News & Sicurezza

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent A critical vulnerability has been uncovered in the OpenTelemetry Instrumentation for Java, a popular tool used by developers to gather performance data without changing a single line of application co ... Read more Published Date: Mar 30, 2026 (1 day, 11 hours ago) Vulnerabilities has been mentioned in this article.

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on various platforms, is under act ... Read more Published Date: Mar 30, 2026 (1 day, 12 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-33634 CVE-2026-33017 CVE-2026-21643 CVE-2025-53521

CVE ID :CVE-2026-4425 Published : March 30, 2026, 12:16 p.m. | 3 hours, 37 minutes ago Description :Rejected reason: Reserved for EastLink case, but no need for CVE anymore Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.

The 30-Year Glitch: RCE and ARM Exploits Uncovered in libpng Reference Library Security researchers have disclosed two significant vulnerabilities in libpng, the official reference library for Portable Network Graphics (PNG). The flaws, which impact versions spanning decades of ... Read more Published Date: Mar 30, 2026 (1 day, 8 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-33701 CVE-2026-33636 CVE-2026-33416 CVE-2026-2441 CVE-2026-25646

Critical Grafana Vulnerabilities Let Attackers Achieve Remote Code Execution Urgent security updates for Grafana version 12.4.2 address two critical vulnerabilities that could allow attackers to achieve full remote code execution (RCE) and execute denial-of-service (DoS) attac ... Read more Published Date: Mar 30, 2026 (1 day, 5 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-27880 CVE-2026-27876

CVE ID :CVE-2026-1612 Published : March 30, 2026, 11:16 a.m. | 2 hours, 37 minutes ago Description :AL-KO Robolinho Update Software has hard-coded AWS Access and Secret keys that allow anyone to access AL-KO's AWS bucket. Using the keys directly might give the attacker greater access than the app itself. Key grants AT LEAST read access to some of the objects in bucket. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only versions 8.0.21.0610 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Critical n8n Vulnerability Let Attackers Achieve Remote Code Execution A critical security flaw in n8n, a widely used open-source workflow automation platform, exposes host servers to Remote Code Execution (RCE) attacks. Tracked as CVE-2026-33660, this critical vulnerabi ... Read more Published Date: Mar 30, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-33660

CVE ID :CVE-2019-25655 Published : March 30, 2026, 12:16 p.m. | 3 hours, 37 minutes ago Description :Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2019-25654 Published : March 30, 2026, 12:16 p.m. | 3 hours, 37 minutes ago Description :Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2019-25653 Published : March 30, 2026, 12:16 p.m. | 3 hours, 37 minutes ago Description :Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2018-25235 Published : March 30, 2026, 12:16 p.m. | 3 hours, 37 minutes ago Description :NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by entering a crafted username value exceeding the expected buffer size through the Set username interface. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...