News & Sicurezza

CVE ID :CVE-2026-30563 Published : March 30, 2026, 3:16 p.m. | 37 minutes ago Description :A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject arbitrary web script or HTML that is stored in the database and executed whenever the store details page is accessed. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Critical 9.6 CVSS OIDC Flaws in OpenBao Turn “Direct Login” Into a Phishing Trap The OpenBao community, the open-source initiative dedicated to managing and distributing sensitive data like secrets and certificates, has released a high-priority security update. Two significant vul ... Read more Published Date: Mar 30, 2026 (1 day, 17 hours ago) Vulnerabilities has been mentioned in this article.

CVE ID :CVE-2026-28527 Published : March 30, 2026, 2:16 p.m. | 1 hour, 37 minutes ago Description :BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paired Bluetooth Classic connection and send specially crafted VENDOR_DEPENDENT responses to trigger out-of-bounds reads, causing information disclosure and potential crashes on affected devices. Severity: 3.5 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-28528 Published : March 30, 2026, 2:16 p.m. | 1 hour, 37 minutes ago Description :BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds checking on the attr_id parameter to cause crashes and corrupt attribute bitmap state. Severity: 4.6 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-28526 Published : March 30, 2026, 2:16 p.m. | 1 hour, 37 minutes ago Description :BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth Classic connection can send a specially crafted VENDOR_DEPENDENT response with an attacker-controlled count value to trigger an out-of-bounds read from the L2CAP receive buffer, potentially causing a crash on resource-constrained devices. Severity: 3.5 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...

The Weakest Link: Popular Node.js Config Library “Convict” Hit by Prototype Pollution A critical vulnerability has been uncovered in node-convict, the widely used configuration management library designed to make Node.js applications more robust. The flaw, tracked as CVE-2026-33864, ca ... Read more Published Date: Mar 30, 2026 (1 day, 16 hours ago) Vulnerabilities has been mentioned in this article.

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped bein ... Read more Published Date: Mar 30, 2026 (1 day, 16 hours ago) Vulnerabilities has been mentioned in this article.

Citrix NetScaler bug exploited in days, may be multiple flaws in a trench coat In-the-wild exploitation of a critical Citrix NetScaler bug has begun less than a week after disclosure, with researchers warning that attackers are already poking and pillaging vulnerable boxes. Last ... Read more Published Date: Mar 30, 2026 (1 day, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055

CVE ID :CVE-2026-3321 Published : March 30, 2026, 2:16 p.m. | 1 hour, 37 minutes ago Description :A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may include IDs, private URLs, private messages, internal references, or other sensitive information that should only be exposed to authenticated users. In addition, the leaked content could be exploited to facilitate other malicious activities, such as reconnaissance for lateral movement, exploitation of related systems, or unauthorised access to internal applications referenced in the content of chat messages. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-4315 Published : March 30, 2026, 1:16 p.m. | 2 hours, 37 minutes ago Description :A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-4266 Published : March 30, 2026, 1:16 p.m. | 2 hours, 37 minutes ago Description :An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2. Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35. Severity: 8.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Micropatches released for Arbitrary Registry Key Delete As Local System With Consolidator Scheduled Task (CVE-2025-59512) November 2025 Windows Updates brought a patch for CVE-2025-59512, a local privilege escalation vulnerability in Customer Experience Improvement Program, allowing a low-privileged Windows user to delet ... Read more Published Date: Mar 30, 2026 (1 day, 17 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-59512 CVE-2025-59201