2026-03-09
2026-03-09 21:16Z
HIGH

CVE-2026-3288 — This can lead to arbitrary code execution in the context of the ingress-nginx controller

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3288

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) CVSSv3.1 8.8 (HIGH) · EPSS 16th percentile

CWECWE 20TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-09
2026-03-09 17:16Z
HIGH

CVE-2025-15568 — Tp-link Archer_axe75_firmware: A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-15568

A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device. This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107. CVSSv3.1 8.0 (HIGH)

CWECWE 78VNDTp LinkTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-03-09
2026-03-09 13:00Z
CRIT

Pre-Authentication SQL Injection in FortiClient EMS 7.4.4 - CVE-2026-21643

Bishop Fox Labs·bishopfox.comCVE-2026-21643

Bishop Fox disclosed practical exploitation of CVE-2026-21643, a pre-authentication SQL injection in FortiClient EMS 7.4.4 affecting multi-tenant deployments. The vulnerability exists in the SiteMiddleware layer where unsanitized HTTP Site headers are interpolated directly into PostgreSQL SET search_path statements before authentication checks. Attackers can achieve arbitrary SQL execution, credential theft, endpoint data exfiltration, and RCE via the unauthenticated /api/v1/init_consts endpoint with no rate limiting.

SRFApplicationTACTA0001SRFNetworkTACTA0007VNDFortinetTYPWriteupTYPVulnerabilitySTGDiscovery
9.8
CVSS v3.1
92
Edit Score
2026-03-09
2026-03-09 00:00Z
HIGH

TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense

Trend Micro Research·trendmicro.com

Trend Micro researchers demonstrated two novel attack vectors against AI systems at [un]prompted 2026: (1) exploiting AI-driven KYC pipelines by embedding malicious instructions in documents to trick AI agents into reading/writing across customer records, and (2) FENRIR, an automated vulnerability discovery system that has identified 60+ published CVEs and 100+ pre-disclosure vulnerabilities in AI/MCP ecosystems. The research frames documents as executable attack surfaces when AI agents can read and invoke tools, fundamentally shifting the threat model for document-processing pipelines.

SRFApplicationTACTA0001TACTA0007SRFAiVNDTrend MicroTYPResearchTYPTechniqueSTGDiscovery
72
Edit Score
2026-03-07
2026-03-07 13:21Z
HIGH

linux-kernel-exploitation — A collection of links related to Linux kernel security and exploitation

A comprehensive curated repository of Linux kernel exploitation research, techniques, and tools maintained by Andrey Konovalov. The collection spans 15+ years of kernel pwning primitives including heap feng shui, use-after-free exploitation, KASLR bypasses, control-flow hijacking, and defense evasion methods, with bimonthly updates covering both academic papers and practical CTF/real-world exploits.

SRFOsTACTA0004TACTA0005OSLinuxTYPResearchTYPToolSTGPrivescSTGExecution
72
Edit Score
2026-03-06
2026-03-06 21:09Z
HIGH

How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework

GitHub Security·github.blogCVE-2025-64487

GitHub Security Lab released an open-source AI-powered framework (seclab-taskflows) that uses LLM-based agents to audit codebases for web security vulnerabilities. The framework employs a multi-stage threat modeling and auditing approach to minimize hallucinations and false positives, and has discovered 80+ vulnerabilities including authorization bypasses and privilege escalations in real open-source projects. The taskflows are publicly available and can be run on any repository with a GitHub Copilot license.

SRFApplicationTACTA0001SRFWebVNDGithubTYPResearchTYPToolSTGDiscoverySTGInitial Access
72
Edit Score
2026-03-06
2026-03-06 19:16Z
CRIT

CVE-2026-29063 — Immutable-js Immutable: Immutable.js provides many Persistent Immutable data structures.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5. CVSSv3.1 9.8 (CRITICAL)

CWECWE 1321CWECWE 915VNDImmutable JsVNDImmutableTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-06
2026-03-06 18:16Z
HIGH

CVE-2026-29091 — Locutus Locutus: Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-29091

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the locutus project, specifically within the call_user_func_array function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an insecure implementation of the call_user_func_array function (and its wrappe CVSSv3.1 8.1 (HIGH)

CWECWE 94CWECWE 95VNDLocutusTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-06
2026-03-06 16:16Z
CRIT

CVE-2026-26288 — Everon Api.everon.io: WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26288

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructu CVSSv3.1 9.4 (CRITICAL)

CWECWE 306VNDWebsocketVNDEveronTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2026-03-06
2026-03-06 15:16Z
CRIT

CVE-2026-26051 — Mvm Mobiliti_e-mobi.hu: WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-26051

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructu CVSSv3.1 9.4 (CRITICAL) · EPSS 53th percentile

CWECWE 306VNDMvmVNDWebsocketTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2026-03-06
2026-03-06 11:02Z
HIGH

adar — Active Directory reconnaissance & attack tool for authorized pentesting — LDAP, Kerberos, user enum, Kerberoasting, AS-R

GitHub · AD attack tooling·github.comGITHUB POC

ADAR is a comprehensive Active Directory reconnaissance and attack tool for authorized penetration testing, implementing 20+ enumeration techniques across four tiers: unauthenticated (DNS, LDAP anon, Kerberos AS-REQ, SMB null, LLMNR/passive), low-auth (LDAP referral, OXID, SAMR, RID cycling), credential-required (LDAP auth, AS-REP Roasting, Kerberoasting, SYSVOL/GPP parsing), and specialized (ADCS ESC detection, Azure AD enumeration, OWA timing side-channel, printer spooler). The tool supports stealth profiles, pass-the-hash, and multiple output formats (JSON, HTML, CSV).

SRFApplicationTACTA0001SRFNetworkTACTA0006SRFIdentityTACTA0043TYPResearchTYPTool
78
Edit Score
2026-03-06
2026-03-06 10:42Z
HIGH

Shadow IT: The Initial Access You Didn’t Log

Sekoia.io·sekoia.io

Sekoia analysis documents a recurring intrusion pattern where attackers gain initial access through shadow IT infrastructure—unmanaged edge devices, orphaned cloud storage, unmonitored SaaS tenants, exposed developer credentials, and domain lifecycle abuse—that exists outside SOC visibility boundaries. The research synthesizes five documented attack chains (ransomware via unpatched VPN appliances, cloud storage repurposing, OAuth persistence, leaked CI/CD credentials, and domain takeover) to demonstrate that the visibility gap between external attacker reconnaissance and internal SOC telemetry is the primary exploitation vector.

TACTA0001SRFNetwork ApplianceSRFIdentitySRFCloudTACTA0043SRFSupply ChainTYPResearchTYPThreat Intel
78
Edit Score
2026-03-06
2026-03-06 09:15Z
HIGH

CVE-2026-23925 — Zabbix Zabbix: This can lead to confidentiality loss by creating unauthorized hosts.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-23925

An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions. CVSSv3.1 8.1 (HIGH) · EPSS 4th percentile

CWECWE 863VNDZabbixTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-06
2026-03-06 07:16Z
CRIT

CVE-2026-28802 — Authlib Authlib: From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.. This issue has been patched in version 1.6.7. CVSSv3.1 9.8 (CRITICAL)

CWECWE 347VNDAuthlibTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-06
2026-03-06 00:16Z
CRIT

CVE-2026-22552 — Epower Epower.ie: WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22552

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructu CVSSv3.1 9.4 (CRITICAL)

CWECWE 306VNDWebsocketVNDEpowerTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2026-03-05
2026-03-05 22:16Z
CRIT

CVE-2026-28474 — Openclaw Openclaw: OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28474

OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room allowlists. An attacker can change their Nextcloud display name to match an allowlisted user ID and gain unauthorized access to restricted conversations. CVSSv3.1 9.8 (CRITICAL)

CWECWE 863VNDOpenclawVNDNextcloudTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-05
2026-03-05 22:16Z
HIGH

CVE-2026-28463 — Openclaw Openclaw: versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28463

OpenClaw versions prior to 2026.2.14 contain an arbitrary file read vulnerability in the exec-approvals allowlist validation that checks pre-expansion argv tokens but executes using real shell expansion. Attackers with authorization or through prompt-injection attacks can exploit safe binaries like head, tail, or grep with glob patterns or environment variables to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode. CVSSv3.1 8.4 (HIGH)

CWECWE 78VNDOpenclawTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-03-05
2026-03-05 22:16Z
CRIT

CVE-2026-21622 — Hex Hexpm: Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Accounts.PasswordReset' module) allows Account Takeover.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21622

Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Accounts.PasswordReset' module) allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset link with a token. This token remains valid indefinitely until used. There is no time-based expiration enforced. If a user's historical emails are exposed through a data breach (e. CVSSv3.1 9.8 (CRITICAL)

CWECWE 613VNDHexTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-05
2026-03-05 21:16Z
HIGH

CVE-2025-70995 — Aranda: An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70995

An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile, which is processed by the ASP.NET runtime. The uploaded configuration file alters the execution context of the upload directory, enabling compilation and execution of attacker-control CVSSv3.1 8.8 (HIGH) · EPSS 62th percentile

CWECWE 94VNDArandaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-05
2026-03-05 21:16Z
CRIT

CVE-2025-70948 — A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70948

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header. CVSSv3.1 9.3 (CRITICAL) · EPSS 2th percentile

CWECWE 644TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2026-03-05
2026-03-05 21:16Z
HIGH

CVE-2025-70614 — Opencode Ussd_gateway: Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter. CVSSv3.1 8.1 (HIGH) · EPSS 11th percentile

CWECWE 284VNDOpencodeTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-05
2026-03-05 20:16Z
CRIT

CVE-2025-29165 — Dlink Dir-1253_firmware: An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-29165

An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component CVSSv3.1 9.8 (CRITICAL) · EPSS 6th percentile

CWECWE 269VNDDlinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-05
2026-03-05 19:16Z
HIGH

CVE-2026-3047 — Redhat Build_of_keycloak: This allows a remote attacker to gain unauthorized access to other enabled clients without

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3047

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is configured as an Identity Provider (IdP)-initiated broker landing target, it can still complete the login process and establish a Single Sign-On (SSO) session. This allows a remote attacker to gain unauthorized access to other enabled clients without re-authentication, effectively bypassing security restrictions. CVSSv3.1 8.8 (HIGH)

CWECWE 305TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-05
2026-03-05 19:16Z
HIGH

CVE-2026-3009 — Redhat Build_of_keycloak: A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-3009

A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider. CVSSv3.1 8.1 (HIGH)

CWECWE 863VNDIdentitybrokerserviceTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-05
2026-03-05 16:16Z
HIGH

CVE-2026-30794 — Rustdesk Rustdesk: Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30794

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid_certs(true). This issue affects RustDesk Client: through 1.4.8. CVSSv3.1 8.1 (HIGH)

CWECWE 295VNDRustdeskTYPVulnerability
8.1
CVSS v3.1
91
Edit Score