Security Advisories

Showing 110 advisories

CVE-2026-3312 | Pagure reStructuredText File path traversal

A vulnerability was found in Pagure. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the component reStructuredText File Handler. Performing a manipulation results in path traversal. This vulnerability is identified as CVE-2026-3312. The attack can be ini

Mar 17, 2026

Global

VulDBMedium

CVE-2026-2373 | wproyal Royal Addons for Elementor Plugin up to 1.7.1049 on WordPress get_main_query_args authorization (EUVD-2026-12537)

A vulnerability was found in wproyal Royal Addons for Elementor Plugin up to 1.7.1049 on WordPress. It has been declared as problematic. Affected is the function get_main_query_args. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2026-2373. It is possible t

Mar 17, 2026

Global

VulDBHigh

CVE-2026-4258 | sjcl sjcl.ecc.basicKey.publicKey signature verification (SNYK-JS-SJCL-15369617 / EUVD-2026-12542)

A vulnerability was found in sjcl. It has been classified as problematic. This impacts the function sjcl.ecc.basicKey.publicKey. This manipulation causes improper verification of cryptographic signature. The identification of this vulnerability is CVE-2026-4258. It is possible to initiate the attack

Mar 17, 2026

Global

VulDBCritical

CVE-2026-4158 | KeePassXC OpenSSL Configuration uncontrolled search path

A vulnerability was found in KeePassXC and classified as problematic. This affects an unknown function of the component OpenSSL Configuration. The manipulation results in uncontrolled search path. This vulnerability was named CVE-2026-4158. The attack needs to be approached locally. There is no avai

Mar 17, 2026

Global

VulDBCritical

CVE-2026-4157 | ChargePoint Home Flex revssh Service command injection

A vulnerability has been found in ChargePoint Home Flex and classified as critical. The impacted element is an unknown function of the component revssh Service. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2026-4157. The attack can only be initiated w

Mar 17, 2026

Global

VulDBCritical

CVE-2026-4156 | ChargePoint Home Flex OCPP getpreq stack-based overflow

A vulnerability, which was classified as critical, was found in ChargePoint Home Flex. The affected element is the function getpreq of the component OCPP Handler. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2026-4156. The attack can only be

Mar 17, 2026

Global

VulDBLow

CVE-2026-4155 | ChargePoint Home Flex information disclosure

A vulnerability, which was classified as problematic, has been found in ChargePoint Home Flex. Impacted is an unknown function. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2026-4155. Remote exploitation of the attack is possible. No exploit is avai

Mar 17, 2026

Global

VulDBCritical

CVE-2026-4149 | Sonos Era 300 SMB Response out-of-bounds

A vulnerability classified as problematic was found in Sonos Era 300. This issue affects some unknown processing of the component SMB Response Handler. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2026-4149. The attack may be launched remotely. There is no explo

Mar 17, 2026

Global

VulDBCritical

CVE-2026-2049 | GIMP HDR File Parser heap-based overflow

A vulnerability classified as critical has been found in GIMP. This vulnerability affects unknown code of the component HDR File Parser. This manipulation causes heap-based buffer overflow. This vulnerability appears as CVE-2026-2049. The attack may be initiated remotely. There is no available explo

Mar 17, 2026

Global

VulDBCritical

CVE-2026-2046 | GIMP LBM File Parser heap-based overflow

A vulnerability described as critical has been identified in GIMP. This affects an unknown part of the component LBM File Parser. The manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-2046. The attack can be launched remotely. No exploit exists. It is bes

Mar 17, 2026

Global

VulDBLow

CVE-2022-1972 | Linux Kernel nf_tables_newset out-of-bounds write

A vulnerability marked as critical has been reported in Linux Kernel. Affected by this issue is some unknown functionality of the component nf_tables_newset. The manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2022-1972. The attack needs to be performed locally. Th

Mar 17, 2026

Global

VulDBCritical

CVE-2026-4177 | TODDR YAML::Syck up to 1.36 on Perl base64 Decoder heap-based overflow (EUVD-2026-12523)

A vulnerability labeled as critical has been found in TODDR YAML::Syck up to 1.36 on Perl. Affected by this vulnerability is an unknown functionality of the component base64 Decoder. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability is registered as CVE-2026-4177. I

Mar 17, 2026

Global

VulDBHigh

CVE-2026-2579 | wpxpo WowStore Plugin up to 4.4.3 on WordPress sql injection (EUVD-2026-12532)

A vulnerability identified as critical has been detected in wpxpo WowStore Plugin up to 4.4.3 on WordPress. Affected is an unknown function. Performing a manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-2579. It is possible to initiate the attack remotely. There is

Mar 17, 2026

Global

HKCERTCritical

Microsoft Edge Remote Code Execution Vulnerability

A vulnerability was identified in Microsoft Edge. A remote attacker could exploit this vulnerability to trigger remote code execution, security restriction bypass and data manipulation on the targeted system. Note: CVE-2026-3909 is being exploited in the wild. A... Impact Remote Code Execution Secur

Mar 17, 2026

Hong Kong

VulDBMedium

CVE-2026-21991 | Oracle Linux 8/9/10 dtprobed denial of service (EUVD-2026-12522 / Nessus ID 302243)

A vulnerability categorized as critical has been discovered in Oracle Linux 8/9/10. This impacts an unknown function of the component dtprobed. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2026-21991. The attack must be carried out locally. There is no available

Mar 16, 2026

Global

VulDBMedium

CVE-2026-4308 | frdel/agent0ai agent-zero 0.9.7 document_query.py handle_pdf_document server-side request forgery (EUVD-2026-12538)

A vulnerability was found in frdel/agent0ai agent-zero 0.9.7. It has been rated as critical. This affects the function handle_pdf_document of the file python/helpers/document_query.py. This manipulation causes server-side request forgery. This vulnerability is tracked as CVE-2026-4308. The attack is

Mar 16, 2026

Global

VulDBMedium

CVE-2026-4307 | frdel/agent0ai agent-zero 0.9.7-10 python/helpers/files.py get_abs_path path traversal (EUVD-2026-12536)

A vulnerability was found in frdel/agent0ai agent-zero 0.9.7-10. It has been declared as critical. The impacted element is the function get_abs_path of the file python/helpers/files.py. The manipulation results in path traversal. This vulnerability is identified as CVE-2026-4307. The attack can be e

Mar 16, 2026

Global

VulDBLow

CVE-2025-68971 | Forgejo up to 13.0.3 File Attachment denial of service (EUVD-2025-208771)

A vulnerability was found in Forgejo up to 13.0.3. It has been classified as problematic. The affected element is an unknown function of the component File Attachment Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-68971. Remote exploitation of the

Mar 16, 2026

Global

VulDBMedium

CVE-2026-2454 | Mattermost up to 10.11.10/11.2.2/11.3.0 Websocket Message improper validation of specified type of input (EUVD-2026-12510)

A vulnerability was found in Mattermost up to 10.11.10/11.2.2/11.3.0 and classified as problematic. Impacted is an unknown function of the component Websocket Message Handler. Executing a manipulation can lead to improper validation of specified type of input. The identification of this vulnerabilit

Mar 16, 2026

Global

VulDBLow

CVE-2026-29522 | ZwickRoell Test Data Management up to 3.0.7 node_upgrade_srv.js firmware path traversal (EUVD-2026-12520)

A vulnerability has been found in ZwickRoell Test Data Management up to 3.0.7 and classified as critical. This issue affects some unknown processing of the file /server/node_upgrade_srv.js. Performing a manipulation of the argument firmware results in path traversal. This vulnerability was named CVE

Mar 16, 2026

Global

VulDBCritical

CVE-2025-69902 | kubectl-mcp-server 1.2.0 minimal_wrapper.py os command injection (EUVD-2025-208773)

A vulnerability, which was classified as critical, was found in kubectl-mcp-server 1.2.0. This vulnerability affects unknown code of the file minimal_wrapper.py. Such manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-69902. The attack can be launched r

Mar 16, 2026

Global

CCCSLow

HPE security advisory (AV26-244)

Serial number: AV26-244Date: March 16, 2026 On March 16, 2026, HPE published a security advisory to address a vulnerability in the following product: HPE Telco Service Orchestrator – versions prior to v4.2.12 The Cyber Centre encourages users and administrators to review the provided web links and a

Mar 16, 2026

Canada

CCCSCritical

Wing FTP security advisory (AV25-391) - Update 2

Serial number: AV25-391Date: July 3, 2025Updated: March 16, 2026 On May 14, 2025, Wing FTP a published an update to address a critical vulnerability in the following product: Wing FTP Server – version v7.4.3 and prior Open-source reporting has indicated that proof-of-concept exploit code is availabl

Mar 16, 2026

Canada

CCCSLow

Microsoft Edge security advisory (AV26-243)

Serial number: AV26-243Date: March 16, 2026 On March 13, 2026, Microsoft published a security update to address vulnerabilities in the following product: Microsoft Edge Stable Channel – versions prior to 146.0.3856.59 Microsoft has indicated that CVE-2026-3910 has an available exploit. The Cyber Cen

Mar 16, 2026

Canada

CCCSLow

Red Hat security advisory (AV26-242)

Serial number: AV26-242Date: March 16, 2026 Between March 9 and 15, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products: Red Hat CodeReady Linux Builder – multiple

Mar 16, 2026

Canada

CCCSLow

[Control systems] CISA ICS security advisories (AV26–241)

Serial number: AV26-241Date: March 16, 2026 Between March 9 and 15, 2026, CISA published ICS advisories to address vulnerabilities in the following products: Apeman Cameras ID71 – all versions Ceragon Siklu MultiHaul and EtherHaul Series – multiple versions Honeywell IQ4x BMS Controller – multiple v

Mar 16, 2026

Canada

CCCSLow

Google Chrome security advisory (AV26-240)

Serial number: AV26-240Date: March 16, 2026 On March 13, 2026, Google published a security advisory to address vulnerabilities in the following product: Stable Channel Chrome for Desktop – versions prior to 146.0.7680.80 (Windows/Mac) and 146.0.7680.80 (Linux) On March 13, 2026, Cybersecurity and In

Mar 16, 2026

Canada

CCCSLow

Ubuntu security advisory (AV26-239)

Serial number: AV26-239Date: March 16, 2026 Between March 9 and 15, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products: Ubuntu 22.04 LTS Ubuntu 24.04 LTS The Cyber Centre encourages users and administrators to review the web links

Mar 16, 2026

Canada

CCCS

Dell security advisory (AV26-238)

Serial number: AV26-238Date: March 16, 2026 Between March 9 and 15, 2026, Dell published security advisories to address vulnerabilities in multiple products: Dell Avamar Data Store Gen5A – versions prior to 2.25.0 and 24.0.0 Dell Connectrix B-Series FOS and SANnav – multiple versions Dell Connectrix

Mar 16, 2026

Canada

CCCSCritical

IBM security advisory (AV26-237)

Serial number: AV26-237Date: March 16, 2026 Between March 9 and 15, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following: Cloudera Data Platform Private Cloud Base with IBM (CDP) – version 7.1.9 Cloudera Data Platfo

Mar 16, 2026

Canada

CISAMedium

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-47813 Wing FTP Server Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses signifi

Mar 16, 2026

United States

HKCERTMedium

Debian Linux Kernel Multiple Vulnerabilities

Multiple vulnerabilities were identified in Debian Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and sensitive information disclosure on the targeted system. Impact Denial of Service Information Disclosure E

Mar 16, 2026

Hong Kong

HKCERTMedium

Microsoft Products Information Disclosure Vulnerability

A vulnerability was identified in Microsoft products. A remote attacker could exploit this vulnerability to trigger sensitive information disclosure and data manipulation on the targeted system. Impact Information Disclosure Data Manipulation System / Technologies affected Microsoft Office: Excel (i

Mar 16, 2026

Hong Kong

HKCERTCritical

Microsoft Edge Multiple Vulnerabilities

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, security restriction bypass, spoofing and sensitive information disclosure on the targeted system. Note: CVE-2026-.

Mar 16, 2026

Hong Kong

HKCERTHigh

Phishing Alert - HKCERT Warns of Phishing Scams Impersonating Water Supplies Department via Fake Bills

Solutions HKCERT urges the public to remain vigilant and never enter any information or make payments on suspicious websites. If you receive suspicious SMS messages or emails purporting to be from WSD, do not click on any links and do not provide personal or payment information. If you need to check

Mar 16, 2026

Hong Kong

CCCSLow

Google Chrome security advisory (AV26-235) – Update 1

Serial number: AV26-235Date: March 13, 2026Updated: March 13, 2026 On March 12, 2026, Google published a security advisory to address vulnerabilities in the following product: Stable Channel Chrome for Desktop – versions prior to 146.0.7680.75/76 (Windows/Mac) and 146.0.7680.75 (Linux) Google is awa

Mar 13, 2026

Canada

CCCSLow

[Control systems] ABB security advisory (AV26-236)

Serial number: AV26-236Date: March 13, 2026 On March 11, 2026, ABB published a security advisory to address vulnerabilities in the following products: AWIN GW100 rev.2 – versions 2.0-0 to 2.0-1 AWIN GW120 – versions 1.2-0 to 1.2-1. The Cyber Centre encourages users and administrators to review the p

Mar 13, 2026

Canada

CISA

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910 Google Chromium V8 Unspecified Vulnerability These types of vulnerabilities are frequent at

Mar 13, 2026

United States

HKCERTCritical

Cisco IOS XR Multiple Vulnerabilities

Multiple vulnerabilities were identified in Cisco IOS XR. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system. Impact Denial of Service Remote Code Execution System / Technologies affected Cisco IOS XR

Mar 13, 2026

Hong Kong

HKCERTMedium

Erlang/OTP Multiple Vulnerabilities

Multiple vulnerabilities were identified in Erlang/OTP. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system. Impact Denial of Service Information Disclosure System / Technologies affected Ver

Mar 13, 2026

Hong Kong

HKCERTCritical

Google Chrome Multiple Vulnerabilities

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass and data manipulation on the targeted system. Note: CVE-2026-3909 is being exploited in the wild. ... Impact Data Man

Mar 13, 2026

Hong Kong

CCCSLow

HPE security advisory (AV26-234)

Serial number: AV26-234Date: March 12, 2026 On March 12, 2026, HPE published a security advisory to address a vulnerability in the following product: HPE Compute Scale-up Server 3200 – versions prior to v1.70.74 The Cyber Centre encourages users and administrators to review the provided web links an

CVE-2026-3312 | Pagure reStructuredText File path traversal

CVE-2026-2373 | wproyal Royal Addons for Elementor Plugin up to 1.7.1049 on WordPress get_main_query_args authorization (EUVD-2026-12537)

CVE-2026-4258 | sjcl sjcl.ecc.basicKey.publicKey signature verification (SNYK-JS-SJCL-15369617 / EUVD-2026-12542)

CVE-2026-4158 | KeePassXC OpenSSL Configuration uncontrolled search path

CVE-2026-4157 | ChargePoint Home Flex revssh Service command injection

CVE-2026-4156 | ChargePoint Home Flex OCPP getpreq stack-based overflow

CVE-2026-4155 | ChargePoint Home Flex information disclosure

CVE-2026-4149 | Sonos Era 300 SMB Response out-of-bounds

CVE-2026-2049 | GIMP HDR File Parser heap-based overflow

CVE-2026-2046 | GIMP LBM File Parser heap-based overflow

CVE-2022-1972 | Linux Kernel nf_tables_newset out-of-bounds write

CVE-2026-4177 | TODDR YAML::Syck up to 1.36 on Perl base64 Decoder heap-based overflow (EUVD-2026-12523)

CVE-2026-2579 | wpxpo WowStore Plugin up to 4.4.3 on WordPress sql injection (EUVD-2026-12532)

Microsoft Edge Remote Code Execution Vulnerability

CVE-2026-21991 | Oracle Linux 8/9/10 dtprobed denial of service (EUVD-2026-12522 / Nessus ID 302243)

CVE-2026-4308 | frdel/agent0ai agent-zero 0.9.7 document_query.py handle_pdf_document server-side request forgery (EUVD-2026-12538)

CVE-2026-4307 | frdel/agent0ai agent-zero 0.9.7-10 python/helpers/files.py get_abs_path path traversal (EUVD-2026-12536)

CVE-2025-68971 | Forgejo up to 13.0.3 File Attachment denial of service (EUVD-2025-208771)

CVE-2026-2454 | Mattermost up to 10.11.10/11.2.2/11.3.0 Websocket Message improper validation of specified type of input (EUVD-2026-12510)

CVE-2026-29522 | ZwickRoell Test Data Management up to 3.0.7 node_upgrade_srv.js firmware path traversal (EUVD-2026-12520)

CVE-2025-69902 | kubectl-mcp-server 1.2.0 minimal_wrapper.py os command injection (EUVD-2025-208773)

HPE security advisory (AV26-244)

Wing FTP security advisory (AV25-391) - Update 2

Microsoft Edge security advisory (AV26-243)

Red Hat security advisory (AV26-242)

[Control systems] CISA ICS security advisories (AV26–241)

Google Chrome security advisory (AV26-240)

Ubuntu security advisory (AV26-239)

Dell security advisory (AV26-238)

IBM security advisory (AV26-237)

CISA Adds One Known Exploited Vulnerability to Catalog

Debian Linux Kernel Multiple Vulnerabilities

Microsoft Products Information Disclosure Vulnerability

Microsoft Edge Multiple Vulnerabilities

Phishing Alert - HKCERT Warns of Phishing Scams Impersonating Water Supplies Department via Fake Bills

Google Chrome security advisory (AV26-235) – Update 1

[Control systems] ABB security advisory (AV26-236)

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Cisco IOS XR Multiple Vulnerabilities

Erlang/OTP Multiple Vulnerabilities

Google Chrome Multiple Vulnerabilities

HPE security advisory (AV26-234)

Apple security advisory (AV26-233)

[Control systems] ABB security advisory (AV26-232)

Zoom security advisory (AV26-231)

GitHub security advisory (AV26-230)

Veeam security advisory (AV26-229)

Palo Alto Networks security advisory (AV26-228)

GitLab Multiple Vulnerabilities

Splunk security advisory (AV26-227)

Siemens SIDIS Prime

Siemens RUGGEDCOM APE1808 Devices

Siemens SIMATIC

Trane Tracer SC, Tracer SC+, and Tracer Concierge

Siemens Heliox EV Chargers

Inductive Automation Ignition Software

Fortinet Products Multiple Vulnerabilities

Google Chrome Multiple Vulnerabilities

Mozilla Firefox Multiple Vulnerabilities

Multiples vulnérabilités dans les produits Palo Alto Networks (12 mars 2026)

Multiples vulnérabilités dans les produits Splunk (12 mars 2026)

Vulnérabilité dans GLPI (12 mars 2026)

Multiples vulnérabilités dans Google Chrome (12 mars 2026)

Multiples vulnérabilités dans Cisco IOS XR (12 mars 2026)

Multiples vulnérabilités dans les produits Apple (12 mars 2026)

n8n security advisory (AV25-857) – Update 1

CISA Adds One Known Exploited Vulnerability to Catalog

Aruba Products Multiple Vulnerabilities

Adobe Monthly Security Update (March 2026)

Microsoft Monthly Security Update (March 2026)

Zoom Products Multiple Vulnerabilities

Panorama de la cybermenace 2025 (11 mars 2026)

Multiples vulnérabilités dans Curl (11 mars 2026)

Multiples vulnérabilités dans les produits Adobe (11 mars 2026)

Multiples vulnérabilités dans Mozilla Firefox (11 mars 2026)

Multiples vulnérabilités dans VMware Tanzu (11 mars 2026)

Multiples vulnérabilités dans Microsoft .Net (11 mars 2026)

Multiples vulnérabilités dans les produits Fortinet (11 mars 2026)

Vulnérabilité dans Ivanti Desktop and Server Management (DSM) (11 mars 2026)