CIRCLE WITH A DOT

New security advisory:CVE-2026-4702 affects Mozilla Firefox.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-4702-mozilla-firefox-jit-compiler-vulnerability#CVE #VulnerabilityManagement #CyberSec

#OT #Advisory VDE-2026-018CODESYS Control V3 - Externally-controlled format string in AuditlogThe CODESYS Control runtime system's CmpAuditLog component allows potentially unauthenticated remote attackers to control the format string of processed log messages. Due to the internal processing logic, the impact is limited to a crash of the CODESYS Control runtime.#CVE CVE-2026-3509https://certvde.com/en/advisories/vde-2026-018/#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-03_vde-2026-018.json

#OT #Advisory VDE-2026-011CODESYS Control V3 - Untrusted boot applicationThe CODESYS Control runtime system provides a user management mechanism with multiple privilege groups. While only the privileged Administrators and Developer groups are intended to load or debug applications on the controller, users in the restricted Service group are allowed to perform maintenance operations, including explicitly replacing the boot application.#CVE CVE-2025-41660https://certvde.com/en/advisories/vde-2026-011/#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-02_vde-2026-011.json

https://peer.adalta.social/w/wg6KobEvvKKJLWMzqGDZtq [](https://adalta.info/articles/prstn_security_116266728422046419_fr) [️](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/")Une injection SQL authentifiée dans WeGIA compromet l'intégralité des bases de données des institutions.#cybersecurity #security #osint #threatintel #cve

https://peer.adalta.social/w/vUPVbxbkikKKbXfJUWY7un [](https://adalta.info/articles/prstn_security_116266728422046419_en) [️](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/")An authenticated SQL injection in WeGIA enables full database compromise, demanding immediate remediation for high-risk organizations.#cybersecurity #security #osint #threatintel #cve

https://peer.adalta.social/w/gG6EiykmeMqKds94uYjSvn [](https://adalta.info/articles/prstn_security_116266728422046419_de) [️](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/")Authentifizierte SQL-Injektion in einer Wohltätigkeitssoftware ermöglicht vollständige Datenbankkompromittierung.#cybersecurity #security #osint #threatintel #cve

[CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.️ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)- Name: Apple Multiple Products Buffer Overflow Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Apple- Product: Multiple Products- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277️ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)- Name: Craft CMS Code Injection Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Craft CMS- Product: Craft CMS- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432️ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)- Name: Apple Multiple Products Improper Locking Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Apple- Product: Multiple Products- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510️ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Apple- Product: Multiple Products- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520️ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)- Name: Laravel Livewire Code Injection Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Laravel- Product: Livewire- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068

New security advisory:CVE-2026-32698 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-32698-openproject-sql-injection-vulnerability#CVE #PatchNow #InfoSecCommunity

[CISA-2026:0318] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0318)CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.️ CVE-2025-66376 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-66376)- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Synacor- Product: Zimbra Collaboration Suite (ZCS)- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-66376#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260318 #cisa20260318 #cve_2025_66376 #cve202566376

With the recent integration of CERT-VDE’s CSAF advisories, it becomes even clearer why diverse vulnerability data sources are essential.CSAF delivers direct vendor remediation information, and when correlated with the CVE Program , it highlights how important federation and data correlation are for remediation efforts and vulnerability management as a whole. (See example below) https://db.gcve.eu/vuln/vde-2025-066#gcve #cve #vulnerabilitymanagement #cybersecurity #opensource @circl @gcve @CVE_Program

EUVD-2025-208747 Score: 9.8/10 (CVSS v3.1) Product: Unica Vendor: HCL Updated: 2026-03-16 Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds d... https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-208747#cybersecurity #infosec #euvd #cve #vulnerability

️ New security advisory:CVE-2026-3910 affects Google Chrome.• Impact: Significant security breach potential• Risk: Unauthorized access or data exposure• Mitigation: Apply patches within 24-48 hoursFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-3910-google-chrome-v8-sandbox-escape-update-immediately#CVE #VulnerabilityManagement #CyberSec

A new pull request for Vulnerability-Lookup adds a CSAF producer that publishes advisories for many manufacturers.This is great for defenders and researchers, as it increases the amount of detailed vulnerability information available.It will push the number of ingested feeds to more than 50 unique sources, highlighting the growing diversity of our data sources.If someone tells you there is a single source of truth for vulnerability information, they’re ignoring the reality: vulnerability intelligence comes from many different sources.Thanks to @rafi0t for the continuous work on adding CSAF and feeds to vulnerability-lookup#gcve #cve #cybersecurity #csaf #vulnerability #opendata #opensource The new PR with many new CSAF sources https://github.com/vulnerability-lookup/vulnerability-lookup/pull/348 The open source vulnerability-lookup software https://www.vulnerability-lookup.org/ GCVE instance https://db.gcve.eu/@gcve @cedric

New security advisory:CVE-2026-31896 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-31896-wegia-sql-injection-vulnerability-update-immediately#CVE #SecurityPatching #HackerNews

CRITICAL: CVE-2026-27685 in SAP NetWeaver EP-RUNTIME 7.50 (Admin) enables privileged users to upload malicious serialized data — risking full system compromise. Restrict uploads, monitor privileged actions, patch ASAP! https://radar.offseq.com/threat/cve-2026-27685-cwe-502-deserialization-of-untruste-36704129 #OffSeq #SAP #CVE #InfoSec

New security advisory:CVE-2018-25172 affects multiple systems.• Impact: Significant security breach potential• Risk: Unauthorized access or data exposure• Mitigation: Apply patches within 24-48 hoursFull breakdown:https://www.yazoul.net/advisory/cve/cve-2018-25172#CVE #ZeroDay #ThreatIntel

@CVE_Program Oh, wait, really, VulnCon is not the FIRST annual conference! If only we had, I dunno, a Conference and Venues Enumeration, then people wouldn't make these mistakes!

New security advisory:CVE-2026-27944 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://yazoul.net/advisory/cve/cve-2026-27944#CVE #PatchNow #InfoSecCommunity

https://peer.adalta.social/w/wHrwgG6TbqaqZh8D2DEueW [](https://p4u.xyz/ID_7U1GFGRG/1) [️](https://www.fogolf.com/1184174/electric-id-golf-details-and-ssp-platform/")The ninth-generation Golf launch represents a critical strategic pivot, leveraging the Scalable Systems Platform (SSP) to offer both electric and internal combustion variants concurrently.#cve #train #golf #golfnews #idgolf

You want to publish a new vulnerability? Just submit and we will handle your CVE assignment in no time. https://vuldb.com/?id.add #vuldb #cna #cve #mitre #nvd