•about 4 hours ago•CVE-2026-20122
5.4CVE-2026-20122: Arbitrary File Overwrite in Cisco Catalyst SD-WAN Manager API
A vulnerability in the API interface of Cisco Catalyst SD-WAN Manager (formerly vManage) allows an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system. The flaw stems from improper input validation and insufficient privilege checks within specific API endpoints used for file ingestion. By exploiting this vulnerability, an attacker with read-only credentials can overwrite critical system files, potentially leading to privilege escalation to the 'vmanage' user context. This issue is actively being exploited in the wild, often chained with authentication bypass vulnerabilities.
7 views•5 min read
•about 7 hours ago•CVE-2026-20131
10.0CVE-2026-20131: Unauthenticated RCE in Cisco Secure Firewall Management Center via Java Deserialization
A critical vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) software allows an unauthenticated, remote attacker to execute arbitrary code with root privileges. The flaw arises from the improper handling of Java serialized data, enabling attackers to supply malicious objects that the application deserializes without validation.
18 views•4 min read
•about 7 hours ago•CVE-2026-20079
10.0CVE-2026-20079: Authentication Bypass & RCE in Cisco Secure FMC
A critical authentication bypass vulnerability exists in the Cisco Secure Firewall Management Center (FMC) Software. Identified as CVE-2026-20079 with a maximum CVSS score of 10.0, this flaw allows an unauthenticated, remote attacker to bypass security controls and execute arbitrary commands with root privileges on the underlying operating system. The vulnerability stems from an improperly initialized system process created during the boot sequence.
12 views•4 min read
•about 7 hours ago•CVE-2025-15558
7.0CVE-2025-15558: Local Privilege Escalation via Uncontrolled Search Path in Docker CLI for Windows
A critical Local Privilege Escalation (LPE) vulnerability affects Docker CLI for Windows, stemming from an insecure plugin search path in the `C:\ProgramData` directory. Due to permissive default Access Control Lists (ACLs) on Windows, low-privileged users can create subdirectories within `ProgramData`. The Docker CLI plugin manager inadvertently trusts this location, allowing attackers to plant malicious executables that are subsequently executed by privileged users during standard Docker operations.
8 views•5 min read
•about 8 hours ago•GHSA-HHJV-JQ77-CMVX
HighGHSA-HHJV-JQ77-CMVX: Android Shell Blocklist Bypass in Zeptoclaw via Argument Permutation
The `zeptoclaw` Rust framework contains a security bypass vulnerability in its Android device shell interface (`device_shell`). The vulnerability allows attackers to execute dangerous commands, specifically recursive file deletions (`rm -rf`), by circumventing a naive blocklist implementation. The original security control relied on literal substring matching, which fails to account for argument permutations, alternative flag syntax, or binary aliasing (e.g., `busybox rm`). This flaw permits malicious agents or attackers with access to the framework's shell tool to perform destructive actions on connected Android devices.
2 views•7 min read
•about 8 hours ago•CVE-2026-22719
8.1CVE-2026-22719: Unauthenticated Command Injection in VMware Aria Operations
A high-severity command injection vulnerability exists in the support-assisted product migration interface of VMware Aria Operations (formerly vRealize Operations). The flaw allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges, provided the target system is actively undergoing a support-assisted migration. This vulnerability has been identified in active exploitation campaigns and added to the CISA Known Exploited Vulnerabilities (KEV) catalog.
9 views•4 min read
•about 8 hours ago•GHSA-5WP8-Q9MX-8JX8
9.8GHSA-5WP8-Q9MX-8JX8: Critical Shell Security Bypass in Zeptoclaw AI Runtime
A critical vulnerability in the `zeptoclaw` AI agent runtime allows attackers to bypass shell security controls, including allowlists and blocklists, to execute arbitrary commands. The flaw stems from insufficient input validation in `src/security/shell.rs`, specifically regarding shell metacharacters, globbing patterns, and argument permutation. By manipulating command strings, an attacker can escape the intended sandbox and execute code on the host system, even when 'Strict' security modes are enabled.
4 views•6 min read
•about 9 hours ago•GHSA-9M84-WC28-W895
HighGHSA-9m84-wc28-w895: Incomplete CSRF Protection and Weak OTC Binding in Ghost
Ghost, a popular open-source publishing platform, contains critical vulnerabilities in its authentication mechanisms affecting versions prior to 5.105.0. The platform failed to cryptographically bind One-Time Codes (OTCs) to the initiating browser session and implemented insufficient Cross-Site Request Forgery (CSRF) protections on sensitive endpoints. These architectural flaws allow attackers to potentially bypass authentication challenges or hijack administrator accounts by leveraging cross-origin requests and reusing valid OTCs across different sessions.
3 views•5 min read
•about 9 hours ago•GHSA-XHW7-JHMP-J62J
CriticalGHSA-XHW7-JHMP-J62J: Malicious 'dnp3times' Crate Exfiltrates Secrets via Typosquatting
The Rust package 'dnp3times' was identified as a malicious component within the crates.io ecosystem, designed to execute a supply chain attack against developers. Published on March 4, 2026, the package utilized typosquatting to deceive users into installing it. Upon execution, the crate attempted to locate sensitive `.env` configuration files and exfiltrate their contents to a remote server controlled by the attacker. The exfiltration traffic was obfuscated to resemble legitimate requests to `timeapi.io`.
5 views•4 min read
•about 11 hours ago•GHSA-QFFP-2RHF-9H96
8.3GHSA-qffp-2rhf-9h96: Hardlink Path Traversal in node-tar via Drive-Relative Paths
A high-severity path traversal vulnerability exists in the `node-tar` (npm package `tar`) library versions prior to 7.5.10. The vulnerability allows an attacker to overwrite arbitrary files on the target system by crafting a malicious tar archive containing hardlink entries with drive-relative paths (e.g., `C:../target`). Improper sanitization logic fails to detect the traversal sequence before stripping the drive root, resulting in file operations outside the extraction root.
17 views•6 min read
•about 12 hours ago•CVE-2026-3125
7.7CVE-2026-3125: SSRF via Differential Path Normalization in @opennextjs/cloudflare
A high-severity Server-Side Request Forgery (SSRF) vulnerability exists in the @opennextjs/cloudflare adapter due to differential path normalization between Cloudflare's Edge infrastructure and the Worker runtime. Attackers can bypass edge security policies protecting the '/cdn-cgi/' namespace by using backslashes in the URL, triggering a development-only proxy handler in production environments.
7 views•5 min read
•about 12 hours ago•GHSA-W75W-9QV4-J5XJ
4.0GHSA-W75W-9QV4-J5XJ: Path Traversal in dbt-common Archive Extraction
A path traversal vulnerability exists in the `dbt-common` Python package due to insecure usage of `os.path.commonprefix` during archive extraction. This flaw allows malicious tarballs to bypass directory confinement checks and write files to sibling directories of the intended destination. The vulnerability affects versions prior to 1.34.2 and versions between 1.35.0 and 1.37.3. It arises from a logic error where string prefix matching is used instead of path component comparison, effectively neutralizing the sandbox check intended to prevent arbitrary file writes.
7 views•5 min read