Wordfence Bug Bounty Program Monthly Report – March 2026

In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...

CVE-2026-21023

The vulnerability CVE-2026-21023 affects PackageManagerService prior to SMR Mar-2026 Release 1, enabling local attackers to modify installation restrictions on specific apps. Root cause: insufficient verification of data authenticity in PackageManagerService. Impact per the sources: trivial local...

CVE-2026-40873 mailcow: dockerized vulnerable to stored XSS in Quarantine attachment filenames

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the Quarantine details modal injects attachment filenames into HTML without escaping, allowing arbitrary HTML/JS execution. An attacker can deliver an email with a crafted attachment name s...

Security Updates for Microsoft Windows Admin Center in Azure Portal (March 2026)

The Microsoft Windows Admin Center in Azure Portal installed on the remote host is missing a security update. It is, therefore, affected by a vulnerability: - Elevation of Privilege vulnerability in Windows Admin Center in Azure Portal CVE-2026-23660 Note that Nessus has not tested for this issue...

PT-2026-30819

Name of the Vulnerable Software and Affected Versions Weaver Fanwei E-cology versions 10.0 through 20260311 Description An unauthenticated remote code execution flaw exists due to exposed debug functionality. Attackers can execute arbitrary system commands by sending crafted POST requests to the...

Security Bulletin: NVIDIA Jetson and IGX Devices - March 2026

NVIDIA has released a software update for NVIDIA® Jetson Linux. To protect your system, download and install this software update from the APT server or Jetson Download Center page, Jetson Linux Link and IGX Link. Go to NVIDIA Product Security...

Fedora 42 : dotnet9.0 (2026-8ae04c01e3)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8ae04c01e3 advisory. This is the March 2026 release of .NET 9. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.14/9.0.115.md - Runtime:...

Fedora 42 : dotnet8.0 (2026-66c97240f2)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-66c97240f2 advisory. This is the March 2026 release of .NET 8 Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.25/8.0.125.md - Runtime:...

CVE-2026-33881

creationtimestamp| type| source ---|---|--- 2026-03-27 23:27:55+00:00| seen| Telegram/9UoOcMml4hO1LPqEQWig8KjS1ZNRBXJeCq-u3-UaU0LNh0...

CVE-2026-34395

creationtimestamp| type| source ---|---|--- 2026-03-27 18:42:39+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-77jp-mgcw-rfmr...

CVE-2026-33686

creationtimestamp| type| source ---|---|--- 2026-03-26 22:18:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhyn3ypzwa2x 2026-03-26 22:18:36+00:00| seen| https://bsky.app/profile/potato.software/post/3mhyn3zn4td2z 2026-03-26 22:56:19+00:00| seen|...

CVE-2026-33494

creationtimestamp| type| source ---|---|--- 2026-03-26 18:01:14+00:00| seen| https://infosec.exchange/users/offseq/statuses/116296782554333231 2026-03-26 18:01:16+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhy6pudmxi2j 2026-03-26 19:04:07+00:00| seen|...

CVE-2026-20989

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font...

Security Bulletin: IBM Operational Decision Manager for March 2026 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-41254...

CVE-2026-33917

creationtimestamp| type| source ---|---|--- 2026-03-26 01:00:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhwfokbfmu2d 2026-03-26 01:01:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhwfpllrut2r 2026-03-28 12:00:16+00:00| seen|...

Fedora 44 : dotnet8.0 (2026-702a03ac4d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-702a03ac4d advisory. This is the March 2026 release of .NET 8 Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.25/8.0.125.md - Runtime:...

CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

CVE-2026-22900

creationtimestamp| type| source ---|---|--- 2026-03-23 10:37:14+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-qnap-7 2026-03-23 14:40:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhqc3gk4px2k...

CVE-2019-25615

creationtimestamp| type| source ---|---|--- 2026-03-22 14:38:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhnrj4xfdw2n...

CVE-2026-32710

creationtimestamp| type| source ---|---|--- 2026-03-20 20:20:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjdpvfhp62c 2026-03-20 21:47:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhjilfyatm2o 2026-03-25 14:57:06+00:00| seen|...