Critical RCE Vulnerabilities in Rocky Linux 10: PostgreSQL 16 Security Patch Analysis (RLSA-2026:3887) Blog com notícias sobre, Linux, Android, Segurança , etc

Critical security advisory for the fediverse: RLSA-2026:3887 patches three RCE vulnerabilities (CVE-2026-2004, CVE-2026-2005, CVE-2026-2006) in PostgreSQL 16 on #Rocky Linux 10. Read more: 👉 tinyurl.com/jaamsfek #Security

Critical RCE Vulnerabilities in Rocky Linux 10: PostgreSQL 16 Security Patch Analysis (RLSA-2026:3887) Blog com notícias sobre, Linux, Android, Segurança , etc

Critical security advisory for the fediverse: RLSA-2026:3887 patches three RCE vulnerabilities (CVE-2026-2004, CVE-2026-2005, CVE-2026-2006) in PostgreSQL 16 on #Rocky Linux 10. Read more: 👉 tinyurl.com/jaamsfek #Security

PostgreSQL、5つの重大な脆弱性を修正(CVE-2026-2004,CVE-2026-2005,CVE-2026-2006,CVE-2026-2007,CVE-2026-2003)|セキュリティとITのニュース-セキュリティ対策Lab PostgreSQLグローバル開発グループは2026年2月12日、サポートされている全てのバージョン（18.2、17.8、16.12、15.16、14.21）に向けたアップデートをリリースしました 。今回のリリースでは、5件のセキュリティ脆弱性と、過去数ヶ月に報告された65件以上のバグが修正されています 。

PostgreSQL、5つの重大な脆弱性を修正(CVE-2026-2004,CVE-2026-2005,CVE-2026-2006,CVE-2026-2007,CVE-2026-2003)

rocket-boys.co.jp/security-mea...

#セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews

🔗 CVE : CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007

CVE-2026-2005 - High

🟠 CVE-2026-2005 - High (8.8)

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary cod...

https://www.thehackerwire.com/vulnerability/CVE-2026-2005/

#infosec #cybersecurity #CVE #vulnerability #security #patchstack

Cybersecurity News | Daily Recap [10 Mar 2026] Daily Recap, CISA added multiple high-severity flaws to the Known Exploited Vulnerabilities catalog, warning that the Ivanti EPM CVE-2026-1603 is actively exploited with over 700 internet-facing instances and federal patching deadlines. The report also notes a critical Nginx UI flaw CVE-2026-27944 fixed in 2.3.3, and coverage of APT campaigns and loader trends including PlugX against Qatar, UAT9244 implants such as PeerTime, TernDoor and BruteEntry, Seedworm and Dust Specter campaigns, UNC4899 breach, and malware like GhostLoader, ClipXDaemon, A0Backdoor, and LummaStealer. #IvantiEPM #CVE-2026-1603 #NginxUI #CVE-2026-27944 #PlugX #UAT9244 #PeerTime #TernDoor #BruteEntry #Seedworm #DustSpecter #Dindoor #UNC4899 #GhostLoader #ClipXDaemon #A0Backdoor #LummaStealer #SalesforceAura #EricssonBreach #React2Shell

CISA adds multiple high-severity flaws to Known Exploited Vulnerabilities catalog: Ivanti EPM CVE-2026-1603 exploited in 700+ instances, Nginx UI CVE-2026-27944 patched in 2.3.3. Ongoing APT campaigns target Qatar. #IvantiEPM #NginxUI #Qatar

Critical #NginxUI vulnerability (CVE-2026-27944) allows unauthenticated attackers to download and decrypt full system backups. Immediate upgrade to version 2.3.3 recommended. #CyberSecurity #DataBreach Link: thedailytechfeed.com/critical-ngi...

Critical Nginx UI flaw CVE-2026-27944 exposes server backups Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data.

Critical Nginx UI flaw CVE-2026-27944 exposes server backups securityaffairs.com/189123/secur...

Nginx-UIに認証不要でバックアップを取得できる重大な脆弱性(CVE-2026-27944)|セキュリティニュースのセキュリティ対策Lab Nginx-UIに、認証なしでシステムバックアップを取得でき、しかも復号に必要な暗号化鍵まで同時に漏えいする重大な脆弱性が公開されました。対象は 0xJacky/nginx-ui の 2.3.3 未満で、修正版は 2.3.3 です。GitHub Advisory DatabaseではCVE-2026-27944として管理され、深刻度はCritical、CVSS 3.1は9.8と評価されています。

Nginx-UIに認証不要でバックアップを取得できる重大な脆弱性(CVE-2026-27944)

rocket-boys.co.jp/security-mea...

#セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews

Unauthenticated Backup Download with Encryption Key Disclosure ## Summary The `/api/backup` endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the `X-Backup-Security` response header. This allow...

🔎 GitHub advisory: github.com/0xJacky/ngin...
💾 View JSON: cveawg.mitre.org/api/cve/CVE-...

VulnWatch Monday: CVE-2026-27944 🔓

A critical vulnerability in Nginx UI allows unauthenticated attackers to download and decrypt full system backups. It affects all versions before 2.3.2.

Critical Nginx UI flaw CVE-2026-27944 exposes server backups

Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data on public management interfaces. A critical vulnerability in Nginx UI, tracked as CVE-2026-…
#hackernews #news

Critical Nginx UI flaw CVE-2026-27944 exposes server backups https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html

Critical Nginx UI flaw CVE-2026-27944 exposes server backups Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data.

重大なNginx UIの欠陥CVE-2026-27944により、サーバーのバックアップが危険にさらされる

Critical Nginx UI flaw CVE-2026-27944 exposes server backups #SecurityAffairs (Mar 8)

securityaffairs.com/189123/secur...

Critical Security Alert: CVE-2026-27944 Exposes Nginx UI Backups and Encryption Keys

Introduction: A Severe Flaw in a Widely Used Web Server Management Tool A newly disclosed security vulnerability has raised serious concerns across the potatosecurity community. The flaw, identified as…

Critical Security Alert: CVE-2026-27944 Exposes Nginx UI Backups and Encryption Keys Introduction: A Severe Flaw in a Widely Used Web Server Management Tool A newly disclosed security vulnerability has raised serious concerns across the cybersecurity community. The flaw, identified as CVE-2026-27944, affects Nginx UI, a popular web-based dashboard used to manage and configure Nginx servers. With a CVSS severity score of 9.8, the issue is classified as critical and represents a significant risk for organizations that expose the Nginx UI management interface to the internet.

Critical Security Alert: CVE-2026-27944 Exposes Nginx UI Backups and Encryption Keys

Introduction: A Severe Flaw in a Widely Used Web Server Management Tool A newly disclosed security vulnerability has raised serious concerns across the cybersecurity community. The flaw, identified as…

Critical Nginx UI flaw CVE-2026-27944 exposes server backups Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data.

Critical Nginx UI flaw CVE-2026-27944 exposes server backups

CVE-2026-27944: Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

CVE-2026-27944 - Critical

🔴 CVE-2026-27944 - Critical (9.8)

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backu...

https://www.thehackerwire.com/vulnerability/CVE-2026-27944/

#infosec #cybersecurity #CVE #vulnerability #security #patchstack

CVE-2026-21536 - Critical

🔴 CVE-2026-21536 - Critical (9.8)

Microsoft Devices Pricing Program Remote Code Execution Vulnerability

https://www.thehackerwire.com/vulnerability/CVE-2026-21536/

#infosec #cybersecurity #CVE #vulnerability #security #patchstack

CVE-2026-21536 - Microsoft Devices Pricing Program Remote Code Execution Vulnerability
CVE ID : CVE-2026-21536

Published : March 5, 2026, 11:16 p.m. | 30 minutes ago

Description : Microsoft Devices Pricing Program Remote Code Execution Vulnerability

Severity: 9.8 | CR...

CVE-2026-21536: CWE-434: Unrestricted Upload of File with Dangerous Type in Micr CVE-2026-21536 is a critical vulnerability identified in the Microsoft Devices Pricing Program, classified under CWE-434, which pertains to the unrestricted upload of files with dangerous types. This vulnerability allows remote attackers to

Critical RCE in Microsoft Devices Pricing Program: CVE-2026-21536 enables unauthenticated file uploads. No patch yet — restrict uploads and monitor now. https://radar.offseq.com/threat/cve-2026-21536-cwe-434-unrestricted-upload-of-file-3dbf1775 #OffSeq #Microsoft #Vulnerability

March Patch Tuesday Commentary From Fortra

By Tyler Reguly, Associate Director, Security R&D, Fortra I’m sure that everyone will be talking about CVE-2026-26118 today. After all, it contains those magical three letters MCP – Must Create Panic! The old adage has changed a little these days to…

[Security Advisory] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection #devopsish groups.google.com/a/...

CVE-2026-3288 - ingress-nginx rewrite-target nginx configuration injection
CVE ID : CVE-2026-3288

Published : March 9, 2026, 9 p.m. | 15 minutes ago

Description : A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingr...

CVE-2026-3288 - ingress-nginx rewrite-target nginx configuration injection
CVE ID : CVE-2026-3288

Published : March 9, 2026, 9 p.m. | 14 minutes ago

Description : A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingr...

CVE-2026-3288 - High

🟠 CVE-2026-3288 - High (8.8)

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-t...

https://www.thehackerwire.com/vulnerability/CVE-2026-3288/

#infosec #cybersecurity #CVE #vulnerability #security #patchstack

CVE-2026-3288 - High

🟠 CVE-2026-3288 - High (8.8)

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-t...

https://www.thehackerwire.com/vulnerability/CVE-2026-3288/

#infosec #cybersecurity #CVE #vulnerability #security #patchstack

CVE-2026-3288 - High

🟠 CVE-2026-3288 - High (8.8)

A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-t...

https://www.thehackerwire.com/vulnerability/CVE-2026-3288/

#infosec #cybersecurity #CVE #vulnerability #security #patchstack

oss-sec: [kubernetes] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection Posted by Tabitha Sable on Mar 09 Hello Kubernetes Community, A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) This issue...

[kubernetes] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection