News & Sicurezza

CVE ID :CVE-2026-29132 Published : April 2, 2026, 9:16 a.m. | 2 hours, 38 minutes ago Description :SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-29131 Published : April 2, 2026, 9:16 a.m. | 2 hours, 38 minutes ago Description :SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users. Severity: 4.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-29133 Published : April 2, 2026, 9:16 a.m. | 2 hours, 38 minutes ago Description :SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-0634 Published : April 2, 2026, 9:16 a.m. | 2 hours, 38 minutes ago Description :Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Ruim veertienduizend F5 BIG-IP APM-servers toegankelijk vanaf internet Ruim veertienduizend F5 BIG-IP APM-servers zijn toegankelijk vanaf internet, zo meldt The Shadowserver Foundation. Aanvallers maken actief misbruik van een kwetsbaarheid in het platform. Het is nog on ... Read more Published Date: Apr 02, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-53521

CVE ID :CVE-2026-5245 Published : April 2, 2026, 10:16 a.m. | 1 hour, 38 minutes ago Description :A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been made public and could be used. Upgrading to version 7.21 will fix this issue. The patch is named 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-33617 Published : April 2, 2026, 10:16 a.m. | 1 hour, 38 minutes ago Description :An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-33616 Published : April 2, 2026, 8:59 a.m. | 54 minutes ago Description :An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-33615 Published : April 2, 2026, 8:59 a.m. | 54 minutes ago Description :An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-33614 Published : April 2, 2026, 8:59 a.m. | 55 minutes ago Description :An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-33613 Published : April 2, 2026, 8:59 a.m. | 55 minutes ago Description :Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

TrueConf zero-day vulnerability exploited to target government networks Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in Southeast Asia, Check Poi ... Read more Published Date: Apr 02, 2026 (23 hours, 56 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-3502 CVE-2025-20393