegram bots, with active infection clusters across Belgium, India, and the Americas.

TACTA0005TACTA0001TACTA0002TACTA0006TACTA0007TACTA0009SRFBrowserVNDApple
82
Edit Score
2026-03-10
2026-03-10 23:00Z
HIGH

PageJack in Action: CVE-2022-0995 exploit

Quarkslab·blog.quarkslab.comCVE-2022-0995

Quarkslab details a complete exploitation of CVE-2022-0995, an out-of-bounds write in the Linux kernel's watch_queue_set_filter() function affecting kernel 5.17+. The writeup demonstrates the PageJack technique—a modern heap exploitation method introduced at Black Hat USA 2024—to convert a constrained OOB write into a use-after-free on kernel pages, ultimately achieving privilege escalation by corrupting struct file objects.

SRFOsTACTA0004OSLinuxTYPWriteupTYPExploitSTGPrivescTECT1548TECT1548.004
82
Edit Score
2026-03-10
2026-03-10 22:16Z
HIGH

CVE-2026-28806 — Nerves-hub Nerveshub: Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to other organizations and perform actions outside of their privilege level. An attacker can select devices outside of their organization by manipulating device identifiers and perfo CVSSv3.1 8.8 (HIGH) · EPSS 4th percentile

CWECWE 285CWECWE 668VNDNerves HubTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-10
2026-03-10 21:16Z
HIGH

CVE-2025-70802 — Tenda G1_firmware: G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70802

Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. CVSSv3.1 8.4 (HIGH)

CWECWE 259VNDTendaTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-10
2026-03-10 21:16Z
HIGH

CVE-2025-70798 — Tenda I24_firmware: i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70798

Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. CVSSv3.1 8.4 (HIGH)

CWECWE 259VNDTendaTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-10
2026-03-10 19:17Z
CRIT

CVE-2026-28292 — Simple-git_project Simple-git: `simple-git`, an interface for running git commands in any node.js application, has an issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28292

`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine. Version 3.23.0 contains an updated fix for the vulnerability. CVSSv3.1 9.8 (CRITICAL)

CWECWE 78CWECWE 178VNDSimple Git ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-10
2026-03-10 19:17Z
HIGH

CVE-2026-27826 — Sooperset Mcp_atlassian: The vulnerability exists in the HTTP middleware and dependency injection layer — not in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27826

MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an `Authorization` header. No authentication is required. The vulnerability exists in the HTTP middleware and dependency injection laye CVSSv3.1 8.2 (HIGH)

CWECWE 918VNDSoopersetVNDMcpTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-10
2026-03-10 18:19Z
HIGH

CVE-2026-3847 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3847

Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2. CVSSv3.1 8.8 (HIGH)

CWECWE 416CWECWE 119VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-10
2026-03-10 18:19Z
HIGH

CVE-2026-3845 — Mozilla Firefox: Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3845

Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2. CVSSv3.1 8.8 (HIGH)

CWECWE 122VNDMozillaVNDHeapTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-10
2026-03-10 18:19Z
CRIT

CVE-2026-3843 — Bukts Buk_ts-g_gas_station_automation_system: Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3843

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in application/x-www-form-urlencoded data (e.g., action=do&sql=<query_here>&reload_driver=0) to execute arbitrary SQL commands and potentially achieve remote code execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 39th percentile

CWECWE 89VNDBuktsVNDNefteprodukttekhnikaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-10
2026-03-10 18:18Z
CRIT

CVE-2026-30930 — Nicolargo Glances: The normalize() method wraps string values in single quotes but does not escape embedded

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30930

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names. This vulnerability is f CVSSv3.1 9.8 (CRITICAL) · EPSS 9th percentile

CWECWE 89VNDNicolargoVNDGlancesTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-10
2026-03-10 18:18Z
HIGH

CVE-2026-26110 — Microsoft 365_apps: Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26110

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. CVSSv3.1 8.4 (HIGH) · EPSS 19th percentile

CWECWE 843VNDMicrosoftVNDAccessTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-10
2026-03-10 18:18Z
CRIT

CVE-2026-23240 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23240

In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync() is called from tls_sk_proto_close(), tx_work_handler() can still be scheduled from paths such as the Delayed ACK handler or ksoftirqd. As a result, the tx_work_handler() worker may dereference a freed TLS object. The following is a simple race scenario: cpu0 CVSSv3.1 9.8 (CRITICAL) · EPSS 19th percentile

CWECWE 362TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-10
2026-03-10 18:18Z
HIGH

CVE-2026-22627 — Fortinet Fortiswitchaxfixed: A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22627

A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet. CVSSv3.1 8.8 (HIGH)

CWECWE 120VNDFortinetTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-10
2026-03-10 18:18Z
CRIT

CVE-2025-69615 — Telekom Account_management_portal: Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69615

Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03. CVSSv3.1 9.1 (CRITICAL) · EPSS 3th percentile

CWECWE 307VNDTelekomTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-10
2026-03-10 18:18Z
CRIT

CVE-2025-69614 — Telekom Account_management_portal: Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-69614

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31. CVSSv3.1 9.4 (CRITICAL) · EPSS 6th percentile

CWECWE 640VNDTelekomTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2026-03-10
2026-03-10 18:17Z
CRIT

CVE-2025-56422 — Limesurvey Limesurvey: A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-56422

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server. CVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile

CWECWE 502VNDLimesurveyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-10
2026-03-10 17:30Z
HIGH

USBArmyKnife — USB Army Knife – the ultimate close access tool for penetration testers and red teamers.

GitHub · red-team tooling·github.comGITHUB POC

USBArmyKnife is a comprehensive open-source physical access toolkit built on ESP32-S3 hardware that combines BadUSB HID attacks, mass storage emulation, network device spoofing, WiFi/Bluetooth exploitation, and post-exploitation capabilities including screen capture and audio recording. The tool supports multiple affordable hardware platforms (LilyGo T-Dongle S3, Evil Crow Cable, smartwatches) and provides a web-based UI for attack orchestration via DuckyScript with custom extensions.

TACTA0005TACTA0001TACTA0002TACTA0007TACTA0003TACTA0009SRFHardwareTYPResearch
78
Edit Score
2026-03-10
2026-03-10 16:23Z
CRIT

CVE-2025-11158 — Hitachi Vantara_pentaho_data_integration_and_analytics: Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-11158

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE. CVSSv3.1 9.1 (CRITICAL) · EPSS 5th percentile

CWECWE 862VNDHitachiTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-10
2026-03-10 16:00Z
INFO

The Nemesis 2.X Development Guide

SpecterOps·specterops.io

SpecterOps published a comprehensive development guide for Nemesis 2.X, a file enrichment and credential harvesting platform. The guide covers extending Nemesis through custom enrichment modules (with both manual and AI-assisted approaches via Claude Code/Codex), adding Yara/Nosey Parker detection rules, and building C2 connectors to ingest operator downloads.

SRFApplicationVNDSpecteropsTYPToolTYPWriteupSTGExfilSTGCollection
72
Edit Score
2026-03-10
2026-03-10 07:43Z
HIGH

CVE-2026-28693 — Imagemagick Imagemagick: Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28693

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. CVSSv3.1 8.1 (HIGH)

CWECWE 125CWECWE 787CWECWE 190VNDImagemagickTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-10
2026-03-10 00:00Z
HIGH

Through the Lens of MDR: Analysis of KongTuke’s ClickFix Abuse of Compromised WordPress Sites

Trend Micro Research·trendmicro.comin the wild

Trend Micro's MDR investigation documents an active KongTuke campaign delivering modeloRAT through compromised WordPress sites injected with malicious JavaScript that triggers fake CAPTCHA lures and PowerShell execution. The group abuses legitimate Windows tools (finger.exe), Dropbox-hosted payloads, and portable Python environments to establish persistence via registry Run keys and scheduled tasks, while employing 32-layer obfuscation and anti-analysis checks targeting enterprise domain-joined systems. The campaign operates in parallel with the newer CrashFix browser-extension technique, demonstrating a modular, scalable operation with ongoing infrastructure activity.

SRFApplicationSRFOsTACTA0001TACTA0002TACTA0007SRFWebTACTA0003VNDWordpress
76
Edit Score
2026-03-10
2026-03-10 00:00Z
HIGH

CISOs in a Pinch: A Security Analysis of OpenClaw

Trend Micro Research·trendmicro.com

Trend Micro analyzes OpenClaw, a locally-hosted sovereign AI agent built on Anthropic's Claude that executes terminal commands with user privileges and maintains persistent memory. The research identifies critical attack vectors including indirect prompt injection via messaging apps, time-shifted attacks through persistent JSON storage, and the Moltbook database breach exposing 1.5M API tokens. The paper argues that current deployment practices lack essential controls: sandboxing, human-in-the-loop confirmation, and input/output guardrails against injection attacks.

SRFApplicationTACTA0005TACTA0001TACTA0002TACTA0003SRFAiVNDAnthropicVNDTrend Micro
72
Edit Score