News & Sicurezza

TeamPCP Supply Chain Attack Allegedly Compromised Databricks Platform Databricks is currently investigating an alleged security compromise connected to the massive TeamPCP software supply chain attack after being alerted by threat intelligence researchers. According to ... Read more Published Date: Mar 30, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-33634

CVE ID :CVE-2026-5128 Published : March 30, 2026, 10:16 a.m. | 3 hours, 38 minutes ago Description :A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam account data, including the account username, password, identity secret, and shared secret. In addition, application logs expose authentication artifacts such as access tokens, refresh tokens, and session identifiers. This information allows an attacker to generate valid Steam Guard (2FA) codes, hijack authenticated sessions, and obtain full control over the affected Steam account, including unauthorized access to inventory and trading functionality. No fix is available because the repository is archived and no longer maintained. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Critical Fortinet Forticlient EMS Vulnerability Exploited in Attacks A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-21643, is actively being exploited in the wild. Threat actors have been leveragin ... Read more Published Date: Mar 30, 2026 (1 day, 5 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055 CVE-2026-21643

'Kritiek SQL Injection-lek in Fortinet FortiClientEMS actief misbruikt bij aanvallen' Een kritiek SQL Injection-beveiligingslek in Fortinet FortiClientEMS wordt al sinds een aantal dagen actief misbruikt bij aanvallen, zo waarschuwt securitybedrijf Defused. Fortinet kwam op 6 februari ... Read more Published Date: Mar 30, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-21643 CVE-2023-48788

Critical libfuse io_uring Vulnerabilities Threaten Linux and Kubernetes Infrastructure The FUSE (Filesystem in Userspace) project, a staple of the Linux ecosystem that allows non-privileged users to create their own file systems, is facing a dual-threat. Researchers have identified two ... Read more Published Date: Mar 30, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article. CVE-2025-33244 CVE-2026-33179 CVE-2026-33150 CVE-2025-10729 CVE-2025-10728

Vulnerability in Robolinho Update Software Vulnerability in Robolinho Update Software CVE ID CVE-2026-1612 Publication date 30 March 2026 Vendor AL-KO Product Robolinho Update Software Vulnerable versions 8.0.21.0610 Vulnerability type (CWE) U ... Read more Published Date: Mar 30, 2026 (1 day, 3 hours ago) Vulnerabilities has been mentioned in this article.

The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation.

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.

CVE ID :CVE-2026-4416 Published : March 30, 2026, 8:16 a.m. | 5 hours, 37 minutes ago Description :The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation. Severity: 8.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5121 Published : March 30, 2026, 8:16 a.m. | 5 hours, 37 minutes ago Description :A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-4415 Published : March 30, 2026, 8:16 a.m. | 5 hours, 37 minutes ago Description :Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation. Severity: 9.2 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.