https://factualrisk.com/dashboard.html Flux CVE automatisé — 2026-04-03T22:02 fr 2026-04-03T22:02:40.754860+02:00 https://nvd.nist.gov/vuln/detail/CVE-2026-3055 CVSS=9.8 EPSS=0.443 Score=222.0 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread Sun, 29 Mar 2026 22:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-3055 https://nvd.nist.gov/vuln/detail/CVE-2017-7921 CVSS=0.0 EPSS=0.942 Score=218.1 | Hikvision Multiple Products Improper Authentication Vulnerability Wed, 04 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2017-7921 https://nvd.nist.gov/vuln/detail/CVE-2021-22054 CVSS=0.0 EPSS=0.938 Score=217.6 | Omnissa Workspace ONE Server-Side Request Forgery Sun, 08 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2021-22054 https://nvd.nist.gov/vuln/detail/CVE-2025-32432 CVSS=0.0 EPSS=0.877 Score=210.2 | Craft CMS Code Injection Vulnerability Thu, 19 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-32432 https://nvd.nist.gov/vuln/detail/CVE-2025-68613 CVSS=0.0 EPSS=0.792 Score=200.0 | n8n Improper Control of Dynamically-Managed Code Resources Vulnerability Tue, 10 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-68613 https://nvd.nist.gov/vuln/detail/CVE-2026-1603 CVSS=0.0 EPSS=0.654 Score=183.5 | Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability Sun, 08 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-1603 https://nvd.nist.gov/vuln/detail/CVE-2026-33634 CVSS=8.8 EPSS=0.212 Score=183.2 | Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with maliciou Wed, 25 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-33634 https://nvd.nist.gov/vuln/detail/CVE-2026-33017 CVSS=9.8 EPSS=0.057 Score=175.6 | Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker Tue, 24 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-33017 https://nvd.nist.gov/vuln/detail/CVE-2026-20131 CVSS=10.0 EPSS=0.006 Score=170.7 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&nbsp;on an affected device. This vulnerability is due to insecure deserialization of a user-suppli Wed, 18 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-20131 https://nvd.nist.gov/vuln/detail/CVE-2026-3910 CVSS=8.8 EPSS=0.015 Score=164.6 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Thu, 12 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-3910 https://nvd.nist.gov/vuln/detail/CVE-2025-54068 CVSS=0.0 EPSS=0.489 Score=163.6 | Laravel Livewire Code Injection Vulnerability Thu, 19 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-54068 https://nvd.nist.gov/vuln/detail/CVE-2026-3909 CVSS=8.8 EPSS=0.005 Score=163.4 | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Thu, 12 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-3909 https://nvd.nist.gov/vuln/detail/CVE-2026-5281 CVSS=8.8 EPSS=0.000 Score=162.8 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Tue, 31 Mar 2026 22:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-5281 https://nvd.nist.gov/vuln/detail/CVE-2025-53521 CVSS=0.0 EPSS=0.414 Score=154.7 | F5 BIG-IP Stack-Based Buffer Overflow Vulnerability Thu, 26 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-53521 https://nvd.nist.gov/vuln/detail/CVE-2026-3502 CVSS=7.8 EPSS=0.000 Score=151.8 | TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code executio Wed, 01 Apr 2026 22:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-3502 https://nvd.nist.gov/vuln/detail/CVE-2025-26399 CVSS=0.0 EPSS=0.282 Score=138.9 | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability Sun, 08 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-26399 https://nvd.nist.gov/vuln/detail/CVE-2025-47813 CVSS=0.0 EPSS=0.204 Score=129.5 | Wing FTP Server Information Disclosure Vulnerability Sun, 15 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-47813 https://nvd.nist.gov/vuln/detail/CVE-2021-22681 CVSS=0.0 EPSS=0.129 Score=120.5 | Rockwell Multiple Products Insufficient Protected Credentials Vulnerability Wed, 04 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2021-22681 https://nvd.nist.gov/vuln/detail/CVE-2025-66376 CVSS=0.0 EPSS=0.100 Score=117.0 | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability Tue, 17 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-66376 https://nvd.nist.gov/vuln/detail/CVE-2026-20963 CVSS=0.0 EPSS=0.062 Score=112.4 | Microsoft SharePoint Deserialization of Untrusted Data Vulnerability Tue, 17 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-20963 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 CVSS=0.0 EPSS=0.013 Score=106.5 | Apple Multiple Products Integer Overflow or Wraparound Vulnerability Wed, 04 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2025-43520 CVSS=0.0 EPSS=0.005 Score=105.6 | Apple Multiple Products Classic Buffer Overflow Vulnerability Thu, 19 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-43520 https://nvd.nist.gov/vuln/detail/CVE-2025-43510 CVSS=0.0 EPSS=0.005 Score=105.5 | Apple Multiple Products Improper Locking Vulnerability Thu, 19 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-43510 https://nvd.nist.gov/vuln/detail/CVE-2025-31277 CVSS=0.0 EPSS=0.002 Score=105.2 | Apple Multiple Products Buffer Overflow Vulnerability Thu, 19 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2025-31277 https://nvd.nist.gov/vuln/detail/CVE-2023-41974 CVSS=0.0 EPSS=0.002 Score=105.2 | Apple iOS and iPadOS Use-After-Free Vulnerability Wed, 04 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2023-41974 https://nvd.nist.gov/vuln/detail/CVE-2023-43000 CVSS=0.0 EPSS=0.001 Score=105.1 | Apple Multiple products Use-After-Free Vulnerability Wed, 04 Mar 2026 23:00:00 +0000 https://nvd.nist.gov/vuln/detail/CVE-2023-43000 https://nvd.nist.gov/vuln/detail/GHSA-9q7v-8mr7-g23p CVSS=0.0 EPSS=0.000 Score=65.0 | ## Summary SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery ## Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configur Thu, 02 Apr 2026 21:22:57 +0000 https://nvd.nist.gov/vuln/detail/GHSA-9q7v-8mr7-g23p https://nvd.nist.gov/vuln/detail/CVE-2026-35393 CVSS=9.8 EPSS=0.000 Score=63.8 | ### Summary * POST multipart upload directory not sanitized | `httpserver/updown.go:71-174` This finding affect the default configuration, no flags or authentication required. ### Details **File:** `httpserver/updown.go:71-174` **Trigger:** `POST /<path>/upload` (server.go:49-51 checks `HasSuffix Fri, 03 Apr 2026 04:08:21 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-35393 https://nvd.nist.gov/vuln/detail/CVE-2026-35392 CVSS=9.8 EPSS=0.000 Score=63.8 | ### Summary * PUT upload has no path sanitization | `httpserver/updown.go:20-69` This finding affects the default configuration, no flags or authentication required. ### Details **File:** `httpserver/updown.go:20-69` **Trigger:** `PUT /<path>` (server.go:57-59 routes directly to `put()`) The han Fri, 03 Apr 2026 04:07:55 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-35392 https://nvd.nist.gov/vuln/detail/CVE-2026-35171 CVSS=9.8 EPSS=0.000 Score=63.8 | ### Impact This is a **critical Remote Code Execution (RCE)** vulnerability caused by unsafe use of `logging.config.dictConfig()` with user-controlled input. Kedro allows the logging configuration file path to be set via the `KEDRO_LOGGING_CONFIG` environment variable and loads it without validati Fri, 03 Apr 2026 03:48:49 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-35171 https://nvd.nist.gov/vuln/detail/GHSA-37v6-fxx8-xjmx CVSS=0.0 EPSS=0.000 Score=60.0 | ## Summary Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding ## Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped v2026.3.28 replay hashing treated equivalent Telnyx Base64/Base64URL signatures as distinct requests, but signature verif Fri, 03 Apr 2026 02:58:18 +0000 https://nvd.nist.gov/vuln/detail/GHSA-37v6-fxx8-xjmx https://nvd.nist.gov/vuln/detail/GHSA-hhq4-97c2-p447 CVSS=0.0 EPSS=0.000 Score=60.0 | ## Summary Zalo webhook replay cache cross-target messageId scope bypass ## Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: v2026.3.28 replay dedupe is still keyed too broadly, but the issue should stay scoped to authenticated sibling-target delivery paths rather Thu, 02 Apr 2026 20:59:11 +0000 https://nvd.nist.gov/vuln/detail/GHSA-hhq4-97c2-p447 https://nvd.nist.gov/vuln/detail/GHSA-89r3-6x4j-v7wf CVSS=0.0 EPSS=0.000 Score=60.0 | ## Summary Voice-call Plivo replay mutates in-process callback origin before replay rejection ## Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: v2026.3.28 can still mutate Plivo callback origin before replay rejection, but this needs a captured valid callback fo Thu, 02 Apr 2026 20:57:06 +0000 https://nvd.nist.gov/vuln/detail/GHSA-89r3-6x4j-v7wf https://nvd.nist.gov/vuln/detail/CVE-2026-34976 CVSS=10.0 EPSS=0.000 Score=60.0 | The `restoreTenant` admin mutation is missing from the authorization middleware config (`admin.go:499-522`), making it completely unauthenticated. Unlike the similar `restore` mutation which requires Guardian-of-Galaxy authentication, `restoreTenant` executes with zero middleware. This mutation acc Thu, 02 Apr 2026 20:44:38 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-34976 https://nvd.nist.gov/vuln/detail/CVE-2026-35168 CVSS=8.8 EPSS=0.001 Score=57.9 | ## Description The Aggiornamenti (Updates) module in OpenSTAManager <= 2.10.1 contains a database conflict resolution feature (`op=risolvi-conflitti-database`) that accepts a JSON array of SQL statements via POST and executes them directly against the database without any validation, allowlist, or Fri, 03 Apr 2026 03:47:38 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-35168 https://nvd.nist.gov/vuln/detail/CVE-2026-35039 CVSS=9.1 EPSS=0.000 Score=54.6 | ## Impact Setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification process leading to: - Valid tokens returning claims from different valid tokens - Fri, 03 Apr 2026 04:07:10 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-35039 https://nvd.nist.gov/vuln/detail/CVE-2026-34950 CVSS=9.1 EPSS=0.000 Score=54.6 | ### Summary The fix for GHSA-c2ff-88x2-x9pg (CVE-2023-48223) is incomplete. The publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that the CVE patched. ### Deta Thu, 02 Apr 2026 20:37:54 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-34950 https://nvd.nist.gov/vuln/detail/CVE-2026-34774 CVSS=8.1 EPSS=0.000 Score=53.6 | ### Impact Apps that use offscreen rendering and allow child windows via `window.open()` may be vulnerable to a use-after-free. If the parent offscreen `WebContents` is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a cra Fri, 03 Apr 2026 02:42:31 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-34774 https://nvd.nist.gov/vuln/detail/CVE-2026-34780 CVSS=8.4 EPSS=0.000 Score=50.4 | ### Impact Apps that pass `VideoFrame` objects (from the WebCodecs API) across the `contextBridge` are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world (for example, via XSS) can use a bridged `VideoFrame` to gain access to the isolated world, includ Fri, 03 Apr 2026 02:46:57 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-34780 https://nvd.nist.gov/vuln/detail/CVE-2026-28815 CVSS=7.5 EPSS=0.000 Score=50.0 | ### Summary The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI Fri, 03 Apr 2026 03:39:42 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-28815 https://nvd.nist.gov/vuln/detail/CVE-2026-35036 CVSS=7.5 EPSS=0.000 Score=50.0 | ### Summary Ech0 implements **link preview** (editor fetches a page title) through **`GET /api/website/title`**. That is **legitimate product behavior**, but the implementation is **unsafe**: the route is **unauthenticated**, accepts a **fully attacker-controlled URL**, performs a **server-side GET Fri, 03 Apr 2026 03:30:55 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-35036 https://nvd.nist.gov/vuln/detail/CVE-2026-34771 CVSS=7.5 EPSS=0.000 Score=50.0 | ### Impact Apps that register an asynchronous `session.setPermissionRequestHandler()` may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, in Fri, 03 Apr 2026 02:40:26 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-34771 https://nvd.nist.gov/vuln/detail/GHSA-ghc5-95c2-vwcv CVSS=8.2 EPSS=0.000 Score=49.2 | ### Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. ### Am I Affected? Consumers are affected if their application meets the following preconditions: Fri, 03 Apr 2026 03:44:13 +0000 https://nvd.nist.gov/vuln/detail/GHSA-ghc5-95c2-vwcv https://nvd.nist.gov/vuln/detail/GHSA-vfpx-q664-h93m CVSS=8.2 EPSS=0.000 Score=49.2 | ### Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. ### Am I Affected? Consumers are affected if their application meets the following preconditions: Fri, 03 Apr 2026 03:43:13 +0000 https://nvd.nist.gov/vuln/detail/GHSA-vfpx-q664-h93m https://nvd.nist.gov/vuln/detail/GHSA-fmg6-246m-9g2v CVSS=8.2 EPSS=0.000 Score=49.2 | ### Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. ### Am I Affected? You are affected if you meet the following preconditions: - Applications usin Fri, 03 Apr 2026 03:41:07 +0000 https://nvd.nist.gov/vuln/detail/GHSA-fmg6-246m-9g2v https://nvd.nist.gov/vuln/detail/CVE-2024-24762 CVSS=7.5 EPSS=0.034 Score=49.1 | ### Summary When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely ( Fri, 03 Apr 2026 19:13:44 +0000 https://nvd.nist.gov/vuln/detail/CVE-2024-24762 https://nvd.nist.gov/vuln/detail/CVE-2026-35037 CVSS=7.2 EPSS=0.000 Score=48.2 | ## Summary The `GET /api/website/title` endpoint accepts an arbitrary URL via the `website_url` query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal net Fri, 03 Apr 2026 03:33:01 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-35037 https://nvd.nist.gov/vuln/detail/CVE-2026-35167 CVSS=7.1 EPSS=0.000 Score=47.6 | ### Impact The `_get_versioned_path()` method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended v Fri, 03 Apr 2026 03:46:48 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-35167 https://nvd.nist.gov/vuln/detail/CVE-2026-34770 CVSS=7.0 EPSS=0.000 Score=47.0 | ### Impact Apps that use the `powerMonitor` module may be vulnerable to a use-after-free. After the native `PowerMonitor` object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change Fri, 03 Apr 2026 02:39:56 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-34770 https://nvd.nist.gov/vuln/detail/CVE-2026-34769 CVSS=7.8 EPSS=0.000 Score=46.8 | ### Impact An undocumented `commandLineSwitches` webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct `webPreferences` by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable rendere Fri, 03 Apr 2026 02:39:16 +0000 https://nvd.nist.gov/vuln/detail/CVE-2026-34769