News & Sicurezza

CVE ID :CVE-2026-5321 Published : April 2, 2026, 5:16 a.m. | 2 hours, 38 minutes ago Description :A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID :CVE-2026-5320 Published : April 2, 2026, 5:16 a.m. | 2 hours, 38 minutes ago Description :A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5318 Published : April 2, 2026, 3:16 a.m. | 4 hours, 38 minutes ago Description :A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Cisco Issues Urgent Patch for Critical IMC Auth Bypass: A CVSS 9.8 Wake-Up Call A newly discovered vulnerability has turned the Cisco Integrated Management Controller (IMC) into a potential backdoor. Tracked as CVE-2026-20093, this critical flaw carries a CVSS score of 9.8, signa ... Read more Published Date: Apr 02, 2026 (23 hours, 59 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-20160 CVE-2026-20093 CVE-2026-5281 CVE-2026-3502 CVE-2026-33032 CVE-2026-21962 CVE-2025-6388 CVE-2025-10159 CVE-2025-20241 CVE-2024-20401

CVE ID :CVE-2026-5319 Published : April 2, 2026, 4:16 a.m. | 3 hours, 37 minutes ago Description :A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Critical 9.8 CVSS Flaw in Cisco SSM On-Prem Grants Unauthenticated Root Access Cisco has recently dropped a high-stakes security advisory regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem). Labeled as CVE-2026-20160, this flaw carries a CVSS s ... Read more Published Date: Apr 02, 2026 (1 day ago) Vulnerabilities has been mentioned in this article. CVE-2026-20160 CVE-2026-20093 CVE-2026-5281 CVE-2026-34156 CVE-2026-3502 CVE-2026-33032 CVE-2026-21962 CVE-2025-20265 CVE-2025-20309 CVE-2025-20260 CVE-2025-20188

Vim Modeline Bypass Vulnerability Let Attackers Execute Arbitrary OS Commands A newly discovered high-severity vulnerability in the popular Vim text editor exposes users to arbitrary command execution on the operating system. Tracked as CVE-2026-34982, the flaw relies on a mode ... Read more Published Date: Apr 02, 2026 (18 hours, 21 minutes ago) Vulnerabilities has been mentioned in this article.

Public PoC Exploit Released for Nginx-UI Backup Restore Vulnerability A critical security flaw has been disclosed in the Nginx-UI backup restore mechanism, tracked as CVE-2026-33026. This vulnerability allows threat actors to tamper with encrypted backup archives and in ... Read more Published Date: Apr 02, 2026 (14 hours, 23 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-33026

CVE-2026-5281 — Google Chrome Dawn Use-After-Free Under Active Exploitation April 2, 2026CISA has added CVE-2026-5281 to its Known Exploited Vulnerabilities catalog, marking the fourth Chrome zero-day exploited in the wild during 2026 alone. Federal agencies are required to r ... Read more Published Date: Apr 02, 2026 (14 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-3910 CVE-2026-3909 CVE-2026-2441

The Return of Operation Triangulation: Coruna Exploit Kit Targets M3 and A17 Chips in Massive iOS Offensive Attack chain of Coruna | Image: Kaspersky Labs On March 4, 2026, reports from Google and iVerify shed light on Coruna, a highly sophisticated exploit kit targeting Apple iPhones. While such advanced t ... Read more Published Date: Apr 02, 2026 (14 hours, 39 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-20160 CVE-2026-5281 CVE-2026-3502 CVE-2026-33032 CVE-2026-21962 CVE-2025-43300 CVE-2023-38606 CVE-2023-32434

CVE ID :CVE-2026-5317 Published : April 2, 2026, 1:16 a.m. | 6 hours, 38 minutes ago Description :A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...