Tag: cve
-
New Critical AdGuard Home Flaw Lets Attackers Bypass Authentication
AdGuard Home, a highly popular network-wide ad and tracker blocking solution, has recently issued an emergency security hotfix to address a critical flaw. This severe vulnerability, officially tracked under the identifier CVE-2026-32136, has been assigned a maximum severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System scale. The security defect enables…
-
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Tags: access, backup, control, cve, data, exploit, flaw, group, infrastructure, ransomware, rce, remote-code-execution, update, veeam, vulnerabilityPatches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately.…
-
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Tags: access, backup, control, cve, data, exploit, flaw, group, infrastructure, ransomware, rce, remote-code-execution, update, veeam, vulnerabilityPatches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately.…
-
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Tags: access, backup, control, cve, data, exploit, flaw, group, infrastructure, ransomware, rce, remote-code-execution, update, veeam, vulnerabilityPatches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately.…
-
Google fixed two new actively exploited flaws in the Chrome browser
Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild. Google has released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws. >>Google is aware that exploits for…
-
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.The list of vulnerabilities is as follows -CVE-2026-3909 (CVSS score: 8.8) – An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory…
-
Two Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious Code
Google has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wild. Users are strongly advised to update their browsers immediately to protect against potential malicious…
-
OpenSSH GSSAPI Flaw Can Be Exploited to Crash SSH Child Processes
A newly discovered vulnerability in the GSSAPI Key Exchange patch for OpenSSH is putting multiple Linux distributions at risk. Tracked as CVE-2026-3497, the flaw allows unauthenticated attackers to crash SSH child processes using a single crafted packet. This leads to reliable denial-of-service conditions and to privilege separation boundary violations. The issue was discovered by security…
-
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution.The vulnerabilities are as follows -CVE-2026-21666 (CVSS score: 9.9) – A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.CVE-2026-21667 ( First seen…
-
Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites
An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data. An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on…
-
Nur wer seine Supply Chain kennt, kann sie auch schützen Flut täuscht über reale Gefahren in der Software-Lieferkette hinweg
First seen on security-insider.de Jump to article: www.security-insider.de/software-supply-chain-software-lieferkette-lars-francke-a-dcb083a3a6f9e55c6823e937431d412b/
-
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit.The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content.…
-
U.S. CISA adds a flaw in n8n to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in n8n to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an n8n flaw, tracked as CVE-2025-68613 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. n8n is a workflow automation platform designed for technical teams that combines the…
-
Palo Alto Cortex XDR Broker Vulnerability Exposes Systems to Sensitive Information Theft and Modification
Palo Alto Networks has issued a security advisory regarding a newly discovered vulnerability in its Cortex XDR Broker Virtual Machine (VM). Tracked as CVE-2026-0231, this medium-severity flaw could allow a threat actor to access and modify sensitive system information. Because the Broker VM acts as a critical bridge between on-premises network assets and the cloud-based…
-
Palo Alto Cortex XDR Broker Vulnerability Exposes Systems to Sensitive Information Theft and Modification
Palo Alto Networks has issued a security advisory regarding a newly discovered vulnerability in its Cortex XDR Broker Virtual Machine (VM). Tracked as CVE-2026-0231, this medium-severity flaw could allow a threat actor to access and modify sensitive system information. Because the Broker VM acts as a critical bridge between on-premises network assets and the cloud-based…
-
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution.The vulnerabilities are listed below -CVE-2026-27577 (CVSS score: 9.4) – Expression sandbox escape leading to remote code execution (RCE)CVE-2026-27493 (CVSS score: 9.5) – Unauthenticated First seen on thehackernews.com Jump…
-
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems.The vulnerabilities in question listed below -CVE-2019-17571 (CVSS score: 9.8) – A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO)CVE-2026-27685 (CVSS score: 9.1) – An insecure deserialization First seen on thehackernews.com…
-
Hewlett Packard Enterprise fixes critical authentication bypass in Aruba AOS-CX
Hewlett Packard Enterprise (HPE) fixed several flaws in Aruba AOS-CX, including a critical bug that lets attackers reset admin passwords. Hewlett Packard Enterprise (HPE) patched multiple vulnerabilities in Aruba AOS-CX, the operating system used in Aruba CX switches. The most severe issue, tracked as CVE-2026-23813 (CVSS score of 9.8), allows unprivileged attackers to bypass authentication…
-
Critical Vulnerability in Microsoft Office Allows Malicious Code to Run Remotely
Tags: cve, cvss, cyber, flaw, malicious, microsoft, office, remote-code-execution, threat, vulnerabilityMicrosoft has disclosed a critical security flaw in its Microsoft Office suite, officially tracked as CVE-2026-26110. Released on March 10, 2026, this Remote Code Execution (RCE) vulnerability poses a significant threat to organizations and individuals relying on the widely used productivity software. With a base CVSS score of 8.4, the flaw demands immediate attention from…
-
Microsoft Active Directory Flaw Allows Attackers to Escalate Privileges
Microsoft has released a critical security update addressing a high-severity elevation of privilege vulnerability in Active Directory Domain Services (AD DS). This flaw, patched during the March 10, 2026, Patch Tuesday rollout, poses a significant threat to enterprise identity infrastructure by allowing attackers to gain SYSTEM-level access. Tracked as CVE-2026-25177, this security defect carries a…
-
Microsoft .NET 0-Day Flaw Opens Doors for Denial of Service Attacks
Microsoft’s March 2026 Patch Tuesday has addressed a zero-day vulnerability in the .NET framework, officially tracked as CVE-2026-26127. Disclosed publicly before a patch was available, this flaw allows unauthenticated remote attackers to trigger a denial of service (DoS) condition against applications running on affected .NET environments. The vulnerability has been categorized as an out-of-bounds read…
-
Microsoft Patches 83 CVEs in March Update
For a change, there’s little in this month’s Patch Tuesday that should cause panic, according to security experts. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-patches-83-cves-march-update
-
March Patch Tuesday: Three high severity holes in Microsoft Office
aadsshlogin package. Systems with the extension already installed have packages.microsoft.com configured automatically, so no additional setup is required.”The cloud ecosystem doesn’t really handle patching well,” Reguly said. “It’s a relatively immature process, and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs…
-
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub. This month’s update includes patches…
-
CISA shortens patch deadline for critical Ivanti, SolarWinds bugs
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399, a critical vulnerability impacting the popular SolarWinds Web Help Desk. First seen on therecord.media Jump to article: therecord.media/cisa-shortens-patch-deadline-ivanti-solarwinds
-
CISA Alerts on Ivanti Endpoint Manager Vulnerability Auth Bypass Exploited in the Wild
Tags: access, authentication, cisa, credentials, cve, cyber, cybersecurity, data, endpoint, exploit, infrastructure, ivanti, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed security vulnerability affecting Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) Catalog, warning that the issue is being actively exploited in the wild. The vulnerability, tracked as CVE-2026-1603, allows attackers to bypass authentication protections and potentially access sensitive credential data…
-
OpenClaw Advisory Surge Highlights Blind Spot Between GitHub and CVE Vulnerability Tracking
OpenClaw’s rapid rise has accidentally exposed how far GitHub’s advisory ecosystem has drifted from traditional CVE”‘centric vulnerability tracking. Within roughly three weeks, the project published more than 200 GitHub Security Advisories (GHSA), and its advisory page now lists around 255 disclosures covering command execution controls, authorization checks, allowlist logic, and plugin boundaries. Only a subset…
-
Gogs Flaw Could Let Attackers Quietly Overwrite Large File Storage Data
Tags: attack, cve, cyber, data, exploit, flaw, open-source, software, supply-chain, threat, vulnerabilityA critical security vulnerability has been identified in Gogs, a widely used open-source self-hosted Git service. / Tracked as CVE-2026-25921, this flaw allows unauthenticated attackers to silently overwrite Git Large File Storage (LFS) objects across any repository. By exploiting a lack of content verification, threat actors can conduct stealthy software supply-chain attacks, replacing legitimate project…