News & Sicurezza

The Instant Weaponization of Oracle’s 10.0 CVSS “Zero-Day-Like” Flaw The digital ink had barely dried on the disclosure of CVE-2026-21962 before threat actors began a relentless campaign to weaponize it. A recent high-interaction honeypot study conducted between Januar ... Read more Published Date: Mar 31, 2026 (1 day, 4 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-3055 CVE-2026-21962 CVE-2024-50623 CVE-2020-14882 CVE-2017-10271

CVE ID :CVE-2026-5185 Published : March 31, 2026, 7:16 a.m. | 2 hours, 38 minutes ago Description :A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-3881 Published : March 31, 2026, 7:16 a.m. | 2 hours, 38 minutes ago Description :The Performance Monitor WordPress plugin through 1.0.6 does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5184 Published : March 31, 2026, 7:16 a.m. | 2 hours, 38 minutes ago Description :A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

CVE ID :CVE-2026-5182 Published : March 31, 2026, 6:16 a.m. | 3 hours, 38 minutes ago Description :A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5183 Published : March 31, 2026, 6:16 a.m. | 3 hours, 38 minutes ago Description :A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-34881 Published : March 31, 2026, 6:16 a.m. | 3 hours, 38 minutes ago Description :OpenStack Glance =30.0.0 Severity: 5.0 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-1834 Published : March 31, 2026, 6:16 a.m. | 3 hours, 38 minutes ago Description :The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Severity: 6.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-1877 Published : March 31, 2026, 6:16 a.m. | 3 hours, 38 minutes ago Description :The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'aps_options_page' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Severity: 6.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

CVE ID :CVE-2026-5180 Published : March 31, 2026, 5:16 a.m. | 4 hours, 38 minutes ago Description :A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...