Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

CVE-2025-33248

creationtimestamp| type| source ---|---|--- 2026-03-24 22:02:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhtlasduad2x 2026-03-24 22:06:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhtljf7zrq2r 2026-03-24 22:09:34+00:00| seen|...

CVE-2026-33511

creationtimestamp| type| source ---|---|--- 2026-03-24 19:16:30+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33511...

CVE-2026-33345

creationtimestamp| type| source ---|---|--- 2026-03-24 19:16:29+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33345...

CVE-2026-33332

creationtimestamp| type| source ---|---|--- 2026-03-24 19:16:28+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33332...

MAL-2026-2392 Malicious code in stormbreaker-shade (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c845d690b6091601683bf61bdd858e5579c2fd4d33b770806b1bb113e9533f1 The package stormbreaker-shade was found to contain malicious code...

MAL-2026-2389 Malicious code in spectral-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b458f8a3676b73711c711d763768712cc0bf1f7fb7233a87fb8b5817b7c509c The package spectral-module was found to contain malicious code...

Malicious code in onb-enrichment (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ce0c5fb4cfe81321cd7c89306b2049a57e60bffd84f128d9f72f11aaa4d0223 The package onb-enrichment was found to contain malicious code...

MAL-2026-2376 Malicious code in nf-promise-state-machine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc012f9411ceaa957f4b364f6b1443d3244155de13f5fc0ccb759ad682bd0ae7 The package nf-promise-state-machine was found to contain malicious code...

MAL-2026-2361 Malicious code in env-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 641ecb34e7cfa3af77893add29d18b3c9c1e2b95012ff76c775a7bd8ca97ea4b The package env-express was found to contain malicious code...

MAL-2026-2344 Malicious code in codeanalysis-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 074f4becc66a4df6fc176ded01c8ab217ae4bbc356a0c843a8258af14692f159 The package codeanalysis-common was found to contain malicious code...

CVE-2026-33700

creationtimestamp| type| source ---|---|--- 2026-03-24 15:16:35+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33700...

CVE-2026-33473

creationtimestamp| type| source ---|---|--- 2026-03-24 15:16:33+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33473...

CVE-2026-4742

creationtimestamp| type| source ---|---|--- 2026-03-24 03:17:30+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4742...

CVE-2026-4737

creationtimestamp| type| source ---|---|--- 2026-03-24 03:17:27+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4737...

CVE-2026-4736

creationtimestamp| type| source ---|---|--- 2026-03-24 03:17:26+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4736...

CVE-2026-4679

creationtimestamp| type| source ---|---|--- 2026-03-24 01:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260324 2026-03-24 02:24:28+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhrjgvilqj2p 2026-03-24 02:49:36+00:00|...

CVE-2026-3533

creationtimestamp| type| source ---|---|--- 2026-03-24 00:05:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhrbo36xep2p 2026-03-24 00:23:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhrcp2nvyn2s...

CVE-2026-33634

CVE-2026-33634 is tied to a supply-chain compromise involving Aqua Security Trivy. Concrete details show: (1) affected items include Trivy binary/image v0.69.4, and GitHub Actions components aquasecurity/trivy-action (versions 0.0.1–0.34.2, 76/77 forced-pushed) and aquasecurity/setup-trivy (0.2.0...

CVE-2026-33680

creationtimestamp| type| source ---|---|--- 2026-03-23 21:45:26+00:00| published-proof-of-concept| https://github.com/go-vikunja/vikunja/security/advisories/GHSA-8hp8-9fhr-pfm9 2026-03-24 15:16:35+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33680...