CVE-2026-33057

creationtimestamp| type| source ---|---|--- 2026-03-17 20:58:18+00:00| published-proof-of-concept| https://github.com/mesop-dev/mesop/security/advisories/GHSA-gjgx-rvqr-6w6v 2026-03-20 07:16:11+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-33057 2026-03-...

CVE-2026-2809

Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow a privileged user to trigger an integer overflow within the DLL Injector, leading to a Blue-Screen-of-Death BSOD. Successful...

CVE-2026-2809 Endpoint DLP Driver DLL

Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow a privileged user to trigger an integer overflow within the DLL Injector, leading to a Blue-Screen-of-Death BSOD. Successful...

CVE-2026-20726

creationtimestamp| type| source ---|---|--- 2026-03-17 19:30:40+00:00| seen| https://infosec.place/objects/5bdcc101-bda7-4b18-b21b-304536505c2e...

CVE-2025-64776

creationtimestamp| type| source ---|---|--- 2026-03-17 19:00:39+00:00| seen| https://infosec.place/objects/946dac59-cc7f-42d7-b268-7000d5f5a896...

CVE-2025-62500

creationtimestamp| type| source ---|---|--- 2026-03-17 19:00:11+00:00| seen| https://infosec.place/objects/4f3190b0-b252-4462-908e-c8ab9a64a8a6...

CVE-2026-28519

creationtimestamp| type| source ---|---|--- 2026-03-17 17:00:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhbh4h2rtx2u...

CVE-2026-3839

creationtimestamp| type| source ---|---|--- 2026-03-17 15:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhbbjigfj62a...

CVE-2026-4148

creationtimestamp| type| source ---|---|--- 2026-03-17 15:16:23+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4148 2026-03-17 18:24:13+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116245912063981591 2026-03-17 21:02:34+00:00| seen|...

CVE-2026-3838

creationtimestamp| type| source ---|---|--- 2026-03-17 15:00:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhbafueub62m...

CVE-2019-9012

creationtimestamp| type| source ---|---|--- 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

Insufficient validation of PAX extensions during extraction

In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by silently skipping a malform...

CVE-2026-32761

creationtimestamp| type| source ---|---|--- 2026-03-17 07:15:40+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-68j5-4m99-w9w9 2026-03-19 23:16:17+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-32761...

CVE-2026-33067

creationtimestamp| type| source ---|---|--- 2026-03-17 00:49:57+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-mvpm-v6q4-m2pf 2026-03-20 10:09:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhibldx3oz27...

CVE-2026-23555

creationtimestamp| type| source ---|---|--- 2026-03-17 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0304/ 2026-03-17 13:25:26+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhb34ejclh2b 2026-03-23 08:13:15+00:00| seen|...

CVE-2026-3644

creationtimestamp| type| source ---|---|--- 2026-03-17 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0302/ 2026-03-17 13:30:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhb3er3v2c2v 2026-04-02 12:01:00+00:00| seen|...

Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

Summary Kargo's built-in http and http-download promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go‎. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...

GHSA-J94X-8WCP-X7HM Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

Summary Kargo's built-in http and http-download promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits...

CVE-2026-30875

creationtimestamp| type| source ---|---|--- 2026-03-16 19:16:18+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-30875 2026-03-18 22:14:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhej5imvn22t 2026-03-22 11:40:09+00:00| seen|...