Tag: cve
-
Coming Soon: AI-Scan OpenClaw Ecosystem Security Scanning Capabilities
As the OpenClaw ecosystem continues to surge in popularity, more customers are deploying and utilizing these AI agents on a large scale. However, this growth has brought significant security challenges to the forefront, including over 33 documented CVE vulnerabilities, 288+ GHSA security advisories, the rise in malicious Skills, and frequent memory poisoning attacks. The NSFOCUSLLM……
-
CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure
Attackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection. Attackers rapidly exploited a critical vulnerability in LiteLLM Python package, tracked as CVE-2026-42208, just days after it became public. The vulnerability, an SQL injection in the proxy API key verification process, lets attackers access and potentially modify database…
-
CISA Warns of ConnectWise ScreenConnect Flaw Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in ConnectWise ScreenConnect. CVE-2024-1708 is currently being exploited in real-world attacks. Because of this active threat, CISA officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 28, 2026. This addition serves as a major…
-
CISA Warns of ConnectWise ScreenConnect Flaw Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in ConnectWise ScreenConnect. CVE-2024-1708 is currently being exploited in real-world attacks. Because of this active threat, CISA officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 28, 2026. This addition serves as a major…
-
CISA Warns of ConnectWise ScreenConnect Flaw Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in ConnectWise ScreenConnect. CVE-2024-1708 is currently being exploited in real-world attacks. Because of this active threat, CISA officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 28, 2026. This addition serves as a major…
-
CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)
Attackers are exploiting CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability that causes victims’ systems to authenticate the attacker’s server, CISA … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/29/windows-cve-2026-32202-exploited/
-
GitHub Fixes Critical RCE Bug CVE-2026-3854 Within Hours of Discovery
Tags: cloud, cve, cvss, cybersecurity, flaw, github, infrastructure, rce, remote-code-execution, vulnerabilityCybersecurity researchers have revealed critical details about a newly identified RCE vulnerability, tracked as CVE-2026-3854, affecting both GitHub’s cloud infrastructure and GitHub Enterprise Server deployments. The flaw, which carries a high CVSS score of 8.7, could allow an authenticated user to execute arbitrary code on affected systems with a single crafted First seen on thecyberexpress.com…
-
Cursor AI IDE vulnerability allows code execution via hidden Git hooks
Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories. First seen on hackread.com Jump to article: hackread.com/cursor-ai-ide-vulnerability-code-execution-git-hooks/
-
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect First seen on thehackernews.com Jump to…
-
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect First seen on thehackernews.com Jump to…
-
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect First seen on thehackernews.com Jump to…
-
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect First seen on thehackernews.com Jump to…
-
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities are listed below -CVE-2024-1708 (CVSS score: 8.4) – A path traversal vulnerability in ConnectWise ScreenConnect First seen on thehackernews.com Jump to…
-
U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2024-02-21 is a path traversal vulnerability…
-
CISA Warns of Windows Shell Zero-Day Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windows, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered zero-day vulnerability affecting Microsoft Windows. On April 28, 2026, the agency officially added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) catalog. This critical flaw involves a failure of a protection mechanism within the Microsoft Windows Shell, and active exploitation…
-
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI’s LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge.The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be…
-
GitHub.com and Enterprise Server Vulnerability Allows Remote Code Execution
Wiz Research has identified a critical remote code execution (RCE) vulnerability, tracked as CVE-2026-3854, deeply embedded within GitHub’s internal git infrastructure. This high-severity flaw enabled any authenticated user to execute arbitrary commands on backend servers using a single standard git push command. The vulnerability originates from an improper neutralization of special elements during repository push operations. GitHub’s…
-
EUVD-2026-19588 / CVE-2026-34197 Nachrichtenbroker im KEV-Katalog der CISA gelandet
First seen on security-insider.de Jump to article: www.security-insider.de/apache-activemq-code-injection-cve-2026-34197-a-5b9c4a93189d6ccc81551f18658447d7/
-
CVE-2026-3854 GitHub flaw enables remote code execution
Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise…
-
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-are-exploiting-a-critical-litellm-pre-auth-sqli-flaw/
-
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Tags: access, cve, cybersecurity, flaw, github, injection, rce, remote-code-execution, vulnerabilityCybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single “git push” command.The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to…
-
Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks
A critical remote code execution (RCE) vulnerability has been uncovered in Hugging Face’s LeRobot, a popular open-source robotics machine learning framework. Tracked as CVE-2026-25874, the flaw carries a maximum CVSS severity score of 9.8 and allows unauthenticated attackers to execute arbitrary system commands on affected servers. With over 21,500 stars on GitHub, LeRobot’s widespread adoption…
-
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Tags: cve, cybersecurity, data, exploit, flaw, github, open-source, rce, remote-code-execution, vulnerabilityCybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution.The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of…
-
CVE-2026-25874: Hugging Face LeRobot Unauthenticated RCE via Pickle Deserialization
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cve-2026-25874-hugging-face-lerobot-unauthenticated-rce-via-pickle-deserialization
-
Critical LiteLLM Flaw Enables Database Attacks Through SQL Injection
Tags: access, api, attack, authentication, cve, cyber, cybercrime, exploit, flaw, injection, sql, vulnerabilityA critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in the popular LiteLLM gateway, allowing attackers to access databases without credentials. Cybercriminals have already been observed exploiting this flaw to target high-value secrets such as API keys and provider credentials. Overview of the Vulnerability CVE-2026-42208 is a critical flaw in LiteLLM, an…
-
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild.The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday…
-
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild.The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday…
-
Notepad++ Vulnerability Lets Attackers Crash App and Expose Memory Data
A new string injection vulnerability, tracked as CVE-2026-3008, has been discovered in Notepad++ version 8.9.3. This critical flaw allows attackers to crash the application or to instantly and secretly extract sensitive memory information. The Cybersecurity Agency of Singapore (CSA) has issued an urgent advisory urging all users to immediately upgrade to version 8.9.4 to secure…
-
As the NVD scales back CVE enrichment, here’s what Tenable customers need to know
Tags: access, ai, cisa, cloud, cve, cvss, data, data-breach, exploit, infrastructure, intelligence, kev, metric, mitre, nist, nvd, ransomware, risk, software, strategy, technology, threat, vulnerability, vulnerability-management, zero-dayNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that the NVD may now overlook. Key takeaways NIST is pivoting to a prioritized enrichment model, focusing only on specific criteria like…
-
Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting
CVE-2026-6770 let attackers fingerprint Firefox and Tor users, even in Private mode. Firefox 150 and Tor Browser 15.0.10 fixed it. A vulnerability, tracked as CVE-2026-6770, allowed attackers to fingerprint Firefox users, even in Private Browsing, and also impacted the Tor Browser. The flaw worked even when Tor’s New Identity feature was used, bypassing protections meant…