News & Sicurezza

CVE ID :CVE-2026-23899 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :An improper access check allows unauthorized access to webservice endpoints. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-21631 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :Lack of output escaping leads to a XSS vector in the multilingual associations component. Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-21632 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :Lack of output escaping for article titles leads to XSS vectors in various locations. Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

NVIDIA Patches High-Severity “Insecure Deserialization” Flaws in BioNeMo Framework NVIDIA has issued an important security update for its BioNeMo Framework, a critical tool used by researchers and developers in the generative AI and drug discovery space. The update addresses two hig ... Read more Published Date: Apr 01, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-24165 CVE-2026-24164 CVE-2026-3502 CVE-2026-33032 CVE-2025-33244 CVE-2026-21962 CVE-2024-0143

CVE ID :CVE-2026-5259 Published : April 1, 2026, 8:16 a.m. | 1 hour, 38 minutes ago Description :A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-27101 Published : April 1, 2026, 8:16 a.m. | 1 hour, 38 minutes ago Description :Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution. Severity: 4.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-28265 Published : April 1, 2026, 8:16 a.m. | 1 hour, 38 minutes ago Description :PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. Severity: 4.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse CVE-2026-20929, a vulnerability with a CVSS of 7.5 that was patched in the January 2026 Patch Tuesday update, enables attackers to exploit Kerberos authentication relay through DNS CNAME record abuse. ... Read more Published Date: Apr 01, 2026 (1 day, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20929

Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics The notorious Russia-aligned threat actor known as Pawn Storm (also recognized as APT28, Fancy Bear, and Forest Blizzard) has significantly escalated its cyber operations in early 2026. According to a ... Read more Published Date: Apr 01, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-3502 CVE-2026-33032 CVE-2026-21513 CVE-2026-21509 CVE-2026-21962

PNG Vulnerabilities Allow Attackers to Trigger Process Crashes, Leak Sensitive Information Two high-severity vulnerabilities have been discovered in libpng, the widely used reference library for reading and writing PNG images. These flaws allow attackers to trigger process crashes, leak sen ... Read more Published Date: Apr 01, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-33636 CVE-2026-33416

A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/file_manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID :CVE-2026-4748 Published : April 1, 2026, 7:16 a.m. | 2 hours, 38 minutes ago Description :A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected. Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant. Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...