News & Sicurezza

Google rolt update uit voor actief aangevallen beveiligingslek in Chrome Google heeft een update voor een actief aangevallen beveiligingslek in Chrome uitgerold. De kwetsbaarheid (CVE-2026-5281) bevindt zich in Dawn, een open source en crossplatform implementatie van de We ... Read more Published Date: Apr 01, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281

Hackers Actively Exploiting Critical WebLogic RCE Vulnerabilities in Attacks A recent cybersecurity study reveals that threat actors are moving faster than ever to weaponize new software flaws. According to data collected from a high-interaction honeypot, hackers are actively ... Read more Published Date: Apr 01, 2026 (23 hours, 51 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21962 CVE-2020-14883 CVE-2020-14882 CVE-2020-2551 CVE-2017-10271

New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now Google has released an emergency security update for its Chrome browser, patching a zero-day vulnerability that is already being actively exploited in the wild. The Stable channel has been updated to ... Read more Published Date: Apr 01, 2026 (23 hours, 59 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-5290 CVE-2026-5289 CVE-2026-5288 CVE-2026-5287 CVE-2026-5285 CVE-2026-5284 CVE-2026-5281 CVE-2026-5280 CVE-2026-5279 CVE-2026-5278 CVE-2026-5276 CVE-2026-5275 CVE-2026-5274 CVE-2026-5273 CVE-2026-5272

2 Million Monthly Users at Risk: Critical 9.3 CVSS SQL Injection Hits MikroORM in “Duck-Typed” Disaster A critical vulnerability has been identified in MikroORM, a widely used TypeScript Object-Relational Mapper (ORM) for Node.js. With over 2 million downloads every month, the impact of this flaw could ... Read more Published Date: Apr 01, 2026 (1 day ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-34220 CVE-2026-3502 CVE-2026-33032 CVE-2025-15101 CVE-2026-25544 CVE-2026-21962

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerab ... Read more Published Date: Apr 01, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-3055 CVE-2026-3910 CVE-2026-3909 CVE-2026-2441 CVE-2025-53521

CVE ID :CVE-2026-25601 Published : April 1, 2026, 12:16 p.m. | 1 hour, 38 minutes ago Description :A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user passwords before storing them in the application’s database. An attacker with sufficient privileges to access the database could extract the encrypted passwords, decrypt them using the embedded key, and gain unauthorized access to the associated ICS/OT environment. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281) Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5281 As per usual, information about the fix ... Read more Published Date: Apr 01, 2026 (23 hours, 26 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-5284 CVE-2026-5281 CVE-2026-4676 CVE-2026-4675

Google Chrome Update Fixes 21 Flaws, Warns of Actively Exploited Vulnerability Google has released a Stable Channel Update for Chrome, addressing 21 security vulnerabilities, including a high-profile code smuggling vulnerability that is actively being exploited in the wild. The ... Read more Published Date: Apr 01, 2026 (23 hours, 28 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-5287 CVE-2026-5281 CVE-2026-5274 CVE-2026-5273 CVE-2026-5272 CVE-2025-52691 CVE-2025-48543 CVE-2025-38352

CVE ID :CVE-2026-0932 Published : April 1, 2026, 11:15 a.m. | 2 hours, 38 minutes ago Description :Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-24096 Published : April 1, 2026, 11:15 a.m. | 2 hours, 38 minutes ago Description :Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-1879 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the attack is possible. The exploit is now public and may be used. Upgrading to version 6.10 mitigates this issue. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2024-53828 Published : April 1, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...