SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 26ISSUE 13
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
SANS Emergency Livestream: Axios NPM Supply Chain Compromise
Multiple malicious versions of the widely used JavaScript library Axios have been published to NPM, deploying a remote access trojan capable of stealing credentials and maintaining persistent access across Windows, macOS, and Linux systems. With over 100 million weekly downloads, the potential impact is significant. SANS has published a technical analysis with indicators of compromise and mitigation guidance on the SANS blog, and is hosting an emergency livestream briefing today (March 31) at 2:30 PM ET featuring SANS Faculty Fellow Joshua Wright and Certified Instructor Rich Greene. Wright flagged the growing risk of software supply chain attacks just days ago at RSAC 2026.
Blog: Axios NPM Supply Chain Compromise: Malicious Packages Deliver Remote Access Trojan
https://www.sans.org/blog/axios-npm-supply-chain-compromise-malicious-packages-remote-access-trojan
Blog: What We Learned: Axios NPM Supply Chain Compromise Emergency Briefing
https://www.sans.org/blog/what-we-learned-axios-npm-supply-chain-compromise-emergency-briefing
Watch the livestream: https://www.sans.org/mlp/emergency-livestream-axios-npm-supply-chain-compromise
TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available
Published: 2026-03-26
Last Updated: 2026-03-26 17:42:22 UTC
by Kenneth Hartman (Version: 2)
This is the first update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026: https://www.sans.org/white-papers/when-security-scanner-became-weapon). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication.
Checkmarx ast-github-action: All 91 Tags Were Compromised, Not Just v2.3.28
The most significant new finding since the report's publication: the scope of the Checkmarx ast-github-action compromise was substantially larger than publicly reported.
Checkmarx's official security advisory stated that "all older versions have been permanently deleted" but did not quantify how many tags were affected. This ambiguity allowed the security community to anchor on a single confirmed version — v2.3.28 — as the extent of the compromise. Sysdig's analysis characterized it as "Checkmarx/ast-github-action/2.3.28: (possibly more)." Even Wiz, which assessed that "it is likely all tags were impacted," only observed the single tag directly.
An independent security researcher who was working this incident firsthand at a Checkmarx customer has now provided primary evidence that all 91 published tags were overwritten — every version from v0.1-alpha through v2.3.32. The evidence is publicly visible in the GitHub activity log, which shows 91 tag deletions performed during Checkmarx's remediation between 19:09 and 19:16 UTC on March 23, 2026.
Three of the malicious commits are still visible on GitHub ...
Red the full entry: https://isc.sans.edu/diary/TeamPCP+Supply+Chain+Campaign+Update+001+Checkmarx+Scope+Wider+Than+Reported+CISA+KEV+Entry+and+Detection+Tools+Available/32834/
Apple Patches (almost) everything again. March 2026 edition.
Published: 2026-03-25
Last Updated: 2026-03-25 21:29:57 UTC
by Johannes Ullrich (Version: 1)
Apple released the next version of its operating system, patching 85 different vulnerabilities across all of them. None of the vulnerabilities are currently being exploited. The last three macOS "generations" are covered, as are the last two versions of iOS/iPadOS. For tvOS, watchOS, and visionOS, only the current version received patches. This update also includes the recently released Background Security Improvements. Some older watchOS versions received updates, but these updates do not address any security issues ...
Red the full entry: https://isc.sans.edu/diary/Apple+Patches+almost+everything+again+March+2026+edition/32830/
OTHER INTERNET STORM CENTER ENTRIES
Malicious Script That Gets Rid of ADS (2026.04.01)
https://isc.sans.edu/diary/Malicious+Script+That+Gets+Rid+of+ADS/32854/
Application Control Bypass for Data Exfiltration (2026.03.31)
https://isc.sans.edu/diary/Application+Control+Bypass+for+Data+Exfiltration/32850/
DShield (Cowrie) Honeypot Stats and When Sessions Disconnect (2026.03.30)
https://isc.sans.edu/diary/DShield+Cowrie+Honeypot+Stats+and+When+Sessions+Disconnect/32840/
TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released (2026.03.30)
TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours (2026.03.28)
TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim (2026.03.27)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2026-33634 - Trivy was compromised on March 19, 2026, allowing a threat actor to replace version tags with malicious commits, potentially exposing sensitive data.
Product: Aqua Security Trivy
CVSS Score: 0
** KEV since 2026-03-26 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33634
ISC Diary: https://isc.sans.edu/diary/32846
CVE-2026-3055 - Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
Product: NetScaler ADC and NetScaler Gateway
CVSS Score: 0
** KEV since 2026-03-30 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3055
ISC Podcast: https://isc.sans.edu/podcastdetail/9862
CVE-2026-23395 - Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
Product: Bluetooth: L2CAP
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23395
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23395
CVE-2026-33937 - Handlebars.js has JavaScript Injection via AST Type Confusion
Product: Handlebars.js
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33937
NVD References: https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q
CVE-2026-3381 - Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Product: Compress::Raw::Zlib
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3381
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3381
CVE-2025-69720 - The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.
Product: ncurses progs/infocmp
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69720
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-69720
CVE-2026-33186 - gRPC-Go has an authorization bypass via missing leading slash in :path
Product: gRPC-Go
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33186
ISC Podcast: https://isc.sans.edu/podcastdetail/9862
NVD References: https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3
CVE-2026-33195 - Active Storage in Rails applications prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 allows for arbitrary file access through path traversal sequences in blob keys.
Product: RubyonRails
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33195
NVD References: https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87
CVE-2026-33202 - Active Storage in Rails applications prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 allows attackers to delete unintended files from the storage directory by passing blob keys directly to `Dir.glob` without escaping glob metacharacters.
Product: RubyonRails
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33202
NVD References: https://github.com/rails/rails/security/advisories/GHSA-73f9-jhhh-hr5m
CVE-2026-33211 - Tekton Pipelines project is vulnerable to path traversal via the `pathInRepo` parameter in versions prior to 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, allowing a tenant with permission to create `ResolutionRequests` to read arbitrary files from the resolver pod's filesystem.
Product: Tekton Pipelines
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33211
NVD References: https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c
CVE-2026-33286 - Graphiti framework versions prior to 1.10.2 have an arbitrary method execution vulnerability that allows attackers to invoke any public method on underlying model instances or classes via malicious JSONAPI payloads.
Product: Graphiti
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33286
NVD References: https://github.com/graphiti-api/graphiti/security/advisories/GHSA-3m5v-4xp5-gjg2
CVE-2019-25628 - Download Accelerator Plus DAP 10.0.6.0 is vulnerable to remote code execution via crafted URLs that exploit a structured exception handler buffer overflow.
Product: Download Accelerator Plus DAP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25628
CVE-2019-25646 - Tabs Mail Carrier 2.5.1 is vulnerable to a buffer overflow in the MAIL FROM SMTP command, allowing remote attackers to execute arbitrary code through a crafted parameter.
Product: Tabslab Mail Carrier
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25646
CVE-2026-33309 - Langflow is vulnerable to Remote Code Execution (RCE) due to a bypass in versions 1.2.0 through 1.8.1 for CVE-2025-68478, allowing authenticated attackers to write files anywhere on the host system.
Product: Langflow
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33309
NVD References: https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
CVE-2026-33475 - Langflow is vulnerable to an unauthenticated remote shell injection via GitHub Actions workflows in the repository prior to version 1.9.0, allowing attackers to execute arbitrary shell commands through malicious branch names or pull request titles.
Product: Langflow
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33475
NVD References: https://github.com/langflow-ai/langflow/security/advisories/GHSA-87cc-65ph-2j4w
CVE-2026-4688, CVE-2026-4689, CVE-2026-4691, CVE-2026-4692, CVE-2026-4696, CVE-2026-4698, CVE-2026-4700 - CVE-2026-4702, CVE-2026-4705, CVE-2026-4710, CVE-2026-4711, CVE-2026-4715 - CVE-2026-4717, CVE-2026-4720, CVE-2026-4721, CVE-2026-4723 - CVE-2026-4725, & CVE-2026-4729 - Multiple vulnerabilities in Mozilla Firefox and Thunderbird.
Product: Mozilla Firefox
CVSS Scores: 9.1 - 10.0
NVD References:
- https://www.mozilla.org/security/advisories/mfsa2026-20/
- https://www.mozilla.org/security/advisories/mfsa2026-21/
- https://www.mozilla.org/security/advisories/mfsa2026-22/
- https://www.mozilla.org/security/advisories/mfsa2026-23/
- https://www.mozilla.org/security/advisories/mfsa2026-24/
CVE-2026-33334 - Vikunja Desktop Electron wrapper versions before 2.2.0 allow for potential XSS vulnerabilities to escalate to remote code execution due to lack of security measures.
Product: Vikunja
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33334
NVD References: https://github.com/go-vikunja/vikunja/security/advisories/GHSA-xh67-63q3-hf7g
CVE-2026-33340 - LoLLMs WEBUI is vulnerable to a critical Server-Side Request Forgery (SSRF) in its "/api/proxy" endpoint, allowing unauthenticated attackers to make arbitrary GET requests and potentially access internal services or exfiltrate sensitive data.
Product: LoLLMs WEBUI
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33340
NVD References: https://github.com/ParisNeo/lollms-webui/security/advisories/GHSA-mcwr-5469-pxj4
CVE-2026-33407 - Wallos is vulnerable to SSRF via proxy hijacking in versions prior to 4.7.0 due to a lack of validation in endpoints/logos/search.php for HTTP_PROXY and HTTPS_PROXY environment variables.
Product: Wallos
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33407
NVD References: https://github.com/ellite/Wallos/security/advisories/GHSA-hhjq-82f8-m6rc
CVE-2026-33409 - Parse Server is vulnerable to an authentication bypass allowing attackers to log in as any user who has linked a third-party authentication provider, without knowing the user's credentials.
Product: Parse-Server
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33409
NVD References: https://github.com/parse-community/parse-server/security/advisories/GHSA-pfj7-wv7c-22pr
CVE-2026-33511 - pyLoad download manager allows for HTTP Host header spoofing in versions before 0.5.0b3.dev97, enabling remote attackers unauthorized access to localhost-restricted endpoints and potential code execution.
Product: pyload
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33511
NVD References: https://github.com/pyload/pyload/security/advisories/GHSA-g5j2-gxqh-x7pw
CVE-2025-33244 - NVIDIA APEX for Linux is vulnerable to untrusted data deserialization, allowing attackers to potentially execute code, perform denial of service attacks, escalate privileges, tamper with data, and disclose information in PyTorch versions earlier than 2.6.
Product: NVIDIA APEX
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-33244
CVE-2026-20688, CVE-2026-28827, CVE-2026-28858 - Vulnerabilities in multiple Apple products
Product: Multiple Apple products
CVSS Score: 9.3 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20688 (path traversal)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28827 (path traversal)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28858 (buffer overflow)
NVD References:
- https://support.apple.com/en-us/126792
- https://support.apple.com/en-us/126794
- https://support.apple.com/en-us/126795
- https://support.apple.com/en-us/126796
- https://support.apple.com/en-us/126799
CVE-2025-32991, CVE-2025-59706, CVE-2025-59707 - Multiple critical vulnerabilities in N2W.
Product: N2W
CVSS Scores: 9.0 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32991 (remote code execution via RESTful API)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59706 (API parameter validation bypass)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59707 (insider attack surface for credential theft)
NVD References:
- https://n2ws.com/blog/security-advisory-update
- https://n2ws.zendesk.com/hc/en-us/articles/29817965452701-Release-notes-for-N2W-V4-3-2-August-2025
CVE-2026-26831 - Textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors.
Product: Textract
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26831
CVE-2026-33749 - n8n versions prior to 1.123.27, 2.13.3, and 2.14.1 allow authenticated users to execute JavaScript in a victim's session, leading to potential exfiltration of workflows and credentials.
Product:n8n
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33749
NVD References: https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77
CVE-2026-33183 & CVE-2026-33942 - Vulnerabilities in Saloon, a PHP library for API integrations and SDKs..
Product: Saloon PHP library
CVSS Scores: 9.1 - 9.8
NVD References: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4
NVD References: https://github.com/saloonphp/saloon/security/advisories/GHSA-f7xc-5852-fj99 (path traversal)
NVD References: https://github.com/saloonphp/saloon/security/advisories/GHSA-rf88-776r-rcq9 (insecure deserialisation)
CVE-2014-125112 - Plack::Middleware::Session::Cookie versions through 0.21 for Perl is vulnerable to remote code execution during deserialization of cookie data without a secret key.
Product: Plack::Middleware::Session::Cookie
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2014-125112
NVD References: https://www.openwall.com/lists/oss-security/2026/03/26/2
CVE-2026-4809 - Plank/laravel-mediable through version 6.4.0 can allow arbitrary file upload via client-supplied MIME types, potentially leading to remote code execution.
Product: Plank / laravel-mediable
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-4809
CVE-2026-33396 - OneUptime's open-source monitoring and observability platform prior to version 10.0.35 allows low-privileged authenticated users to achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution.
Product: OneUptime
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33396
NVD References: https://github.com/OneUptime/oneuptime/security/advisories/GHSA-cqpg-phpp-9jjg
CVE-2026-33494 - ORY Oathkeeper is vulnerable to an authorization bypass via HTTP path traversal in versions prior to 26.2.0.
Product: ORY Oathkeeper
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33494
NVD References: https://github.com/ory/oathkeeper/security/advisories/GHSA-p224-6x5r-fjpm
CVE-2026-30457 - Vulnerabilities in Daylight Studio FuelCMS.
Product: Daylight Studio FuelCMS
CVSS Scores: 9.1 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30457 (code injection)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-30458 (unverified password change)
Recent CVEs Continued
CVE-2026-33152 - Tandoor Recipes in versions prior to 2.6.0 allows for high-speed password guessing through API endpoints with no rate limiting or account lockout.
Product: Tandoor Recipes
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33152
NVD References: https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-7m7c-jjqc-r522
CVE-2026-33640 - Outline allows for unrestricted OTP code submissions due to bypasses in the rate limiter, enabling attackers to perform brute force attacks for account takeover.
Product: Outline
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33640
NVD References: https://github.com/outline/outline/security/advisories/GHSA-cwhc-53hw-qqx6
CVE-2026-33897 & CVE-2026-33945 - Incus vulnerabilities
Product: Incus
CVSS Score: 9.9
NVD References: https://github.com/lxc/incus/security/advisories/GHSA-83xr-5xxr-mh92 (Arbitrary file read and write)
NVD References: https://github.com/lxc/incus/security/advisories/GHSA-q4q8-7f2j-9h9f (Abitrary file write)
CVE-2026-22738 - Spring AI is vulnerable to a SpEL injection issue in SimpleVectorStore, allowing an attacker to execute arbitrary code by passing user-supplied input as a filter expression key.
Product: Spring AI
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22738
NVD References: https://spring.io/security/cve-2026-22738
CVE-2026-27650 - Multiple vulnerabilities in BUFFALO Wi-Fi router products.
Product: Buffalo Wcr-1166Dhpl
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27650 (OS command injection)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32669 (code injection)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33280 (hidden functionality)
NVD References: https://jvn.jp/en/jp/JVN83788689/
CVE-2026-27876 - Grafana is vulnerable to remote arbitrary code execution via a chained attack using SQL expressions and a Grafana Enterprise plugin, requiring all users to update to prevent such attacks.
Product: Grafana
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-27876
NVD References: https://grafana.com/security/security-advisories/cve-2026-27876
CVE-2026-33757 - OpenBao allows for remote phishing attacks by not requiring user confirmation during JWT/OIDC logins with `callback_mode` set to `direct` before version 2.5.2.
Product: OpenBao
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33757
NVD References: https://github.com/openbao/openbao/security/advisories/GHSA-7q7g-x6vg-xpc3
CVE-2026-33770 & CVE-2026-34374 - WWBN AVideo SQL injection vulnerabilities
Product: WWBN AVideo
CVSS Scores: 9.1 - 9.8
NVD References:
- https://github.com/WWBN/AVideo/security/advisories/GHSA-584p-rpvq-35vf
- https://github.com/WWBN/AVideo/security/advisories/GHSA-xgv5-66wp-ch88
CVE-2026-34205 - Home Assistant allows unauthenticated access to internal endpoints on the local network through misconfigured apps.
Product: Home Assistant
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34205
NVD References: https://github.com/home-assistant/core/security/advisories/GHSA-gh5m-4m97-c95h
CVE-2026-33976 - Notesnook is vulnerable to stored XSS in the Web Clipper rendering flow, which can be escalated to remote code execution in the desktop app prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS.
Product: Notesnook
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33976
NVD References: https://github.com/streetwriters/notesnook/security/advisories/GHSA-f42f-phvp-43x5
CVE-2016-20049 & CVE-2017-20227 - JAD Java Decompiler 1.5.8e-1kali1 and prior stack-based buffer overflow vulnerabilities
Product: JAD Java Decompiler
NVD: https://nvd.nist.gov/vuln/detail/CVE-2016-20049
NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-20227
CVE-2017-20225 - TiEmu 2.08 and prior is susceptible to a stack-based buffer overflow, enabling attackers to execute arbitrary code via user-controlled input, potentially leading to the execution of malicious shellcode.
Product: TiEmu
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-20225
CVE-2017-20229 - MAWK 1.3.3-17 and prior is vulnerable to a stack-based buffer overflow that enables attackers to execute arbitrary code by providing malicious input.
Product: MAWK
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-20229
CVE-2018-25220 - Bochs 2.6-5 is vulnerable to a stack-based buffer overflow allowing attackers to execute arbitrary code through an oversized input string.
Product: Bochs
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25220
CVE-2018-25221 - EChat Server 3.1 has a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code via an oversized username parameter.
Product: EChat
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25221
CVE-2018-25223 - Crashmail 1.6 has a stack-based buffer overflow vulnerability enabling remote attackers to execute arbitrary code by sending malicious input to the application and potentially causing denial of service.
Product: Crashmail 1.6
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25223
CVE-2026-3256 - HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.
Product: HTTP::Session
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3256
NVD References: https://www.openwall.com/lists/oss-security/2026/03/28/5
CVE-2026-4851 - GRID::Machine versions through 0.127 for Perl are vulnerable to arbitrary code execution through unsafe deserialization in the RPC protocol.
Product: GRID::Machine
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-4851
NVD References: https://www.openwall.com/lists/oss-security/2026/03/26/6
CVE-2026-32916, CVE-2026-32917, CVE-2026-32922, CVE-2026-32924, CVE-2026-32973, CVE-2026-32975, & CVE-2026-32987 - Multiple vulnerabilities in OpenClaw.
Product: Openclaw
CVSS Score: 9.4 - 9.9
NVD References:
- https://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728 (authorization bypass)
- https://github.com/openclaw/openclaw/security/advisories/GHSA-g2f6-pwvx-r275 (remote command injection)
- https://github.com/openclaw/openclaw/security/advisories/GHSA-4jpw-hj22-2xmc (privilege escalation)
- https://github.com/openclaw/openclaw/security/advisories/GHSA-m69h-jm2f-2pv8 (authorization bypass)
- https://github.com/openclaw/openclaw/security/advisories/GHSA-f8r2-vg7x-gh8m (allowlist bypass)
- https://github.com/openclaw/openclaw/security/advisories/GHSA-f5mf-3r52-r83w (weak authorization)
- https://github.com/openclaw/openclaw/security/advisories/GHSA-63f5-hhc7-cx6p (bootstrap setup code replay)
CVE-2026-5121 - libarchive has an integer overflow vulnerability on 32-bit systems, allowing a remote attacker to execute arbitrary code by providing a crafted ISO9660 image.
Product: libarchive
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5121
CVE-2026-2275 - The CrewAI CodeInterpreter tool is vulnerable to remote code execution by falling back to SandboxPython when unable to access Docker, allowing for arbitrary C function calling.
Product: CrewAI CodeInterpreter
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2275
NVD References: https://www.kb.cert.org/vuls/id/221883
CVE-2026-33032 - Nginx UI in versions 2.3.5 and prior exposes the /mcp_message endpoint without proper authentication, allowing network attackers to achieve complete nginx service takeover.
Product: Nginx UI
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33032
NVD References: https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h6c2-x2m2-mwhf
CVE-2026-31946 - OpenOlat's OpenID Connect implementation from version 10.5.4 to before version 20.2.5 does not verify JWT signatures, potentially exposing it to security risks.
Product: OpenOlat's OpenID Connect
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-31946
NVD References: https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-v8vp-x4q4-2vch
CVE-2025-15618 - Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key generated by a weak hashing algorithm.
Product: Business::OnlinePayment::StoredTransaction
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15618
NVD References: https://www.openwall.com/lists/oss-security/2026/03/31/7
CVE-2026-34156 - NocoBase's Workflow Script Node in versions prior to 2.0.28 allows for Remote Code Execution by authenticated attackers through a prototype chain traversal vulnerability.
Product: NocoBase
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34156
NVD References: https://github.com/nocobase/nocobase/security/advisories/GHSA-px3p-vgh9-m57c
CVE-2026-34162 - FastGPT's version prior to 4.14.9.5 exposes an unauthenticated HTTP tools testing endpoint, allowing full access as an HTTP proxy.
Product: FastGPT AI Agent building platform
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34162
NVD References: https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj
CVE-2026-33669, CVE-2026-33670, CVE-2026-34448, & CVE-2026-34449 - Multiple vulnerabilities in SiYuan personal knowledge management system
Product: SiYuan
CVSS Scores: 9.0 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33669 (out-of-bounds read)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33670 (path traversal)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34448 (cross-site scripting / code injection)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34449 (permissive cross-domain policy with untrusted domains)
CVE-2026-4001 - The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1.
Product: Woocommerce Custom Product Addons Pro plugin
Active Installations: Unknown. Update to version 5.4.2, or a newer patched version.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-4001
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/70a2b6ff-defc-4722-9af9-3cae94e98632?source=cve
CVE-2026-4283 - The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction through the `super-unsubscribe` AJAX action in versions up to 3.1.38, allowing unauthenticated users to bypass email confirmation and anonymize accounts with a submitted email address and `process_now=1`.
Product: WP GDPR Tools WP DSGVO Tools (GDPR) plugin
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-4283
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/21389122-cb39-45d1-a889-b830d3a55603?source=cve
CVE-2026-4484 - The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation up to version 2.1.6, allowing authenticated attackers with Student-level access and above to elevate their privileges to that of an administrator.
Product: Masteriyo LMS plugin for WordPress
Active Installations: 4,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-4484
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/265be0af-66a4-4636-ab81-f8e2c5a1282e?source=cve
CVE-2026-4257 - The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up to, and including, 1.7.36.
Product: Contact Form
Active Installations: 7,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-4257
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/415c9658-bfb2-453b-a697-c63c08b0ca61?source=cve
CVE-2026-3300 - The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection due to improper escaping in the Calculation Addon's process_filter() function.
Product: Everest Forms Pro WordPress plugin
Active Installations: Unknown. Update to version 1.9.13, or a newer patched version.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3300
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/389c0b89-e408-4ad5-9723-a16b745771f0?source=cve
Sponsors
Optro
Report | GRC Insights from the Harvard Business Review. While GRC is an increasingly necessary component of any organization, far too many teams are stuck in traditional, fragmented systems that contribute to inconsistency and inefficiency. This report from Harvard Business Review Analytic Services takes an in-depth look at a fully connected risk system that harnesses the power of AI.
SANS
Spring Cyber Solutions Fest | May 5-7, 2026 | Build skills in emerging technologies, cloud security, detection and response, exposure management, insider threats, malware, and ransomware. Learn from SANS experts and connect globally.
SANS
Free Virtual Summit | April 20-21, 2026 | AI Summit Solutions Track, Chaired by Matt Bromiley.
SANS
Take the Survey | 2026 SANS Survey on Unstructured Data | Share insights, benchmark your organization, and help shape industry understanding of unstructured data risk. Your input drives better tools, smarter strategies, and stronger security outcomes.