SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 26ISSUE 10
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft Patch Tuesday March 2026
Published: 2026-03-10
Last Updated: 2026-03-10 17:33:47 UTC
by Johannes Ullrich (Version: 1)
Microsoft today released patches for 93 vulnerabilities, including 9 vulnerabilities in Chromium affecting Microsoft Edge. 8 of the vulnerabilities are rated critical. 2 were disclosed prior to today but have not yet been exploited. This update addresses no already-exploited vulnerabilities.
Disclosed vulnerabilities
CVE-2026-26127: A denial of service vulnerability in .Net. Microsoft considers exploitation unlikely. The issue arises from an out-of-bounds read and can be exploited across the network. No authentication is required.
CVE-2026-21262: A privilege escalation in SQL Server. An authenticated user may be able to escalate privileges to sysadmin.
Critical Vulnerabilities
CVE-2026-21536: The vulnerability in Microsoft's Devices Pricing Program allows remote code execution. But this product is only offered as a cloud service, and Microsoft has already deployed the patch. Microsoft credits the AI vulnerability scanning platform XBOW with discovering this vulnerability.
CVE-2026-26125: Similar to the above vulnerability, this elevation-of-privilege vulnerability in Microsoft's Payment Orchestrator service has been mitigated by Microsoft.
CVE-2026-26113, CVE-2026-26110, CVE-2026-26144: These vulnerabilities affect Excel and Office.
CVE-2026-23651, CVE-2026-26124, CVE-2026-26122: These vulnerabilities affect Microsoft ACI Confidential Containers. No customer action is required. Microsoft already patched these issues.
Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+March+2026/32782
Analyzing "Zombie Zip" Files (CVE-2026-0866)
Published: 2026-03-11
Last Updated: 2026-03-11 09:57:26 UTC
by Didier Stevens (Version: 1)
A new vulnerability (CVE-2026-0866) has been published: Zombie Zip.
It's a method to create a malformed ZIP file that will bypass detection by most anti-virus engines.
The malformed ZIP file can not be opened with a ZIP utility, a custom loader is required.
The trick is to change the compression method to STORED while the contend is still DEFLATED: a flag in the ZIP file header states the content is not compressed, while in reality, the content is compressed.
I will show you how to use my tools to analyze such a malformed ZIP file.
Simple Method
Just run my tool search-for-compression.py on the ZIP file (you can download the Zombie ZIP file here, it contains an EICAR file) ...
Read the full entry: https://isc.sans.edu/diary/Analyzing+Zombie+Zip+Files+CVE20260866/32786/
Encrypted Client Hello: Ready for Prime Time?
Published: 2026-03-09
Last Updated: 2026-03-09 15:03:29 UTC
by Johannes Ullrich (Version: 1)
Last week, two related RFCs were published:
RFC 9848: Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings
RFC 9849: TLS Encrypted Client Hello
These TLS extensions have been discussed quite a bit already, and Cloudflare, one of the early implementers and proponents, has been in use for a while.
Amidst an increased concern about threats to privacy from government and commercial interests, the "encrypt everything " movement has been on the rise for a while. The community made several improvements to TLS, such as TLS 1.3, the QUIC protocol, the deprecation of OCSP, and encrypted DNS modes, to better protect the privacy of network traffic.
There was one data leak left: For a client to establish a TLS connection, it needs to send a "TLS Client Hello" message. This message contains several sensitive items, most notably the hostname of the site the client attempts to connect to ("Server Name Indication"). One of the early proposals was just to encrypt the Server Name Indication extension. But this does not solve the entire problem, allowing for fingerprinting and other attacks. The same basic principles proposed for encrypting the server name extension can also be applied to encrypt most of the client hello message, resulting in a more complete solution.
One of the basic problems is exchanging key material. The client hello message is the first message sent during the TLS handshake. There is no opportunity for the server and client to negotiate an encryption key, and doing so would require a second handshake. Instead, encrypted client hellos leverage the HTTPS DNS record. The HTTPS record is already used to negotiate HTTP3/QUIC. It is now also used to transmit the keys required for Encrypted Client Hello (ECH).
Enabling ECH is trivial if you are using Cloudflare. Just "flip the switch" in Cloudflare's edge certificate settings. However, I do not believe this is available on the free plan ...
Read the full entry: https://isc.sans.edu/diary/Encrypted+Client+Hello+Ready+for+Prime+Time/32778/
OTHER INTERNET STORM CENTER ENTRIES
YARA-X 1.14.0 Release (2026.03.07)
https://isc.sans.edu/diary/YARAX+1140+Release/32774/
Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary] (2026.03.04)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2026-26030 - Remote Code Execution vulnerability in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality.
Product: Microsoft Semantic kernel Python SDK
CVSS Score: 9.9
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26030
CVE-2026-29000 - Pac4j-jwt versions before 4.5.9, 5.7.9, and 6.3.3 have an authentication bypass vulnerability in JwtAuthenticator that allows attackers to forge authentication tokens using encrypted JWTs.
Product: pac4j-jwt (JwtAuthenticator)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29000
ISC Podcast: https://isc.sans.edu/podcastdetail/9838
CVE-2026-21385 - Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation.
Product: Qualcomm chipsets
CVSS Score: 0
** KEV since 2026-03-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21385
ISC Podcast: https://isc.sans.edu/podcastdetail/9834
CVE-2026-3381 - Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Product: Compress::Raw::Zlib
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3381
CVE-2026-21262, CVE-2026-21262, & CVE-2026-21262 - Microsoft SQL Server Elevation of Privilege Vulnerabilities
Product: Microsoft SQL Server
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21262
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26115
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26116
CVE-2026-26110 & CVE-2026-26113 - Microsoft Office Remote Code Execution Vulnerabilities
Product: Microsoft Office
CVSS Score: 8.4
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26110
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113
CVE-2026-26127 - .NET Denial of Service Vulnerability
Product: .NET Out-of-bounds read
CVSS Score: 7.5
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26127
CVE-2026-26131 - .NET Elevation of Privilege Vulnerability
Product: Microsoft .NET
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26131
CVE-2026-22886 - Eclipse OpenMQ vulnerabilities
Product: Eclipse OpenMQ
CVSS Scores: 9.1 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22886
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24457
CVE-2025-59059 - Apache Ranger versions <= 2.7.0 contain a Remote Code Execution Vulnerability in NashornScriptEngineCreator, users should upgrade to version 2.8.0 to fix the issue.
Product: Apache Ranger
CVSS Score: 9.8
NVD References: https://lists.apache.org/thread/z47q86rho80390lf2qcmoc2josvs0gtv
CVE-2026-22891 - The Biosig Project libbiosig is vulnerable to a heap-based buffer overflow via malicious Intan CLP files, allowing for arbitrary code execution.
Product: The Biosig Project
CVSS Score: 9.8
NVD References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2361
CVE-2026-24103 - A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.
Product: Tenda AC15
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24103
CVE-2024-55020, CVE-2024-55024, & CVE-2024-55026 - Multiple vulnerabilities in Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011.
Product: Weintek HMI Products
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55020
NVD References: https://plain-trick-71d.notion.site/weintek-cMT-3072XH2-14687a89c4c181eeb21ad61e0392f34b?pvs=4
CVE-2025-46108, CVE-2025-70218 through CVE-2025-70223, CVE-2025-70225, CVE-2025-70226, CVE-2025-70229 through CVE-2025-70233, CVE-2025-70236, CVE-2025-70237, CVE-2025-70241, CVE-2025-70234, CVE-2025-70239 & CVE-2025-70240 - Multiple stack buffer overflow vulnerabilities in D-Link DIR-513 v1.10
Product: D-Link DIR-513
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46108
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70218
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70219
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70220
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70221
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70222
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70223
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70225
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70226
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70229
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70230
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70231
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70232
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70233
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70236
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70237
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70241
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70234
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70239
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70240
CVE-2026-3485 - D-Link DIR-868L 110b03 has a vulnerability that allows for remote unauthorized os command injection due to a flaw in the SSDP Service component.
Product: D-Link DIR-868L
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3485
CVE-2025-29165 - An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component
Product: D-Link DIR-1253 MESH V1.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29165
CVE-2026-24848, CVE-2026-24898, & CVE-2026-25146 - Multiple vulnerabilities in OpenEMR is vulnerable to a Remote Code Execution (RCE) exploit in versions 7.0.4 and earlier, allowing authenticated users to write arbitrary content to arbitrary locations on the server filesystem.
Product: OpenEMR
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24848 (path traversal)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24898
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25146
CVE-2026-2590 - Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, potentially exposing sensitive information to other users due to improper enforcement of the Disable password saving setting.
Product: Devolutions Remote Desktop Manager
CVSS Score: 9.8
NVD References: https://devolutions.net/security/advisories/DEVO-2026-0005
CVE-2026-3130, CVE-2026-3204, & CVE-2026-3224 - Multiple vulnerabilities in Devolutions Server 2025.3.15 and earlier.
Product: Devolutions Server
CVSS Score: 9.8
NVD References: https://devolutions.net/security/advisories/DEVO-2026-0005
CVE-2026-26266 - AliasVault Web Client versions 0.25.3 and lower are vulnerable to stored cross-site scripting (XSS) attacks through the email rendering feature.
Product: AliasVault
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26266
CVE-2026-26279 - Froxlor open source server administration software is vulnerable to full root-level Remote Code Execution due to a typo in input validation code.
Product: Froxlor
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26279
CVE-2026-27971 - Qwik is vulnerable to remote code execution (RCE) in versions <=1.19.0 due to an unsafe deserialization vulnerability in the server$ RPC mechanism, allowing unauthenticated users to execute arbitrary code with a single HTTP request.
Product: Qwik
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27971
CVE-2026-28289 - FreeScout 1.8.206 and earlier versions are vulnerable to a patch bypass vulnerability (CVE-2026-27636) that allows authenticated users with file upload permissions to execute Remote Code Execution (RCE) by uploading a malicious .htaccess file using a zero-width space character prefix, due to a flaw in the sanitizeUploadedFileName() function in app/Http/Helper.php before the invisible characters are removed in version 1.8.207.
Product: FreeScout
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28289
CVE-2026-3266 - OpenText™ Filr is vulnerable to Missing Authorization, enabling unauthenticated users to bypass authentication and execute RPC with malicious programs by obtaining an XSRF token.
Product: Opentext Filr
CVSS Score: 9.8
NVD References: https://portal.microfocus.com/s/article/KM000045579?language=en_US
CVE-2026-28775 - International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver is vulnerable to an unauthenticated RCE through insecure default configuration of the `private` SNMP community string, allowing remote attackers to execute commands as root.
Product: International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28775
CVE-2025-59786 - 2N Access Commander version 3.4.2 and prior does not properly invalidate session tokens, creating a risk of multiple active session cookies after logout in the web application.
Product: 2N Access Commander
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59786
CVE-2026-28697 & CVE-2026-28783 - Craft CMS vulnerabilities
Product: Craft CMS
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28697
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28783
CVE-2026-20079 & CVE-2026-20131 - Cisco Secure Firewall Management Center (FMC) Software vulnerabilities
Product: Cisco Secure Firewall Management Center (FMC) Software
CVSS Score: 10.0
NVD References:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
CVE-2026-3536, CVE-2026-3538 through CVE-2026-3545 - Multiple Chromium vulnerabilities
Product: Google Chrome
CVSS Score: 0
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3536
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3538
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3539
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3540
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3541
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3542
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3543
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3544
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3545
CVE-2024-57854 - Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator, making it vulnerable to cryptographic attacks.
Product: Net::NSCA::Client
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57854
CVE-2026-23767 - ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
Product: ESC/POS Epson printer control language
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23767
CVE-2026-29128 - IDC SFX2100 Satellite Receiver firmware has world-readable configuration files with insecure plaintext passwords, allowing remote actors to gain unauthorized access and potentially escalate privileges.
Product: IDC SFX2100 Satellite Receiver firmware
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29128
CVE-2026-1678 - dns_unpack_name() in CONFIG_DNS_RESOLVER allows for out-of-bounds write due to incorrect cached buffer size.
Product: Zephyrproject
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1678
CVE-2026-28536 - Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Product: Huawei Harmonyos
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28536
CVE-2026-2743 & CVE-2026-27441 - SEPPMail vulnerabilities
Product: SEPPMail
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2743
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27441
CVE-2025-13476 - Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0-v25.8.1.0 has a vulnerability that allows DPI systems to easily detect and block proxy traffic, jeopardizing censorship circumvention.
Product: Rakuten Viber
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-13476
CVE-2026-25921 - Gogs is vulnerable to a supply-chain attack allowing malicious attackers to overwrite LFS objects prior to version 0.14.2.
Product: Gogs
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25921
CVE-2026-27944 - Nginx UI allows unauthenticated attackers to download a system backup containing sensitive data prior to version 2.3.3.
Product: Nginx UI
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27944
CVE-2025-55208, CVE-2025-59542, & CVE-2025-59543 - Multiple vulnerabilities in Chamilo learning management system
Product: Chamilo LMS
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55208
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59542
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59543
CVE-2026-29188 - File Browser prior to version 2.61.1 is vulnerable to a broken access control issue where authenticated users with Create permission can delete arbitrary files and directories.
Product: File Browser
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29188
CVE-2026-28391, CVE-2026-28446, CVE-2026-28466, CVE-2026-28470,CVE-2026-28474 - OpenClaw vulnerabilities
Product: OpenClaw
CVSS Scores: 9.4 - 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28391
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28446
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28466
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28470
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28474
CVE-2026-22552, CVE-2026-26051 & CVE-2026-26288 - WebSocket endpoints in OCPP lack authentication, allowing attackers to impersonate charging stations and manipulate data, leading to unauthorized control and corruption of charging network data.
Product: OCPP WebSocket endpoints
CVSS Score: 9.4
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-07
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-06
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-08
CVE-2026-28501 - WWBN AVideo is vulnerable to SQL injection through unauthenticated access in versions prior to 24.0 due to improper sanitization of the catName parameter in JSON-formatted POST requests.
Product: WWBN AVideo
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28501
CVE-2026-27005 - Chartbrew is vulnerable to SQL injection attacks prior to version 4.8.3, allowing unauthenticated attackers to manipulate connected databases.
Product: Chartbrew
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27005
CVE-2026-28680 & CVE-2026-28785 - Ghostfolio vulnerabilities
Product: Ghostfolio
CVSS Scores: 9.3 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28680
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28785
CVE-2026-28794 - @orpc/client version 1.13.6 and earlier contains a prototype pollution vulnerability that can be exploited by unauthenticated attackers to inject arbitrary properties into the global Object.prototype, potentially leading to severe security breaches.
Product: Orpc
CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28794
CVE-2026-28438 - CocoIndex's Doris target connector prior to version 0.3.34 is vulnerable to SQL injection when the table name is provided by an untrusted source.
Product: CocoIndex
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28438
CVE-2026-28802 - Authlib had a vulnerability from version 1.6.5 to before version 1.6.7 where a malicious JWT with alg: none and an empty signature could pass signature verification without changes to the application code.
Product: Authlib
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28802
CVE-2026-29042 - Nuclio's Shell Runtime component prior to version 1.15.20 is vulnerable to command injection due to inadequate validation of user-supplied arguments.
Product: Nuclio
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29042
CVE-2026-29058 - AVideo is a video-sharing Platform software vulnerable to arbitrary OS command execution prior to version 7.0, allowing for full server compromise, data exfiltration, and service disruption.
Product: Avideo-Encoder
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29058
CVE-2026-29065 - Changedetection.io had a Zip Slip vulnerability in the backup restore functionality prior to version 0.54.4, allowing arbitrary file overwrite through path traversal in ZIP archives.
Product: Changedetection
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29065
CVE-2026-29183 & CVE-2026-30869 - SiYuan vulnerabilities
Product: SiYuan
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29183
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30869
CVE-2026-2330 - CROWN REST interface on the device allows unauthenticated attackers to access restricted filesystem areas through incomplete whitelist enforcement, potentially resulting in modification of critical device settings.
Product: CROWN REST interface
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2330
CVE-2026-2331 - AppEngine Fileaccess allows unauthenticated read and write access to sensitive filesystem areas, posing a critical security risk.
Product: Google AppEngine Fileaccess
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2331
CVE-2026-29789 - Vulnerability in Vito allows authenticated attackers to manage sites on servers belonging to other projects by exploiting a missing authorization check in workflow site-creation actions before version 3.20.3.
Product: Vito
CVSS Score: 9.9 NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29789
CVE-2026-29191 - ZITADEL had a vulnerability in its login V2 interface from version 4.0.0 to 4.11.1, allowing a possible account takeover through XSS in /saml-post Endpoint, which has been fixed in version 4.12.0.
Product: Zitadel
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29191
CVE-2026-30832 - Soft Serve allows authenticated SSH users to force the server to make HTTP requests to internal/private IP addresses, potentially granting unauthorized access to internal services, before version 0.11.4.
Product: Soft Serve Git server
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30832
CVE-2026-30860 & CVE-2026-30861 - WeKnora is vulnerable to remote code execution (RCE) flaws
Product: Weknora
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30860
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30861
CVE-2026-30909 - Crypt::NaCl::Sodium versions through 2.002 for Perl may have potential integer overflows in bin2hex, encrypt, aes256gcm_encrypt_afternm and seal functions.
Product: Perl Crypt::NaCl::Sodium versions through 2.002
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30909
CVE-2026-3703 - Wavlink NU516U1 251208 has a vulnerability in sub_401A10 of /cgi-bin/login.cgi which allows for remote out-of-bounds write attacks by manipulating the ipaddr argument.
Product: Wavlink NU516U1
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3703
CVE-2026-24015 & CVE-2026-24713 - Apache IoTDB vulnerabilities
Product: Apache IoTDB
CVSS Score: 9.8
NVD References:
- https://lists.apache.org/thread/j769ywdqm46zl3oz5lbffsldklg0ow7p
- https://lists.apache.org/thread/vopgv6y2ccw403b0zv7rvojjrh7x1j5p
CVE-2026-30240 - Budibase vulnerabilities
Product: Budibase
CVSS Scores: 9.1 - 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30240
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-31816
CVE-2025-11158 - Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, have a vulnerability that does not restrict Groovy scripts in new PRPT reports published by users, enabling insertion of arbitrary scripts and resulting in a RCE.
Product: Hitachi Vantara Pentaho Data Integration & Analytics
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11158
CVE-2026-27685 - SAP NetWeaver Enterprise Portal Administration is vulnerable to high impact attacks if a privileged user uploads untrusted content.
Product: SAP NetWeaver Enterprise Portal Administration
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27685
Recent CVEs Continued
CVE-2026-30862 - Appsmith: Prior to version 1.96, a Critical Stored XSS vulnerability in the Table Widget allows for Full Administrative Account Takeover by exploiting the lack of HTML sanitization in the React component rendering pipeline.
Product: Appsmith TableWidgetV2
CVSS Score: 9.0 NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30862
CVE-2026-30887 & CVE-2026-30921 - OneUptime vulnerabilities.
Product: OneUptime
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30887
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30921
CVE-2025-40943 - Notepad++ does not properly sanitize trace file contents, enabling code injection through social engineering.
Product: Notepad++
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40943
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-452276.html
CVE-2025-69614 & CVE-2025-69615 - Deutsche Telekom AG Telekom Account Management Portal vulnerabilities.
Product: Deutsche Telekom AG Telekom Account Management Portal
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69614
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69615
CVE-2026-20967 - System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability
Product: Microsoft System Center Operations Manager
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967
CVE-2026-23654 - GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
Product: GitHub Zero Shot SCFoundation
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23654
CVE-2026-23660 - Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Product: Azure Windows Admin Center
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23660
CVE-2026-23661, CVE-2026-23662, & CVE-2026-23664 - Azure IoT Explorer Information Disclosure Vulnerabilities
Product: Microsoft Azure IoT Explorer
CVSS Score: 7.5
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23661
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23662
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23664
CVE-2026-23665 - CVE-2026-28783 Diagnostic extension (LAD) Elevation of Privilege Vulnerability
Product: Azure Linux Virtual Machines
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23665
CVE-2026-23667 - Broadcast DVR Elevation of Privilege Vulnerability
Product: Broadcast DVR
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23667
CVE-2026-23668 - Windows Graphics Component Elevation of Privilege Vulnerability
Product: Microsoft Microsoft Graphics Component
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23668
CVE-2026-23669 - Windows Print Spooler Remote Code Execution Vulnerability
Product: Microsoft Windows Print Spooler Components
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23669
CVE-2026-23671 - Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability
Product: Microsoft Windows Bluetooth RFCOM Protocol Driver
CVSS Score: 7.0 ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23671
CVE-2026-23672 - Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
Product: Microsoft Windows Universal Disk Format File System Driver (UDFS)
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23672
CVE-2026-23673 - Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Product: Microsoft Windows Resilient File System (ReFS)
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23673
CVE-2026-23674 - Windows MapUrlToZone Security Feature Bypass Vulnerability
Product: Microsoft Windows MapUrlToZone
CVSS Score: 7.5
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23674
CVE-2026-24283 - Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability
Product: Microsoft Windows File Server
CVSS Score: 8.8 ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24283
CVE-2026-24285 - Win32k Elevation of Privilege Vulnerability
Product: Microsoft Windows Win32K
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24285
CVE-2026-24287, CVE-2026-24289 & CVE-2026-26132 - Windows Kernel Elevation of Privilege Vulnerabilities
Product: Microsoft Windows Kernel
CVSS Score: 7.8
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24287
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24289
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26132
CVE-2026-24290 - Windows Projected File System Elevation of Privilege Vulnerability
Product: Microsoft Windows Projected File System
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24290
CVE-2026-24291 - Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
Product: Microsoft Windows Accessibility Infrastructure
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24291
CVE-2026-24292 - Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Product: Microsoft Connected Devices Platform Service (Cdpsvc)
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24292
CVE-2026-24294 - Windows SMB Server Elevation of Privilege Vulnerability
Product: Microsoft Windows SMB Server
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24294
CVE-2026-24295 & CVE-2026-24296 - Windows Device Association Service Elevation of Privilege Vulnerability
Product: Microsoft Windows Device Association Service
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24295
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24296
CVE-2026-25165 - Performance Counters for Windows Elevation of Privilege Vulnerability
Product: Microsoft Windows Performance Counters
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25165
CVE-2026-25166 - Windows System Image Manager Assessment and Deployment Kit (ADK) Remote Code Execution Vulnerability
Product: Microsoft Windows System Image Manager
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25166
CVE-2026-25167 - Microsoft Brokering File System Elevation of Privilege Vulnerability
Product: Microsoft Brokering File System
CVSS Score: 7.4
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25167
CVE-2026-25170 - Windows Hyper-V Elevation of Privilege Vulnerability
Product: Microsoft Windows Hyper-V
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25170
CVE-2026-25171 - Windows Authentication Elevation of Privilege Vulnerability
Product: Microsoft Windows Authentication Methods
CVSS Score: 7.0
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25171
CVE-2026-25172, CVE-2026-25173, & CVE-2026-26111 - Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerabilities
Product: Microsoft Windows Routing and Remote Access Service (RRAS)
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25172
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25173
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26111
CVE-2026-25174 - Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
Product: Microsoft Windows Extensible File Allocation
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25174
CVE-2026-25175 - Windows NTFS Elevation of Privilege Vulnerability
Product: Microsoft Windows NTFS
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25175
CVE-2026-24293, CVE-2026-25176, CVE-2026-25178 & CVE-2026-25179 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabilities
Product: Microsoft Windows Ancillary Function Driver for WinSock
CVSS Scores: 7.0 - 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24293
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25176
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25178
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25179
CVE-2026-25177 - Active Directory Domain Services Elevation of Privilege Vulnerability
Product: Microsoft Active Directory Domain Services
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25177
CVE-2026-25181 - GDI+ Information Disclosure Vulnerability
Product: Microsoft Windows GDI+
CVSS Score: 7.5
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25181
CVE-2026-25187 - Winlogon Elevation of Privilege Vulnerability
Product: Microsoft Winlogon
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25187
CVE-2026-25188 - Windows Telephony Service Elevation of Privilege Vulnerability
Product: Microsoft Windows Telephony Service
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25188
CVE-2026-25189 - Windows DWM Core Library Elevation of Privilege Vulnerability
Product: Microsoft Windows DWM Core Library
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25189
CVE-2026-25190 - GDI Remote Code Execution Vulnerability
Product: Microsoft Windows GDI
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25190
CVE-2026-26105, CVE-2026-26106, & CVE-2026-26114 - Microsoft SharePoint Vulnerabilities
Product: Microsoft Office SharePoint
CVSS Scores: 8.1 - 8.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26105
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26106
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26114
CVE-2026-26107, CVE-2026-26108, CVE-2026-26109, & CVE-2026-26112 - Microsoft Excel Remote Code Execution Vulnerabilities
Product: Microsoft Office Excel
CVSS Scores: 7.8 - 8.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26107
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26107
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26108
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26109
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26112
CVE-2026-26144 - Microsoft Excel Information Disclosure Vulnerability
Product: Microsoft Office Excel
CVSS Score: 7.5
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26144
CVE-2026-26117 - Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Product: Microsoft Azure Windows Virtual Machine Agent
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26117
CVE-2026-26118 - Azure MCP Server Tools Elevation of Privilege Vulnerability
Product: Azure MCP Server
CVSS Score: 8.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26118
CVE-2026-26121 - Azure IOT Explorer Spoofing Vulnerability
Product: Microsoft Azure IoT Explorer
CVSS Score: 7.5
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26121
CVE-2026-26128 - Windows SMB Server Elevation of Privilege Vulnerability
Product: Microsoft Windows SMB Server
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26128
CVE-2026-26130 - ASP.NET Core Denial of Service Vulnerability
Product: Microsoft ASP.NET Core
CVSS Score: 7.5
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130
CVE-2026-26134 - Microsoft Office Elevation of Privilege Vulnerability
Product: Microsoft Office
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26134
CVE-2026-26141 - Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability
Product: Microsoft Azure Arc
CVSS Score: 7.8
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26141
CVE-2026-26148 - Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability
Product: Azure Entra ID
CVSS Score: 8.1
ISC Diary: https://isc.sans.edu/diary/32782
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26148
CVE-2026-30956 & CVE-2026-30957 - OneUptime vulnerabilities
Product: OneUptime
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30956
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30957
CVE-2026-28292 - simple-git version 3.15.0 through 3.32.2 allows for full remote code execution due to a bypass of prior CVE fixes.
Product: simple-git interface
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28292
CVE-2025-48611 - DeviceId has a vulnerability in DeviceId.java that could allow for local privilege escalation without requiring user interaction.
Product: Google Pixel
CVSS Score: 10.0
NVD References: https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01
CVE-2026-27825 - MCP Atlassian is vulnerable to arbitrary code execution through the `confluence_download_attachment` tool prior to version 0.17.0.
Product: MCP Atlassian Confluence and Jira
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27825
CVE-2026-30863 & CVE-2026-30966 - Parse Server vulnerabilities.
Product: Parse Server
CVSS Scores: 9.8 - 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30863
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30966
CVE-2021-22054 - VMware Workspace ONE UEM console versions prior to 20.0.8.37, 20.11.0.40, 21.2.0.27, and 21.5.0.37 are susceptible to an SSRF vulnerability, enabling unauthorized access to sensitive data for attackers with network access.
Product: Vmware Workspace_One_Uem_Console
CVSS Score: 0
** KEV since 2026-03-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-22054
CVE-2026-3102 - Exiftool up to 13.49 on macOS is vulnerable to os command injection via manipulation of the argument DateTimeOriginal in the function SetMacOSTags of PNG File Parser's file lib/Image/ExifTool/MacOS.pm, allowing remote attackers to exploit the issue, with upgrading to version 13.50 as the recommended solution.
Product: exiftool PNG File Parser
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3102
ISC Podcast: https://isc.sans.edu/podcastdetail/9842
CVE-2026-2628 - The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress allows unauthenticated attackers to bypass authentication and login as other users, including administrators.
Product: Microsoft All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress
Active Installations: 600+
CVSS Score: 9.8
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/5e15e36e-55f9-4095-a0ba-48ef9434606a?source=cve
CVE-2026-1492 - The User Registration & Membership plugin for WordPress is vulnerable to improper privilege management, allowing unauthenticated attackers to create administrator accounts.
Product: WordPress User Registration & Membership Plugin
Active Installations: 60,000+
CVSS Score: 9.8
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/7e9fec92-f471-4ce9-9138-1c58ad658da2?source=cve
CVE-2026-2599 - The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'download_csv' function, potentially allowing unauthenticated attackers to inject a PHP Object and exploit other vulnerabilities if a POP chain is present in additional plugins or themes.
Product: Contact Form 7 WPforms, Elementor forms plugin for WordPress
Active Installations: 70,000+
CVSS Score: 9.8
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/7a116f28-a560-4b54-9cd1-f1dd9ac3238d?source=cve
CVE-2026-0953 - The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass via the Social Login addon, allowing unauthenticated attackers to log in as any existing user, including administrators, by supplying a valid OAuth token.
Product: Tutor LMS Pro WordPress
Active Installations: 100,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0953
Manual Review Needed:
CVE-2026-0866 - Antivirus and Endpoint Detection and Response Archive Scanning Engines may not properly scan malformed zip archives
Product: ZIP files CVSS Score: N/A
ISC Diary: https://isc.sans.edu/diary/Analyzing+Zombie+Zip+Files+CVE20260866/32786/ ISC Podcast: https://isc.sans.edu/podcastdetail/9846 References: https://www.kb.cert.org/vuls/id/976247
Sponsors
Wiz
The CISO Executive Toolkit. Practical tools for modern CISOs and security leaders. Get five of the most widely used CISO resources in one place. Each asset is designed to solve a real, recurring leadership challenge: budgeting, team design, tool selection, best-practice alignment, and board communication.
SANS
Free Virtual Summit | SANS Leadership Summit Solutions Track 2026 | Tuesday, March 17, 2026, at 10:00 AM ET.
SANS
Webinar | AI-Human Collaboration in Modern SOCs | Wednesday, March 18, 2026, at 3:30 PM ET.
SANS
Webinar | The Multicloud Blueprint: Architecting Security for the AI Era | Tuesday, March 31, 2026, at@ 1:00 PM ET.