circlNetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368
#citrix #vulnerabilitymanagement #vulnerability
https://vulnerability.circl.lu/bundle/1ae9c3df-c65f-4755-b3a9-4d76f8c0e772
Yazoul - Cybersecurity Alerts⚠️ New security advisory:
CVE-2019-25578 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2019-25578-phptransformer-sql-injection
🚨 New security advisory:
CVE-2019-25614 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2019-25614-free-float-ftp-buffer-overflow
🔶 New security advisory:
CVE-2026-33226 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33226-budibase-ssrf-vulnerability-restrict-access-immediately
Alexandre Dulaunoycpe-guesser 2.0 released - Multi-Source CPE Imports, Better Ranking, and Greater Autonomy Beyond NVD
Version 2.0 brings major improvements to CPE import, ranking, and CVE v5 data handling. This release focuses on better import performance, broader format support, improved search relevance, and more robust indexing for vendor and product matching.
A notable change in this release is that cpe-guesser is no longer limited to NVD as its only practical CPE source. In addition to the NVD feeds, it can also leverage the Vulnerability-Lookup dump available at https://vulnerability.circl.lu/dumps/ , providing additional CPE sources and more autonomy from the previously NVD-only source model.
This release lays an important foundation for improving the GCVE ecosystem, especially by strengthening vendor and product references through better CPE source diversity, indexing, and matching capabilities. If you have ideas for further improvements, additional data sources, or better ways to refine vendor and product identification, we would be very happy to hear your feedback.
https://www.vulnerability-lookup.org/2026/03/22/cpe-guesser-2.0-released/
https://github.com/vulnerability-lookup/cpe-guesser
#gcve #cve #opensource #cpe #vulnerability #vulnerabilitymanagement
⛔ New security advisory:
CVE-2026-33186 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33186-grpc-go-authorization-bypass-patch-critical-flaw
Yazoul - Cybersecurity Alerts🔴 New security advisory:
CVE-2026-21992 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-21992-oracle-fusion-middleware-critical-vulnerability
Critical: Oracle Fusion Middleware Critical Vulnerability (CVE-2026-21992) - Patch Now | Yazoul Security
Critical 9.8 CVSS flaw in Oracle Identity Manager & Web Services Manager allows unauthenticated remote attackers to fully compromise systems via HTTP. Immediate patching is required.
🔴 New security advisory:
CVE-2026-21992 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-21992-oracle-fusion-middleware-critical-vulnerability
Critical: Oracle Fusion Middleware Critical Vulnerability (CVE-2026-21992) - Patch Now | Yazoul Security
Critical 9.8 CVSS flaw in Oracle Identity Manager & Web Services Manager allows unauthenticated remote attackers to fully compromise systems via HTTP. Immediate patching is required.
gcve-eu-kev updated — a CISA KEV and ENISA CNW/EUVD to GCVE BCP-07 converter.
It now also includes a generic RSS/Atom exporter for any GCVE KEV BCP-07 feed.
#cybersecurity #gcve #kev #cve #vulnerability #vulnerabilitymanagement
🔗 https://github.com/gcve-eu/gcve-eu-kev
🔗 https://gcve.eu/bcp/gcve-bcp-07/
🔴 New security advisory:
CVE-2026-32191 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32191-microsoft-bing-images-os-command-injection
Critical: Microsoft Bing Images OS Command Injection (CVE-2026-32191) - Critical Fix Required | Yazoul Security
Critical OS command injection vulnerability in Microsoft Bing Images (CVE-2026-32191, CVSS 9.8) allows remote attackers to execute arbitrary code. Immediate action is required.