News & Sicurezza

Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution.

yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.

xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by shellcode to overwrite the instruction pointer and achieve code execution or denial of service.

CVE ID :CVE-2026-4996 Published : March 28, 2026, 11:30 a.m. | 23 minutes ago Description :A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function delete_question_and_answers/delete_docs/update_question_answer/update_docs/get_relevant_question_answers_by_id/get_relevant_docs_by_id of the file extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py of the component pandasai-lancedb Extension. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-2595 Published : March 28, 2026, 12:16 p.m. | 1 hour, 37 minutes ago Description :The Quads Ads Manager for Google AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.98.1 due to insufficient input sanitization and output escaping of multiple ad metadata parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-4995 Published : March 28, 2026, 11:16 a.m. | 36 minutes ago Description :A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event Handler. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2025-9497 Published : March 28, 2026, 11:16 a.m. | 36 minutes ago Description :Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0. Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-2442 Published : March 28, 2026, 10:16 a.m. | 1 hour, 37 minutes ago Description :The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') in all versions up to, and including, 2.0.7. This is due to the contact form handler performing placeholder substitution on attacker-controlled form fields and then passing the resulting values into email headers without removing CR/LF characters. This makes it possible for unauthenticated attackers to inject arbitrary email headers (for example Bcc / Cc) and abuse form email delivery via the 'email' parameter granted they can target a contact form configured to use placeholders in mail template headers. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-4994 Published : March 28, 2026, 10:16 a.m. | 1 hour, 37 minutes ago Description :A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the local network is required for this attack. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-4993 Published : March 28, 2026, 10:16 a.m. | 1 hour, 37 minutes ago Description :A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 3.3 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerabili ... Read more Published Date: Mar 28, 2026 (3 hours, 41 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055 CVE-2025-7775 CVE-2025-6543 CVE-2025-5777 CVE-2023-4966

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US Cybersecurity and Infrastructur ... Read more Published Date: Mar 28, 2026 (3 hours, 50 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-33634 CVE-2026-33017 CVE-2025-53521