Tag: cve
-
Metabase Enterprise RCE Flaw Now Has Public ProofConcept Exploit
Security researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary files on targeted systems. The availability of a public exploit script significantly increases the risk for organizations running unpatched instances…
-
Critical bug in CrowdStrike LogScale let attackers access files
CrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a remote attacker to read arbitrary files from the server filesystem. >>CrowdStrike has released security updates…
-
U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The vulnerability CVE-2024-7399 (CVSS score of 8.8) is…
-
U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The vulnerability CVE-2024-7399 (CVSS score of 8.8) is…
-
Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)
Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2026-3844 (CVSS score of 9.8), in the Breeze Cache WordPress plugin, allowing them to upload files to a server without authentication. The vulnerability has already been used in…
-
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The list of vulnerabilities is below -CVE-2024-57726 (CVSS score: 9.9) – A missing authorization vulnerability in First seen on thehackernews.com…
-
12-year-old Pack2TheRoot bug lets Linux users gain root privileges
‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years. The Pack2TheRoot flaw, tracked as CVE-2026-41651, lets unprivileged users install or remove system packages without authorization, potentially gaining full root access. The vulnerability is rated high severity, CVSS score of 8.8, and has existed for nearly 12…
-
Too Many Vulnerabilities? Here’s How AutoSecT Risk Prioritization Helps!
If your security team is drowning in vulnerabilities, that’s math done wrong. Prioritize your risk with the right vulnerability assessment tool. Here’s why? The volume of vulnerabilities has exploded beyond what any team can realistically handle. 48,185 CVEs were published in 2025, marking a 20.6% increase compared to 2024. Approximately 130 133 new vulnerabilities… First…
-
Too Many Vulnerabilities? Here’s How AutoSecT Risk Prioritization Helps!
If your security team is drowning in vulnerabilities, that’s math done wrong. Prioritize your risk with the right vulnerability assessment tool. Here’s why? The volume of vulnerabilities has exploded beyond what any team can realistically handle. 48,185 CVEs were published in 2025, marking a 20.6% increase compared to 2024. Approximately 130 133 new vulnerabilities… First…
-
Too Many Vulnerabilities? Here’s How AutoSecT Risk Prioritization Helps!
If your security team is drowning in vulnerabilities, that’s math done wrong. Prioritize your risk with the right vulnerability assessment tool. Here’s why? The volume of vulnerabilities has exploded beyond what any team can realistically handle. 48,185 CVEs were published in 2025, marking a 20.6% increase compared to 2024. Approximately 130 133 new vulnerabilities… First…
-
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure.The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data.”A server-side…
-
Hackers Exploit Ollama Model Uploads to Leak Server Data
Cybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows an unauthenticated attacker to steal sensitive server data by simply uploading a maliciously crafted AI model file. How…
-
Hackers Exploit Ollama Model Uploads to Leak Server Data
Cybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows an unauthenticated attacker to steal sensitive server data by simply uploading a maliciously crafted AI model file. How…
-
iOS Flaw Let Deleted Notifications Linger, Apple Issues Fix
Apple fixed an iOS flaw that kept deleted notifications on devices, allowing recovery of messages, including from apps like Signal. Apple released updates for iOS and iPadOS to address the vulnerability CVE-2026-28950, a flaw in Notification Services that stored notifications even after deletion. This logging issue could allow recovery of sensitive data, including messages from…
-
Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950)
Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/cve-2026-28950-iphone-vulnerability-notifications-signal/
-
Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device.The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction.”Notifications marked for deletion could be unexpectedly retained…
-
U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-33825 is a Microsoft Defender flaw that can be exploited…
-
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device.The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction.”Notifications marked for deletion could be unexpectedly retained…
-
EUVD-2025-209440 / CVE-2025-8095 – Unsichere Verschlüsselung bei OpenEdge ermöglicht Cyberangriffe
First seen on security-insider.de Jump to article: www.security-insider.de/progress-openedge-oech1-schwachstelle-passwoerter-a-2c9fe46aaf7108307f5e8e37704de8e1/
-
Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed
More than 1,300 internet-exposed SharePoint servers remain unpatched against CVE-2026-32201, a spoofing flaw Microsoft says was exploited as a zero-day. The post Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-1300-sharepoint-servers-unpatched-zero-day-flaw/
-
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Tags: access, ai, api, attack, authentication, breach, control, credentials, cve, data, framework, hacker, infrastructure, injection, LLM, remote-code-execution, risk, saas, siem, supply-chain, threat, update, vulnerabilityLast week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access…
-
New Mirai campaign exploits RCE flaw in EoL D-Link routers
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-mirai-campaign-exploits-rce-flaw-in-eol-d-link-routers/
-
Microsoft issues outband patch for critical security flaw in update to ASP.NET Core
UseCustomCryptographicAlgorithms API.A bug in the .NET 10.0.6 package, released as part of the Patch Tuesday updates on April 14, causes the ManagedAuthenticatedEncryptor library to compute the validation tag for the Hash-based Message Authentication Code (HMAC) using an incorrect offset.Incorrect calculation of security hashes results in the .AspNetCore application cookies and tokens being validated and trusted…
-
Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers
Mirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting a command injection vulnerability, tracked as CVE-2025-29635, in discontinued D-Link routers, Akamai reports. The flaw allows attackers to inject commands because an attacker-controlled value is copied without…
-
Over 1,300 SharePoint Servers Still Exposed to Actively Exploited Spoofing Flaw
Over 1,300 SharePoint servers remain unpatched against CVE-2026-32201, a spoofing flaw previously exploited as a zero-day. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/over-1300-sharepoint-servers-still-exposed-to-actively-exploited-spoofing-flaw/
-
CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-40372-microsoft-patches-asp-net-core-privilege-escalation-vulnerability/
-
CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-40372-microsoft-patches-asp-net-core-privilege-escalation-vulnerability/
-
Microsoft outband updates fixed critical ASP.NET Core privilege escalation flaw
Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7. An attacker could exploit the flaw to gain SYSTEM-level privileges, access…
-
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges.The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw.”Improper verification of cryptographic First…