News & Sicurezza

CVE ID :CVE-2026-29014 Published : April 1, 2026, 1:16 p.m. | 37 minutes ago Description :MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-22767 Published : April 1, 2026, 1:16 p.m. | 37 minutes ago Description :Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-22768 Published : April 1, 2026, 1:16 p.m. | 37 minutes ago Description :Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

ASUS Issues Security Patch for Router Vulnerability In a move to fortify home and office networks, ASUS has released a security update for several of its router models. The update targets a high-severity vulnerability that could allow attackers to hija ... Read more Published Date: Apr 01, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-34220 CVE-2026-34156 CVE-2026-3502 CVE-2026-33032 CVE-2025-15101 CVE-2026-21962 CVE-2023-39238

CVE ID :CVE-2026-3877 Published : April 1, 2026, 2:16 p.m. | 1 hour, 37 minutes ago Description :A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered through various means, for instance, by sending a link or by tricking victims to visit a page crafted by the attacker. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-0522 Published : April 1, 2026, 1:11 p.m. | 43 minutes ago Description :A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks. This issue affects VertiGIS FM: 10.5.00119 (0d29d428). Severity: 7.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Google rolt update uit voor actief aangevallen beveiligingslek in Chrome Google heeft een update voor een actief aangevallen beveiligingslek in Chrome uitgerold. De kwetsbaarheid (CVE-2026-5281) bevindt zich in Dawn, een open source en crossplatform implementatie van de We ... Read more Published Date: Apr 01, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281

Hackers Actively Exploiting Critical WebLogic RCE Vulnerabilities in Attacks A recent cybersecurity study reveals that threat actors are moving faster than ever to weaponize new software flaws. According to data collected from a high-interaction honeypot, hackers are actively ... Read more Published Date: Apr 01, 2026 (23 hours, 51 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21962 CVE-2020-14883 CVE-2020-14882 CVE-2020-2551 CVE-2017-10271

New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now Google has released an emergency security update for its Chrome browser, patching a zero-day vulnerability that is already being actively exploited in the wild. The Stable channel has been updated to ... Read more Published Date: Apr 01, 2026 (23 hours, 59 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-5290 CVE-2026-5289 CVE-2026-5288 CVE-2026-5287 CVE-2026-5285 CVE-2026-5284 CVE-2026-5281 CVE-2026-5280 CVE-2026-5279 CVE-2026-5278 CVE-2026-5276 CVE-2026-5275 CVE-2026-5274 CVE-2026-5273 CVE-2026-5272

2 Million Monthly Users at Risk: Critical 9.3 CVSS SQL Injection Hits MikroORM in “Duck-Typed” Disaster A critical vulnerability has been identified in MikroORM, a widely used TypeScript Object-Relational Mapper (ORM) for Node.js. With over 2 million downloads every month, the impact of this flaw could ... Read more Published Date: Apr 01, 2026 (1 day ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-34220 CVE-2026-3502 CVE-2026-33032 CVE-2025-15101 CVE-2026-25544 CVE-2026-21962

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerab ... Read more Published Date: Apr 01, 2026 (1 day, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-3055 CVE-2026-3910 CVE-2026-3909 CVE-2026-2441 CVE-2025-53521

CVE ID :CVE-2026-25601 Published : April 1, 2026, 12:16 p.m. | 1 hour, 38 minutes ago Description :A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user passwords before storing them in the application’s database. An attacker with sufficient privileges to access the database could extract the encrypted passwords, decrypt them using the embedded key, and gain unauthorized access to the associated ICS/OT environment. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...