2026-03-05
2026-03-05 16:16Z
HIGH

CVE-2026-30792 — Rustdesk Rustdesk: A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30792

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files src/hbbs_http/sync.Rs, hbb_common/src/config.Rs and program routines Strategy merge loop in sync.Rs, Config::set_options(). This issue affects RustDesk Client: through 1.4.8. CVSSv3.1 8.1 (HIGH)

CWECWE 345CWECWE 657VNDRustdeskTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-05
2026-03-05 16:16Z
CRIT

CVE-2026-30790 — Rustdesk Rustdesk_server: Use of Password Hash With Insufficient Computational Effort, Cleartext Transmission of Sensitive Information vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30790

Use of Password Hash With Insufficient Computational Effort, Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Server Pro /api login over the HTTP management channel) allows Interception (aka Sniffing) followed by offline Password Brute Forcing. The controlled-host peer authentication channel is NOT affected: Client::secure_connection verifies the HBBS-signed host public ke CVSSv3.1 9.8 (CRITICAL) · EPSS 32th percentile

CWECWE 307CWECWE 916VNDRustdeskTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-05
2026-03-05 16:16Z
CRIT

CVE-2026-30789 — Rustdesk Rustdesk: Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30789

Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction. This issue affects RustDesk Client: through 1.4 CVSSv3.1 9.8 (CRITICAL) · EPSS 33th percentile

CWECWE 916VNDRustdeskTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-05
2026-03-05 16:16Z
CRIT

CVE-2026-30783 — Rustdesk Rustdesk: A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30783

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse. This vulnerability is associated with program files src/rendezvous_mediator.Rs, src/hbbs_http/sync.Rs and program routines API sync loop, api-server config handling. This issue affects RustDesk Client: through 1.4.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 841CWECWE 602VNDRustdeskTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-05
2026-03-05 11:25Z
LOW

v3.7.1

Nuclei releases·github.com

Nuclei v3.7.1 released with bug fixes including panic handling in template loader, cluster failure handling, Chrome teardown race condition fixes, and data race resolution in evaluateVarsWithInteractsh. Minor improvements include API enhancements and dependency updates for Go 1.26 support.

SRFApplicationVNDProjectdiscoveryTYPTool
35
Edit Score
2026-03-05
2026-03-05 08:00Z
INFO

On the Effectiveness of Mutational Grammar Fuzzing

Project Zero·googleprojectzero.blogspot.com

Project Zero researcher publishes analysis of mutational grammar fuzzing effectiveness, identifying two key limitations: coverage-guided feedback failing to detect bugs requiring function chaining, and corpus homogeneity reducing sample diversity. Proposes a practical mitigation strategy of periodic worker restart with server synchronization, demonstrating improved crash discovery rates in libxslt fuzzing experiments.

SRFApplicationTYPResearchTYPTechniqueTYPToolSTGDiscovery
72
Edit Score
2026-03-05
2026-03-05 07:16Z
CRIT

CVE-2026-2743 — Seppmail Seppmail: Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2743

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before CVSSv3.1 9.8 (CRITICAL) · EPSS 69th percentile

CWECWE 434CWECWE 22VNDArbitraryVNDSeppmailTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-05
2026-03-05 06:16Z
HIGH

CVE-2026-28135 — Inclusion: of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28135

Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1052. CVSSv3.1 8.2 (HIGH) · EPSS 18th percentile

CWECWE 829VNDInclusionTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2026-03-05
2026-03-05 06:16Z
HIGH

CVE-2026-28133 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28133

Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14. CVSSv3.1 8.5 (HIGH) · EPSS 12th percentile

CWECWE 434TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-03-05
2026-03-05 06:16Z
HIGH

CVE-2026-22471 — Deserialization: of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22471

Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1. CVSSv3.1 8.8 (HIGH)

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-05
2026-03-05 06:16Z
HIGH

CVE-2026-22460 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22460

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.7.0. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-03-05
2026-03-05 06:16Z
CRIT

CVE-2026-22417 — Deserialization: of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22417

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue affects Grand Wedding: from n/a through < 3.1.11. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-05
2026-03-05 06:16Z
HIGH

CVE-2026-22403 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22403

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Innovio innovio allows PHP Local File Inclusion.This issue affects Innovio: from n/a through <= 1.9. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-05
2026-03-05 06:16Z
HIGH

CVE-2026-22397 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22397

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Fleur fleur allows PHP Local File Inclusion.This issue affects Fleur: from n/a through <= 2.2.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-05
2026-03-05 06:16Z
HIGH

CVE-2026-22392 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22392

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cortex cortex allows PHP Local File Inclusion.This issue affects Cortex: from n/a through <= 1.9. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-05
2026-03-05 06:16Z
HIGH

CVE-2026-22389 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22389

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through <= 2.0. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-05
2026-03-05 02:16Z
CRIT

CVE-2025-40931 — Chorny Apache\: Predicable session ids could allow an attacker to gain access to systems.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-40931

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predic CVSSv3.1 9.1 (CRITICAL)

CWECWE 338CWECWE 340VNDApacheVNDChornyTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-05
2026-03-05 00:00Z
HIGH

New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages

Trend Micro Research·trendmicro.comin the wild

Trend Micro disclosed BoryptGrab, a new information stealer actively distributed via over 100 SEO-optimized fake GitHub repositories masquerading as legitimate software tools (gaming cheats, productivity apps). The malware harvests browser credentials, cryptocurrency wallets, system data, and Telegram/Discord tokens, with delivery chains involving DLL side-loading, VBS downloaders, and a custom PyInstaller backdoor (TunnesshClient) that establishes reverse SSH tunnels for C2 and SOCKS5 proxying. The campaign, active since April 2025, shows Russian language artifacts and infrastructure, with multiple obfuscated loader variants and Vidar stealer payloads.

SRFApplicationSRFOsTACTA0004TACTA0005TACTA0001TACTA0002TACTA0006TACTA0007
76
Edit Score
2026-03-04
2026-03-04 23:00Z
HIGH

Bypassing debug password protection on the RH850 family using fault injection

Quarkslab·blog.quarkslab.com

Quarkslab researchers demonstrated reliable voltage fault injection attacks to bypass 16-byte IDCODE debug password protection on Renesas RH850 automotive microcontrollers. Using power analysis to identify a consistent trigger pattern, they achieved reproducible attacks in ~1 minute on development boards and real ECUs, and validated the attack with budget DIY hardware (Pico Glitcher v3, €30-50).

SRFFirmwareSRFHardwareVNDRenesasTYPResearchTYPExploitSTGDefense EvasionSTGInitial AccessTECT1552
82
Edit Score
2026-03-04
2026-03-04 21:19Z
HIGH

BadZure — BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating the

GitHub · Azure / Entra tools·github.comGITHUB POC

BadZure is a Python-based automation tool that deploys intentionally misconfigured Entra ID tenants and Azure subscriptions with realistic permission sprawl and seven distinct privilege escalation attack paths spanning identity and infrastructure layers. The tool enables red teams, blue teams, and security practitioners to simulate post-compromise Azure attacks, develop detection controls, and conduct purple team exercises without requiring initial access simulation.

TACTA0004TACTA0005SRFIdentitySRFCloudVNDMicrosoftVNDAzureTYPResearchTYPTool
82
Edit Score
2026-03-04
2026-03-04 18:16Z
HIGH

CVE-2026-20082 — Cisco Adaptive_security_appliance_software: A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-20082

A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new, incoming TCP connections that are destined to management or data interfaces when the device is under a TCP SYN flood attack. An attacker could exploit this vulnerability by sendi CVSSv3.1 8.6 (HIGH) · EPSS 36th percentile

CWECWE 772VNDCiscoTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-03-04
2026-03-04 17:16Z
HIGH

CVE-2025-15558 — Docker Command_line_interface: A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker C CVSSv3.1 8.0 (HIGH)

CWECWE 427VNDDockerTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-03-04
2026-03-04 17:00Z
HIGH

Offensive DPAPI With Nemesis

SpecterOps·specterops.io

SpecterOps released Nemesis 2.2 with comprehensive DPAPI automation for Windows credential extraction, including SYSTEM/user masterkey decryption, CNG key handling, and Chromium App-Bound Encryption (ABE) decryption chains. The tool automates the entire decryption pipeline from DPAPI masterkeys through Chrome 137+ ABE protections, supporting both retroactive and forward decryption with file-based enrichment workflows.

SRFApplicationSRFOsTACTA0006TACTA0007VNDMicrosoftVNDGoogleVNDChromiumTYPResearch
78
Edit Score
2026-03-04
2026-03-04 09:15Z
CRIT

CVE-2026-27446 — Apache Activemq_artemis: Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27446

Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This could potentially result in message injection into any queue and/or message exfiltration from any queue via the rogue broker. This impacts environments that allow both: - incoming Cor CVSSv3.1 9.8 (CRITICAL)

CWECWE 306VNDApacheTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-04
2026-03-04 00:00Z
HIGH

Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations

Trend Micro Research·trendmicro.com

Law enforcement and industry partners including Europol, Microsoft, and Trend Micro disrupted Tycoon 2FA, a phishing-as-a-service platform with ~2,000 users that used adversary-in-the-middle (AitM) proxying to bypass MFA and harvest session cookies. The operation seized over 300 domains and attributed the service to threat actors using monikers 'SaaadFridi' and 'Mr_Xaad'. The takedown highlights how PhaaS platforms lower the barrier to entry for credential theft and feed into broader cybercrime ecosystems where stolen sessions are resold to access brokers for follow-on attacks.

TACTA0001SRFIdentitySRFWebVNDMicrosoftVNDTrend MicroTYPThreat IntelTYPNewsSTGInitial Access
72
Edit Score