NVD disclosure day

Published threat advisories for March 26, 2026

CVE-2026-34352

TigerVNC: Unauthorized Screen Access and Manipulation Risk.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An incorrect permission flaw in TigerVNC's x0vncserver can let unauthorized users view or alter screen content, or crash applications. This exposes organizations to risks of data compromise and system disruption.

NVD published: March 26, 2026

CVE advisoryCRITICAL

CVE-2026-4809

Laravel package allows uploading dangerous files to take control of systems

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical flaw in the Laravel-mediable package allows attackers to upload malicious code as images, potentially taking control of your systems if they handle file uploads. There is no patch available, so immediate review is needed for any applications using this package.

NVD published: March 26, 2026