News & Sicurezza

CVE ID :CVE-2025-3716 Published : March 30, 2026, 8:16 a.m. | 3 hours, 37 minutes ago Description :User enumeration in ESET Protect (on-prem) via Response Timing. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-25704 Published : March 30, 2026, 8:16 a.m. | 5 hours, 37 minutes ago Description :A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426. Severity: 5.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Securitybedrijf meldt actief misbruik van kritiek Citrix-beveiligingslek Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in Citrix Netscaler ADC en Citrix Netscaler Gateway waardoor aanvallers kwetsbare systemen in het ergste geval kunnen overnemen, zo meld ... Read more Published Date: Mar 30, 2026 (1 day, 2 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055

CVE ID :CVE-2025-15379 Published : March 30, 2026, 8:16 a.m. | 3 hours, 37 minutes ago Description :A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_manager=LOCAL`, MLflow reads dependency specifications from the model artifact's `python_env.yaml` file and directly interpolates them into a shell command without sanitization. This allows an attacker to supply a malicious model artifact and achieve arbitrary command execution on systems that deploy the model. The vulnerability affects versions 3.8.0 and is fixed in version 3.8.2. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5119 Published : March 30, 2026, 7:15 a.m. | 4 hours, 38 minutes ago Description :A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation. Severity: 5.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-3945 Published : March 30, 2026, 8:16 a.m. | 5 hours, 37 minutes ago Description :An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service (DoS). The issue occurs because chunk size values are parsed using strtol() without properly validating overflow conditions (e.g., errno == ERANGE). A crafted chunk size such as 0x7fffffffffffffff (LONG_MAX) bypasses the existing validation check (chunklen Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-2328 Published : March 30, 2026, 8:16 a.m. | 5 hours, 37 minutes ago Description :An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Hackers Circle Citrix NetScaler Flaw Within Hours of Disclosure A newly disclosed critical vulnerability, CVE-2026-3055, affecting Citrix NetScaler appliances is already drawing attention from threat actors, with evidence of active reconnaissance efforts emerging ... Read more Published Date: Mar 30, 2026 (1 day, 4 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-4368 CVE-2026-3055

CVE ID :CVE-2026-5106 Published : March 30, 2026, 5:15 a.m. | 4 hours, 38 minutes ago Description :A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_fst.php. Executing a manipulation of the argument sname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5107 Published : March 30, 2026, 6:16 a.m. | 5 hours, 37 minutes ago Description :A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch. Severity: 4.2 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5104 Published : March 30, 2026, 3:15 a.m. | 6 hours, 38 minutes ago Description :A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5105 Published : March 30, 2026, 4:16 a.m. | 5 hours, 37 minutes ago Description :A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...