News & Sicurezza

CVE ID :CVE-2026-5319 Published : April 2, 2026, 4:16 a.m. | 3 hours, 37 minutes ago Description :A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Critical 9.8 CVSS Flaw in Cisco SSM On-Prem Grants Unauthenticated Root Access Cisco has recently dropped a high-stakes security advisory regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem). Labeled as CVE-2026-20160, this flaw carries a CVSS s ... Read more Published Date: Apr 02, 2026 (1 day ago) Vulnerabilities has been mentioned in this article. CVE-2026-20160 CVE-2026-20093 CVE-2026-5281 CVE-2026-34156 CVE-2026-3502 CVE-2026-33032 CVE-2026-21962 CVE-2025-20265 CVE-2025-20309 CVE-2025-20260 CVE-2025-20188

Vim Modeline Bypass Vulnerability Let Attackers Execute Arbitrary OS Commands A newly discovered high-severity vulnerability in the popular Vim text editor exposes users to arbitrary command execution on the operating system. Tracked as CVE-2026-34982, the flaw relies on a mode ... Read more Published Date: Apr 02, 2026 (18 hours, 21 minutes ago) Vulnerabilities has been mentioned in this article.

Public PoC Exploit Released for Nginx-UI Backup Restore Vulnerability A critical security flaw has been disclosed in the Nginx-UI backup restore mechanism, tracked as CVE-2026-33026. This vulnerability allows threat actors to tamper with encrypted backup archives and in ... Read more Published Date: Apr 02, 2026 (14 hours, 23 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-33026

CVE-2026-5281 — Google Chrome Dawn Use-After-Free Under Active Exploitation April 2, 2026CISA has added CVE-2026-5281 to its Known Exploited Vulnerabilities catalog, marking the fourth Chrome zero-day exploited in the wild during 2026 alone. Federal agencies are required to r ... Read more Published Date: Apr 02, 2026 (14 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-3910 CVE-2026-3909 CVE-2026-2441

The Return of Operation Triangulation: Coruna Exploit Kit Targets M3 and A17 Chips in Massive iOS Offensive Attack chain of Coruna | Image: Kaspersky Labs On March 4, 2026, reports from Google and iVerify shed light on Coruna, a highly sophisticated exploit kit targeting Apple iPhones. While such advanced t ... Read more Published Date: Apr 02, 2026 (14 hours, 39 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-20160 CVE-2026-5281 CVE-2026-3502 CVE-2026-33032 CVE-2026-21962 CVE-2025-43300 CVE-2023-38606 CVE-2023-32434

CVE ID :CVE-2026-1243 Published : April 2, 2026, 1:16 a.m. | 6 hours, 38 minutes ago Description :IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5317 Published : April 2, 2026, 1:16 a.m. | 6 hours, 38 minutes ago Description :A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5316 Published : April 2, 2026, 12:16 a.m. | 7 hours, 38 minutes ago Description :A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-21767 Published : April 2, 2026, 12:16 a.m. | 7 hours, 38 minutes ago Description :HCL BigFix Platform is affected by insufficient authentication. The application might allow users to access sensitive areas of the application without proper authentication. Severity: 4.0 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-21765 Published : April 2, 2026, 12:16 a.m. | 7 hours, 38 minutes ago Description :HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5314 Published : April 1, 2026, 11:17 p.m. | 8 hours, 37 minutes ago Description :A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...