News & Sicurezza

CVE ID :CVE-2026-3107 Published : March 31, 2026, 9:16 a.m. | 37 minutes ago Description :Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicious JavaScript payloads to be persistently stored in the database. When other users view the imported passwords, the payload is automatically executed in their browsers, resulting in a stored XSS condition at the endpoint 'redacted/index.php?page=items'. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code in the context of multiple users and the administrator, which can lead to session hijacking, credential theft, privilege abuse, and compromise of application integrity. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2025-10559 Published : March 31, 2026, 9:16 a.m. | 37 minutes ago Description :A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2025-10551 Published : March 31, 2026, 9:16 a.m. | 37 minutes ago Description :A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2025-10553 Published : March 31, 2026, 9:16 a.m. | 37 minutes ago Description :A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CISA Warns of Citrix NetScaler Vulnerability Actively Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability affecting Citrix NetScaler products. Identified as CVE-2026-3055, this secur ... Read more Published Date: Mar 31, 2026 (1 day, 5 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055

Nginx UI Alert: Public PoC Exploit and Full Details Disclosed for Critical 9.8 CVSS Flaw with No Patch Available The popular web-based management interface, Nginx UI, is under fire following the public disclosure of a critical security flaw. Identified as CVE-2026-33032, this vulnerability carries a CVSS score o ... Read more Published Date: Mar 31, 2026 (1 day, 6 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-33032 CVE-2026-3055 CVE-2026-21962 CVE-2025-5071

CVE ID :CVE-2026-5186 Published : March 31, 2026, 8:15 a.m. | 1 hour, 38 minutes ago Description :A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Axios Supply Chain Attack Exposes Developers to Hidden Malware The Axios supply chain attack that surfaced on March 31, 2026, has raised serious concerns across the JavaScript ecosystem, exposing how a compromised npm Account can be leveraged to distribute malwar ... Read more Published Date: Mar 31, 2026 (1 day, 4 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055 CVE-2025-30066

The Instant Weaponization of Oracle’s 10.0 CVSS “Zero-Day-Like” Flaw The digital ink had barely dried on the disclosure of CVE-2026-21962 before threat actors began a relentless campaign to weaponize it. A recent high-interaction honeypot study conducted between Januar ... Read more Published Date: Mar 31, 2026 (1 day, 4 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055 CVE-2026-21962 CVE-2024-50623 CVE-2020-14882 CVE-2017-10271

CVE ID :CVE-2026-5185 Published : March 31, 2026, 7:16 a.m. | 2 hours, 38 minutes ago Description :A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-3881 Published : March 31, 2026, 7:16 a.m. | 2 hours, 38 minutes ago Description :The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5184 Published : March 31, 2026, 7:16 a.m. | 2 hours, 38 minutes ago Description :A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...