News & Sicurezza

CVE ID :CVE-2026-28703 Published : April 3, 2026, 12:16 p.m. | 1 hour, 38 minutes ago Description :Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Progress ShareFile-servers via kritieke kwetsbaarheid volledig over te nemen Onderzoekers waarschuwen voor twee kwetsbaarheden in Progress ShareFile die het voor ongeauthenticeerde aanvallers mogelijk maken om kwetsbare servers over te nemen. Progress werd begin februari door ... Read more Published Date: Apr 03, 2026 (2 days, 22 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-2701 CVE-2026-2699

The MuPDF Vulnerability Turning “Safe” PDFs into System Hijackers A significant security flaw has been unearthed in Artifex MuPDF, a popular framework prized for its speed and versatility in handling PDFs, XPS, and e-books. Labeled as CVE-2026-3308, this integer ove ... Read more Published Date: Apr 03, 2026 (2 days, 20 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20160 CVE-2026-35093 CVE-2026-5281 CVE-2026-3308 CVE-2026-3502 CVE-2026-33032 CVE-2026-33179 CVE-2026-33150 CVE-2026-21962

CVE ID :CVE-2026-28756 Published : April 3, 2026, 11:17 a.m. | 2 hours, 37 minutes ago Description :Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-28754 Published : April 3, 2026, 11:17 a.m. | 2 hours, 37 minutes ago Description :Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Multiple TP-Link Vulnerabilities Let Attackers Trigger DoS and Crash Routers Multiple high-severity vulnerabilities exist in TP-Link’s Tapo C520WS smart security cameras. If exploited, these vulnerabilities may allow adjacent attackers to trigger Denial-of-Service (DoS) condit ... Read more Published Date: Apr 03, 2026 (2 days, 18 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-34124 CVE-2026-34122 CVE-2026-34121 CVE-2026-34120 CVE-2026-34119 CVE-2026-34118

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method processing the `$_GET['delete']` parameter without any sanitization, authorization check, or nonce verification. The unsanitized filename is concatenated with the storage directory path and passed to `unlink()`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server by using `../` path traversal sequences, including `wp-config.php` which would force WordPress into the installation wizard and allow full site takeover.

OpenSSH 10.3 Patches Command Execution and “scp” Privilege Escalation In the critical infrastructure of the internet, OpenSSH stands as one of the most vital gatekeepers for secure remote access. However, even the most trusted tools require constant refinement. A series ... Read more Published Date: Apr 03, 2026 (2 days, 18 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-35414 CVE-2026-35388 CVE-2026-35387 CVE-2026-35386 CVE-2026-35385 CVE-2026-5281 CVE-2026-3502 CVE-2026-33032 CVE-2026-3497 CVE-2026-21962 CVE-2025-33206 CVE-2023-38408

CVE ID :CVE-2026-4350 Published : April 3, 2026, 8:16 a.m. | 5 hours, 38 minutes ago Description :The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method processing the `$_GET['delete']` parameter without any sanitization, authorization check, or nonce verification. The unsanitized filename is concatenated with the storage directory path and passed to `unlink()`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server by using `../` path traversal sequences, including `wp-config.php` which would force WordPress into the installation wizard and allow full site takeover. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Hackers Compromised 700+ Next.js Hosts by Exploiting React2Shell Vulnerability A massive automated credential theft campaign is actively targeting web applications worldwide. Cybersecurity researchers at Cisco Talos have uncovered an operation by a hacker group tracked as UAT-10 ... Read more Published Date: Apr 03, 2026 (2 days, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-55182

CVE ID :CVE-2025-7024 Published : April 3, 2026, 8:16 a.m. | 5 hours, 38 minutes ago Description :Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects TETRA connectivity Server: 7.0. Vulnerability fix is available and delivered to impacted customers. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5458 Published : April 3, 2026, 7:16 a.m. | 6 hours, 38 minutes ago Description :A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENT_WRITE_KEY causes use of hard-coded cryptographic key . The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 3.3 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...