cyberpress.org
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-15.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-15 2026 | Amazon Redshift JDBC Driver Flaws Enable Remote Code ExecutionRCE | Amazon Redshift JDBC Driver Flaws Enable Remote Code Execution https://ift.tt/dWiYtcb |
| 2026-05-15 2026 | Critical Next.js Flaw Exposes Cloud Credentials API Keys and Admin PanelsAPI Sec | A critical vulnerability in Next.js has been disclosed, posing a significant security risk by potentially exposing sensitive cloud credentials, API keys, and administrative panels. The flaw could allow attackers to gain unauthorized access to these critical resources, impacting the security of applications built with Next.js. Details of the vulnerability and its potential exploitability are outlined in the provided content. No specific bounty payout amount is mentioned in the provided text. |
| 2026-05-14 2026 | Critical WordPress Plugin Flaw Enables Authentication Bypass AttacksAPI Sec | Critical WordPress Plugin Flaw Enables Authentication Bypass Attacks https://ift.tt/DurmUNc |
| 2026-05-14 2026 | Critical Windows DNS Client Flaw Enables Remote Code ExecutionRCE | A critical vulnerability in the Windows DNS client allows for remote code execution, meaning attackers can potentially gain control of a user's computer without any interaction. This is achieved by sending specially crafted DNS responses. The flaw is present in various Windows versions, and Microsoft has released security updates to address it. Users are strongly advised to install these updates promptly to protect their systems from this severe threat. |
| 2026-05-14 2026 | npm Supply Chain Attack Targets GitHub AWS and Kubernetes CredentialsSupply Chain | A supply chain attack has compromised npm, a popular JavaScript package manager. Threat actors injected malicious code into the `event-stream` package, a dependency used by numerous projects. This malicious code was designed to steal sensitive credentials for GitHub, AWS, and Kubernetes. While the exploit was discovered and mitigated, it highlights the significant risks associated with supply chain attacks and the importance of robust security practices for open-source software. |
| 2026-05-14 2026 | TeamPCP and BreachForums Launch $1000 Contest for Supply Chain AttacksSupply Chain | TeamPCP and BreachForums have launched a $1,000 contest focused on supply chain attacks. This initiative aims to encourage researchers and hackers to identify vulnerabilities within software supply chains. The contest highlights the growing concern around the security of software dependencies and the potential for compromise at various stages of the development and distribution process. The $1,000 prize underscores the value placed on discovering and reporting these critical security flaws. |
| 2026-05-14 2026 | New Exim Vulnerability Enables Arbitrary Code Execution AttacksRCE | A critical vulnerability in Exim, a widely used Mail Transfer Agent, has been discovered. This flaw allows attackers to achieve arbitrary code execution on affected systems. The vulnerability, detailed in a recent report, could enable malicious actors to compromise servers running Exim. No specific payout amount for reporting this bug was mentioned in the provided content. |
| 2026-05-14 2026 | 18-Year-Old NGINX Flaw Enables Remote Code Execution AttacksRCE | An 18-year-old vulnerability in NGINX has been discovered that could allow remote code execution (RCE). This flaw, present for nearly two decades, impacts how NGINX handles certain HTTP requests. Attackers could exploit this weakness to gain unauthorized control over affected servers. While the article mentions the discovery of the flaw, it does not specify any bug bounty payout amounts. |
| 2026-05-14 2026 | New MongoDB Vulnerability Risks Remote Code ExecutionRCE | A critical vulnerability has been discovered in MongoDB that could allow attackers to achieve remote code execution. This flaw specifically affects MongoDB versions 6.0.4 and earlier, and 5.0.15 and earlier. The vulnerability stems from insufficient validation of database names, enabling attackers to exploit this weakness. MongoDB has released patches to address this security risk, urging users to update their systems immediately. |
| 2026-05-13 2026 | Critical Fortinet FortiSandbox Flaw Enables Remote Code ExecutionRCE | Critical Fortinet FortiSandbox Flaw Enables Remote Code Execution https://ift.tt/5cRj19N |
| 2026-05-13 2026 | Critical Exim GnuTLS Flaw Enables Remote Code ExecutionRCE | A critical vulnerability in Exim's GnuTLS implementation allows for remote code execution. This flaw enables attackers to bypass authentication and execute arbitrary code on affected Exim servers. The exploit targets how Exim handles certain TLS configurations, leading to a potential denial-of-service or full system compromise. Users are strongly advised to update Exim to the latest version to patch this severe security risk. No bounty payout amount is mentioned in the provided content. |
| 2026-05-12 2026 | Microsoft Warns Of Compromised mistralai PyPI PackagePython | Microsoft has issued a warning about a compromised package named "mistralai" on the Python Package Index (PyPI). The malicious package appears to be an imposter, likely mimicking a legitimate AI model. Details regarding its exact functionality or potential harm are still emerging. Users are strongly advised to avoid installing or using the "mistralai" package from PyPI until further information is available or the issue is resolved. |
| 2026-05-12 2026 | SAP Patches Critical SQL Injection Flaw in SAP S/4HANASQLi | SAP Patches Critical SQL Injection Flaw in SAP S/4HANA https://ift.tt/Uye1D4F |
| 2026-05-12 2026 | Open WebUI File Upload Vulnerability Enables One-Click RCE AttacksRCE | A critical vulnerability in Open WebUI's file upload functionality allows for one-click Remote Code Execution (RCE) attacks. This severe security flaw enables attackers to compromise systems without user interaction. The exploit is easily repeatable, posing a significant risk to users of the Open WebUI application. The extent of potential damage and the specific conditions for exploitation are detailed in the linked advisory. |
| 2026-05-12 2026 | Critical Cline AI Agent Vulnerability Enables Remote Code Execution AttacksRCE | A critical vulnerability has been discovered in the CriticalCline AI Agent that allows for remote code execution (RCE) attacks. This means attackers could potentially gain control of systems running the agent without needing physical access. The exploit could have significant security implications, allowing unauthorized access and manipulation of sensitive data or system functions. Further details on the specific nature of the vulnerability and potential mitigation strategies are available via the provided link. |
| 2026-05-11 2026 | Critical PHP SOAP Extension Flaw Enables Remote Code Execution AttacksRCE | A critical vulnerability has been discovered in the PHP SOAP extension that allows attackers to achieve remote code execution. This flaw poses a significant security risk, enabling malicious actors to potentially compromise systems running vulnerable PHP installations. Further details on the exploit and its impact are available at the provided link. No bounty payout amount is mentioned in the content. |
| 2026-05-11 2026 | New cPanel and WHM Flaws Enable Remote Code Execution and DoS AttacksRCE | New security vulnerabilities have been discovered in cPanel and WHM, two popular web hosting control panels. These flaws allow attackers to execute arbitrary code remotely, which could compromise server security. Additionally, the vulnerabilities can be exploited to launch Denial of Service (DoS) attacks, disrupting website availability. Users of cPanel and WHM are advised to update their systems immediately to patch these critical security risks. The specific bounty payout amount for reporting these issues is not mentioned in the provided content. |
| 2026-05-11 2026 | Python Infostealer Uses GitHub Releases To Bypass Security ToolsPython | A Python infostealer malware is leveraging GitHub Releases to evade detection by security tools. Attackers are uploading malicious payloads disguised as legitimate software updates to GitHub's release pages. This tactic allows them to distribute malware through a trusted platform, making it harder for antivirus and other security solutions to identify and block the threats. The use of GitHub's infrastructure helps the infostealer bypass typical security checkpoints and reach targeted systems more effectively. |
| 2026-05-08 2026 | Multiple Critical Vulnerabilities Patched in Next.js and React Server ComponentsSSRF | Library patches address critical vulnerabilities in Next.js and React Server Components, including CVE-2026-44575 and CVE-2026-44574 for middleware bypasses, CVE-2026-44573 for SSRF in legacy i18n setups, DoS flaws CVE-2026-23870 and CVE-2026-44579, and a critical SSRF in CVE-2026-44578 affecting self-hosted deployments. Developers must update to versions 15.5.16 or 16.2.5. |
| 2026-05-07 2026 | Critical vm2 Vulnerabilities Enable Arbitrary Code Execution AttacksRCE | The vm2 JavaScript sandbox library has critical vulnerabilities allowing arbitrary code execution. These flaws enable attackers to bypass sandbox restrictions and gain control of the host system. The specific nature of the vulnerabilities and their exploitability underscores the significant risk to systems relying on vm2 for sandboxing untrusted code. Users are strongly advised to update to the latest version to mitigate these severe security risks. |
| 2026-05-07 2026 | Critical Redis Vulnerabilities Enable Remote Code Execution AttacksRCE | This content discusses critical vulnerabilities in Redis that allow for remote code execution attacks. These flaws could be exploited to gain unauthorized control over systems running Redis. The article highlights the severity of these security weaknesses, emphasizing the potential for attackers to compromise sensitive data and infrastructure. Further details on the specific vulnerabilities and their impact can be found at the provided link. |
| 2026-05-07 2026 | Critical Argo CD Vulnerability Enables Kubernetes Secret ExtractionAPI Sec | A critical vulnerability has been discovered in Argo CD, a popular continuous delivery tool for Kubernetes. This security flaw allows attackers to potentially extract sensitive Kubernetes secrets. The vulnerability, detailed in a recent security advisory, highlights a significant risk for organizations using Argo CD. The exact payout for reporting this bug has not been publicly disclosed. |
| 2026-05-06 2026 | QLNX Threat Actors Steal Developer Credentials For Supply Chain AttacksSupply Chain | QLNX threat actors are targeting software developers to steal their credentials. The objective is to gain access to code repositories and potentially inject malicious code into the software supply chain. This allows them to compromise downstream users and organizations that integrate the affected software. The attackers aim to conduct sophisticated supply chain attacks by leveraging compromised developer accounts. |
| 2026-05-05 2026 | DAEMON Tools Breach Used to Spread Malware in Supply Chain AttackSupply Chain | A supply chain attack exploited a breach in DAEMON Tools, a popular disk imaging software. Threat actors injected malware into legitimate DAEMON Tools updates, distributing it to its user base. This allowed them to gain a foothold on compromised systems, potentially for further malicious activities such as stealing sensitive data or launching additional attacks. The exact payout amount is not specified in the provided content. |
| 2026-05-05 2026 | Critical Android Zero-Click Vulnerability Grants Attackers Remote Shell AccessMobileRCE | A critical Android zero-click vulnerability has been discovered, allowing attackers to gain remote shell access to devices without any user interaction. This means compromised devices can be controlled remotely, potentially leading to data theft, surveillance, or further malware deployment. The severity of this exploit highlights significant security risks for Android users. Further details on the specific vulnerability and its impact are available via the provided link. |
| 2026-05-05 2026 | Critical Weaver E-cology RCE Flaw Actively Exploited by AttackersRCE | A critical Remote Code Execution (RCE) vulnerability in Weaver E-cology is being actively exploited by attackers. The flaw allows unauthorized code execution, posing a significant security risk. While the content highlights the active exploitation and critical nature of the vulnerability, it does not mention any specific bug bounty payout amounts. Organizations using Weaver E-cology should prioritize patching this vulnerability to prevent further compromise. |
| 2026-05-05 2026 | Critical Qualcomm Chip Flaws Could Allow Remote Code Execution AttacksMobileRCE | Critical vulnerabilities in Qualcomm chipsets could enable remote code execution (RCE) attacks, allowing attackers to take control of affected devices without user interaction. These flaws, discovered by researchers at Positive Technologies, impact a wide range of devices including smartphones, smartwatches, and IoT devices. The vulnerabilities exist in the modem firmware and could be exploited by sending specially crafted data to the device. While a bounty payout amount is not explicitly stated, Qualcomm has acknowledged the issues and is working on patches. Users are advised to update their device firmware as soon as updates become available. |
| 2026-05-04 2026 | Critical Apache MINA Flaws Enable Remote Code Execution AttacksRCE | Critical Apache MINA Flaws Enable Remote Code Execution Attacks https://ift.tt/8NmERQ7 |
| 2026-05-04 2026 | Cybercriminals Abuse Tanstack Package To Target Developer EnvironmentsSupply Chain | Cybercriminals are exploiting the Tanstack package, a popular JavaScript library, to target developer environments. Attackers are using malicious code within the package to compromise developers' machines and potentially steal sensitive information or gain unauthorized access. This exploit highlights the risks associated with supply chain attacks, where vulnerabilities in legitimate software components can be leveraged for malicious purposes. Developers are advised to exercise caution and ensure their dependencies are up-to-date and from trusted sources. |
| 2026-05-04 2026 | FreeBSD DHCP Client Flaw Allows Remote Code Execution as RootRCE | FreeBSD DHCP Client Flaw Allows Remote Code Execution as Root https://ift.tt/L7adyUH |
| 2026-05-01 2026 | Multiple Wireshark Flaws Allow Remote Code Execution via Malformed PacketsRCE | Multiple vulnerabilities in Wireshark, a popular network protocol analyzer, have been discovered. These flaws allow remote code execution when the software processes specially crafted packets. Attackers could exploit these vulnerabilities by sending malformed data to a Wireshark user, potentially compromising their system without any user interaction. The severity of these issues highlights the importance of keeping Wireshark updated to the latest version to mitigate these security risks. |
| 2026-05-01 2026 | Spyware-as-a-Service Platform Enables Rebranding and Resale Of Android MalwareMobile | A new Spyware-as-a-Service (SPaaS) platform has emerged, allowing threat actors to rebrand and resell sophisticated Android malware. This "malware factory" empowers less technical criminals to deploy customized spyware, making it harder to track and attribute attacks. The platform likely lowers the barrier to entry for developing and distributing mobile surveillance tools, posing a significant threat to Android users worldwide. |
| 2026-05-01 2026 | Supply Chain Attack Targets GitHub Actions via Malicious Ruby Gems and Go ModulesSupply Chain | A supply chain attack has been discovered targeting GitHub Actions. Threat actors are injecting malicious Ruby gems and Go modules into the software development pipeline. These compromised dependencies can potentially execute arbitrary code on developer machines and within CI/CD environments. The attack highlights the vulnerability of open-source ecosystems and the importance of robust security measures for supply chain integrity. Further details are available at the provided link. |
| 2026-05-01 2026 | PoC Released for Critical ASUSTOR ADM Root RCE VulnerabilityRCE | A Proof-of-Concept (PoC) has been released for a critical vulnerability in ASUSTOR's ADM (Asustor Data Master) software. This vulnerability allows for Remote Code Execution (RCE) with root privileges, meaning an attacker could gain complete control over an affected ASUSTOR NAS device. The PoC's release indicates that the vulnerability is actively exploitable, posing a significant security risk to users of ASUSTOR products running vulnerable ADM versions. Users are advised to check for and apply any available security updates immediately to mitigate this risk. No bounty payout amount is mentioned. |
| 2026-04-30 2026 | Google Gemini CLI Flaw Enables Command Execution on Hosts systemsRCE | A critical vulnerability has been discovered in the Google Gemini CLI, allowing attackers to execute arbitrary commands on host systems. This flaw stems from improper sanitization of commands processed by the CLI. Successful exploitation could lead to unauthorized access and control over the affected machines. Further details on the vulnerability and its impact are available via the provided link. |
| 2026-04-30 2026 | Jenkins Patches High-Severity Plugin Vulnerability Including Path Traversal and Stored XSSXSS | Library update patches Jenkins plugins for critical vulnerabilities including CVE-2026-42520 (path traversal leading to RCE in Credentials Binding Plugin), CVE-2026-42523 (stored XSS in GitHub Plugin), and CVE-2026-42524 (stored XSS in HTML Publisher Plugin). Patched versions and mitigation strategies are detailed for these high-severity flaws. |
| 2026-04-30 2026 | Qinglong Vulnerabilities Enable RCE Exploited in AttacksRCE | Security researchers have identified critical vulnerabilities in the Qinglong system that allow for Remote Code Execution (RCE). These flaws have already been actively exploited in real-world attacks. The nature of the vulnerabilities suggests a significant security risk for users of the Qinglong system. No specific bounty payout amount is mentioned in the provided content. |
| 2026-04-30 2026 | Fake TanStack npm Package Exfiltrates Sensitive Developer DataSupply Chain | A malicious npm package mimicking the popular TanStack libraries has been discovered. This fake package is designed to steal sensitive developer data, including environment variables, SSH keys, and other confidential information, from users who unknowingly install it. The compromise highlights the ongoing threat of supply chain attacks within the developer ecosystem, urging caution when installing third-party packages. No bounty payout amount is mentioned in the provided content. |
| 2026-04-30 2026 | ProFTPD SQL Injection Flaw Enables Remote Code ExecutionRCESQLi | A critical SQL injection vulnerability has been discovered in ProFTPD, a widely used FTP server. This flaw allows attackers to bypass authentication and execute arbitrary SQL commands, ultimately leading to remote code execution on the affected server. The vulnerability, which affects specific configurations, poses a significant security risk, enabling attackers to compromise sensitive data and gain full control of the system. Users are strongly advised to update their ProFTPD installations to the latest version to mitigate this threat. |
| 2026-04-29 2026 | Critical Cursor Vulnerability Exposes Developer Workstations To Remote Code ExecutionRCE | A critical vulnerability has been discovered that allows remote code execution on developer workstations. The flaw, related to cursor handling, poses a significant security risk, enabling attackers to compromise sensitive developer environments. This could lead to widespread data breaches and the theft of proprietary code. Further details are available via the provided link. |
| 2026-04-29 2026 | Critical Google Chrome Flaws Allow Remote Code Execution ExploitsRCE | Google Chrome is facing critical vulnerabilities that could allow for remote code execution. These security flaws, if exploited, could enable attackers to compromise user systems without any interaction required from the user. The severity of these issues highlights the ongoing need for prompt patching and vigilant security practices for web browsers. No specific bounty payout amounts were mentioned in the provided content. |
| 2026-04-28 2026 | Hugging Face LeRobot Vulnerability Enables Unauthenticated Remote Code Execution AttacksRCESupply Chain | A critical vulnerability, CVE-2024-31586, has been discovered in Hugging Face's LeRobot library. This flaw allows unauthenticated attackers to execute arbitrary code remotely on vulnerable systems. The vulnerability stems from LeRobot's insecure handling of certain files, specifically when unpacking archives. Exploitation is possible without prior authentication. |
| 2026-04-28 2026 | Critical LiteLLM SQL Injection Vulnerability Exploited in the WildSQLi | A critical SQL injection vulnerability has been discovered in LiteLLM, an open-source LLM application. This vulnerability has reportedly been exploited in the wild, meaning attackers have already taken advantage of it. The exact nature of the exploitation and its impact are not detailed in the provided text, beyond the classification of "critical." Further information regarding the vulnerability and potential mitigation steps is available through the provided link. |
| 2026-04-28 2026 | ClickUp Hardcoded API Key Exposes 959 Emails from Fortune 500 GiantsAPI SecSecrets | A hardcoded API key in ClickUp, a popular project management tool, led to the exposure of 959 emails belonging to employees of Fortune 500 companies. The vulnerability allowed unauthorized access to this sensitive information. The report does not mention a specific bug bounty payout amount. |
| 2026-04-27 2026 | Nessus Agent Vulnerability on Windows Allows Arbitrary Code Execution as SYSTEMRCE | A critical vulnerability has been discovered in the Nessus Agent on Windows, allowing for arbitrary code execution with SYSTEM privileges. This means an attacker could potentially gain full control of a vulnerable system. The vulnerability, detailed in the provided link, is significant due to the high level of access it grants. Details regarding specific affected versions or mitigation steps are not provided in this summary. |
| 2026-04-27 2026 | Multiple OpenClaw Vulnerabilities Enable Policy Bypass and Host Override AttacksAPI Sec | This article details multiple vulnerabilities found in OpenClaw that allow attackers to bypass security policies and gain host override control. These critical flaws could significantly compromise systems relying on OpenClaw for security. The specific impact and potential attack vectors are discussed, highlighting the severity of these issues. |
| 2026-04-27 2026 | Critical Gemini CLI Vulnerability Enables Remote Code Execution AttacksRCE | A critical vulnerability has been discovered in the Gemini Command Line Interface (CLI) that allows for remote code execution (RCE) attacks. This means attackers could potentially run malicious code on a user's system without their knowledge or consent by exploiting this flaw in the Gemini CLI. Further details about the exploit and its potential impact are available at the provided link. |
| 2026-04-27 2026 | PoC Exploit Released for Critical Metabase Enterprise RCE VulnerabilityRCE | A Proof-of-Concept (PoC) exploit has been released for a critical Remote Code Execution (RCE) vulnerability affecting Metabase Enterprise. This vulnerability allows unauthenticated attackers to gain control of affected servers. The release of the PoC significantly increases the risk of exploitation, as it provides a direct method for malicious actors to test and execute attacks. Users of Metabase Enterprise are strongly advised to update their systems immediately to patch this severe security flaw and mitigate potential damage. |
| 2026-04-24 2026 | Critical Python Vulnerability Enables Out-of-Bounds Write on Windows SystemsPython | A critical vulnerability has been discovered in Python that allows for an out-of-bounds write on Windows systems. This means an attacker could potentially corrupt memory and gain control of a system. The vulnerability is present in the `_ssl_io_write` function within the `_ssl` module. While the article mentions the criticality of the issue, it does not state a bug bounty payout amount. |
| 2026-04-24 2026 | Bitwarden CLI Hit by Supply Chain Attack Through GitHub ActionsSupply Chain | Bitwarden's command-line interface (CLI) was compromised through a supply chain attack targeting its GitHub Actions. Malicious code was injected into a version of the Bitwarden CLI, which was then distributed to users. While the exact payout amount is not specified, the incident highlights the risks associated with software supply chains. Bitwarden has released a patched version and advised users to update their CLI immediately to mitigate any potential security risks. |
| 2026-04-23 2026 | New LMDeploy Vulnerability Exploited in the Wild Just 12 Hours After Public AdvisoryAPI Sec | New LMDeploy Vulnerability Exploited in the Wild Just 12 Hours After Public Advisory https://ift.tt/txmoBfy |
| 2026-04-23 2026 | Xinference PyPI Package Compromised With Malicious Code to Steal Cloud CredentialsSupply Chain | Xinference PyPI Package Compromised With Malicious Code to Steal Cloud Credentials https://ift.tt/MALwDp9 |
| 2026-04-22 2026 | Firefox 150 Released With Fixes for Multiple Code Execution VulnerabilitiesRCE | Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities https://ift.tt/oKqHTf5 |
| 2026-04-22 2026 | Critical Spring Authorization Server Flaw Enables XSS Privilege Escalation and SSRFSSRF | Critical Spring Authorization Server Flaw Enables XSS, Privilege Escalation, and SSRF https://ift.tt/b2pauUc |
| 2026-04-21 2026 | Lovable AI App Builder Reportedly Exposes Thousands of Project Data via API FlawAPI Sec | Lovable AI App Builder Reportedly Exposes Thousands of Project Data via API Flaw https://ift.tt/rUbhJN8 |
| 2026-04-21 2026 | Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference ServersRCE | Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers https://ift.tt/UTpIVmw |
| 2026-04-21 2026 | CISA Warns Axios npm Package Was Compromised in Major Supply Chain AttackSupply Chain | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack https://ift.tt/eymP7Vs |
| 2026-04-20 2026 | iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code ExecutionRCE | iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code Execution https://ift.tt/l13PHeM |
| 2026-04-20 2026 | Critical Anthropic MCP Vulnerability Enables Remote Code Execution AttacksAI | Critical Anthropic MCP Vulnerability Enables Remote Code Execution Attacks https://ift.tt/sjNEzGL |
| 2026-04-17 2026 | PoC Exploit Released for FortiSandbox Vulnerability that Allows attacker to execute commandsRCE | PoC Exploit Released for FortiSandbox Vulnerability that Allows attacker to execute commands https://ift.tt/Cld3i9q |
| 2026-04-17 2026 | Hugging Face Abused To Spread Blockchain-Based Backdoor In CVE-2026-39987 AttacksRCE | Hugging Face Abused To Spread Blockchain-Based Backdoor In CVE-2026-39987 Attacks https://ift.tt/QZjdzEJ |
| 2026-04-16 2026 | Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious CodeRCE | Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code https://ift.tt/m7TKb1e |
| 2026-04-16 2026 | Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary CodeRCE | Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code https://ift.tt/BcJYMZS |
| 2026-04-15 2026 | Windows Active Directory Vulnerability Allows Attackers to Execute Malicious CodeRCE | Windows Active Directory Vulnerability Allows Attackers to Execute Malicious Code https://ift.tt/wBTSFR1 |
| 2026-04-14 2026 | Critical etcd Auth Bypass Flaw Lets Attackers Access Sensitive Cluster APIs Without AuthorizationAuthZ | Critical etcd Auth Bypass Flaw Lets Attackers Access Sensitive Cluster APIs Without Authorization https://ift.tt/3a7iPej |
| 2026-04-14 2026 | Critical ShowDoc RCE Vulnerability Actively Exploited in the WildRCE | Critical ShowDoc RCE Vulnerability Actively Exploited in the Wild https://ift.tt/ug84a6E |
| 2026-04-14 2026 | SAP Patch Day Fixes Critical SQL Injection DoS and Code Injection FlawsSQLi | SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws https://ift.tt/lgQwt4L |
| 2026-04-14 2026 | CISA Warns of Fortinet SQL Injection Flaw Actively Exploited in AttacksSQLi | CISA Warns of Fortinet SQL Injection Flaw Actively Exploited in Attacks https://ift.tt/kN2acMA |
| 2026-04-14 2026 | SAP Patch Day Fixes Critical SQL Injection DoS and Code Injection FlawsSQLi | SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws https://ift.tt/QS2AJx7 |
| 2026-04-13 2026 | Critical Axios Vulnerability Allows Remote Code ExecutionRCE | Critical Axios Vulnerability Allows Remote Code Execution https://ift.tt/bDWH6Pi |
| 2026-04-13 2026 | Marimo RCE Vulnerability Exploited Within 10 Hours of Public DisclosureRCE | Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure https://ift.tt/fU4AYhF |
| 2026-04-11 2026 | Single Line of Code Can Jailbreak 11 AI Models Including ChatGPT, Claude, GeminiAI | Single Line of Code Can Jailbreak 11 AI Models Including ChatGPT, Claude, Gemini |
| 2026-04-10 2026 | GitLab Fixes Critical Bugs Allowing DoS and Code Injection AttacksAPI Sec | GitLab Fixes Critical Bugs Allowing DoS and Code Injection Attacks https://ift.tt/vZur7Tf |
| 2026-04-10 2026 | Critical Python PLY Library Vulnerability Enables RCEPython | Critical Python PLY Library Vulnerability Enables RCE |
| 2026-04-10 2026 | 50,000+ WordPress Sites at Risk from Critical Ninja Forms RCERCE | 50,000+ WordPress Sites at Risk from Critical Ninja Forms RCE |
| 2026-04-09 2026 | Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege EscalationSQLi | Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation https://ift.tt/fMHBmC1 |
| 2026-04-08 2026 | Claude Discovers 13-Year-Old RCE Vulnerability in Apache ActiveMQ Within MinutesRCE | Claude Discovers 13-Year-Old RCE Vulnerability in Apache ActiveMQ Within Minutes https://ift.tt/6HFLTCo |
| 2026-04-07 2026 | Critical CUPS Vulnerability Chain Allows Remote Code Execution as RootRCE | Critical CUPS Vulnerability Chain Allows Remote Code Execution as Root https://ift.tt/LX3eCBW |
| 2026-04-07 2026 | Critical Flaw in Windmill Developer Platform Allows Remote Code ExecutionRCE | Critical Flaw in Windmill Developer Platform Allows Remote Code Execution https://ift.tt/dyo0Wb8 |
| 2026-04-07 2026 | Poisoned Axios Package Linked To Cross-Platform Malware Delivery CampaignSupply Chain | Poisoned Axios Package Linked To Cross-Platform Malware Delivery Campaign https://ift.tt/g6zZsCJ |
| 2026-04-06 2026 | Researchers Uncover 36 Rogue npm Packages Delivering Redis RCE and Persistent MalwareSupply Chain | Researchers Uncover 36 Rogue npm Packages Delivering Redis RCE and Persistent Malware https://ift.tt/eSV5lXZ |
| 2026-04-02 2026 | Critical Cisco Smart Software Manager Vulnerability Enables Arbitrary Command ExecutionRCE | Critical Cisco Smart Software Manager Vulnerability Enables Arbitrary Command Execution https://ift.tt/mqhIRau |
| 2026-03-30 2026 | Stored XSS Flaw in Jira Work Management Could Enable Full Org CompromiseXSS | Stored XSS Flaw in Jira Work Management Could Enable Full Org Compromise https://ift.tt/tBU50wa |
| 2026-03-20 2026 | Russian APT Exploits Zimbra XSS In GhostMail Attacks On Ukrainian GovernmentXSS | Russian APT Exploits Zimbra XSS In GhostMail Attacks On Ukrainian Government https://cyberpress.org/ghostmail-targets-ukraine-mail/ |
| 2026-03-17 2026 | Angular XSS Vulnerability Puts Thousands of Web Apps at RiskXSS | Angular XSS Vulnerability Puts Thousands of Web Apps at Risk https://cyberpress.org/angular-xss-vulnerability/ |
| 2026-03-03 2026 | Severe XSS Vulnerability in Angular i18n Enables Malicious Script InjectionXSS | Severe XSS Vulnerability in Angular i18n Enables Malicious Script Injection https://cyberpress.org/severe-xss-vulnerability/ |
| 2026-03-02 2026 | Angular SSR Flaw Lets Attackers Trigger Unauthorized Server-Side RequestsSSRF | This allows header injection, enabling attacks on internal networks. Angular has patched its update now to avoid risks. |
| 2026-02-28 2026 | Stored XSS Flaw in RustFS Console Leaks Admin S3 CredentialsXSS | Stored XSS Flaw in RustFS Console Leaks Admin S3 Credentials https://cyberpress.org/stored-xss-flaw-in-rustfs-console-leaks-admin-s3-credentials/ |
| 2026-02-26 2026 | Mozilla Releases Firefox 148 With New Sanitizer API to Block XSS AttacksXSS | Mozilla has launched Firefox 148 featuring a new Sanitizer API to prevent XSS attacks. This update aims to enhance security by blocking cross-site scripting attacks, a common vulnerability exploited by hackers. The Sanitizer API helps sanitize input data to prevent malicious scripts from executing on web pages, thus safeguarding users from potential security threats. This release underscores Mozilla's commitment to improving browser security and protecting users' online experiences. |
| 2026-02-17 2026 | LangChain Community Flaw Allows SSRF Bypass to Access Internal InfrastructureSSRF | The LangChain community flaw enables a Server-Side Request Forgery (SSRF) bypass, granting unauthorized access to internal infrastructure. This vulnerability poses a significant security risk, potentially allowing attackers to exploit SSRF to access sensitive data or launch further attacks within the system. It is crucial for LangChain users and administrators to be aware of this flaw and take immediate action to mitigate the risk of unauthorized access and potential security breaches. More details can be found at the provided link. |
| 2026-02-13 2026 | Critical Zimbra Vulnerabilities Fixed: XSS XXE and LDAP Injection Risks MitigatedXSS | The article discusses critical vulnerabilities in Zimbra that have been fixed to mitigate risks of XSS, XXE, and LDAP injection. The vulnerabilities were addressed to enhance the security of Zimbra systems. More information can be found at the provided link. |
| 2026-02-11 2026 | GitLab Patches Multiple Vulnerabilities Enabling DoS and Cross-Site Scripting AttacksXSS | GitLab has addressed multiple vulnerabilities that could lead to Denial of Service (DoS) and Cross-Site Scripting (XSS) attacks. The patches aim to prevent potential security risks associated with these vulnerabilities. Users are advised to update their GitLab installations to the latest version to mitigate the risk of exploitation. More details can be found at the provided link. |
| 2026-02-04 2026 | CISA Warns of Actively Exploited GitLab SSRF Vulnerability in Community and Enterprise EditionsSSRF | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited Server-Side Request Forgery (SSRF) vulnerability in both the Community and Enterprise editions of GitLab. The vulnerability poses a risk of exploitation by threat actors. Users of GitLab are advised to update their systems promptly to mitigate the security threat. |
| 2026-02-03 2026 | Foxit PDF Editor Vulnerability Allows Attackers to Execute Arbitrary JavaScriptXSS | A vulnerability in Foxit PDF Editor enables attackers to execute arbitrary JavaScript. This flaw poses a security risk as it allows malicious actors to run code on affected systems. Users of Foxit PDF Editor should be cautious and consider updating their software to protect against potential attacks exploiting this vulnerability. More details can be found at the provided link. |
| 2026-01-17 2026 | Exploiting XSS in Meta Conversion API for Zero-Click Account TakeoverXSS | The content discusses exploiting Cross-Site Scripting (XSS) vulnerabilities in Meta Conversion API to achieve a Zero-Click Account Takeover. The article likely provides insights into how attackers can leverage XSS flaws in the API to compromise user accounts without any interaction required from the victim. This type of attack can be highly dangerous as it allows malicious actors to gain unauthorized access to accounts easily. The link provided likely offers more in-depth information on this security issue and its implications. |
| 2026-01-14 2026 | FortiSandbox SSRF Vulnerability Allows Attackers to Proxy Internal Traffic via Crafted HTTP RequestsSSRF | The FortiSandbox SSRF vulnerability enables attackers to proxy internal traffic by sending specially crafted HTTP requests. This vulnerability poses a risk as attackers can exploit it to manipulate internal traffic flow. More details can be found at https://cyberpress.org/fortisandbox-ssrf-vulnerability/. |
| 2026-01-13 2026 | Critical Apache Struts 2 Vulnerability Allows Attackers to Steal Sensitive DataSSRF | A critical vulnerability in Apache Struts 2 has been identified, enabling attackers to steal sensitive data. The flaw poses a significant risk to systems using this framework, potentially leading to data breaches and unauthorized access. Organizations utilizing Apache Struts 2 are advised to promptly apply patches or updates to mitigate the vulnerability and enhance their cybersecurity defenses. Vigilance and proactive measures are crucial to safeguard sensitive information and prevent exploitation by malicious actors. |
| 2026-01-13 2026 | New Angular Vulnerability Enables Attackers to Execute Malicious PayloadsXSS | A new vulnerability in Angular allows attackers to execute malicious payloads. This security flaw poses a risk as it can be exploited by cybercriminals to compromise systems using Angular. Organizations using Angular should be aware of this vulnerability and take necessary precautions to protect their systems from potential attacks. It is crucial to stay informed about security threats and promptly apply patches or updates to mitigate the risk of exploitation. |
| 2026-01-09 2026 | OWASP CRS Vulnerability Allows Attackers to Bypass Charset ValidationXSS | The OWASP CRS vulnerability enables attackers to bypass charset validation, as reported on cyberpress.org. This vulnerability poses a security risk by allowing malicious actors to circumvent charset validation measures. Organizations using OWASP CRS should be aware of this issue and take necessary steps to mitigate the vulnerability to prevent potential attacks. |
| 2026-01-09 2026 | Hackers Actively Exploit AI Deployments as 91000 Attack Sessions Are DetectedSSRF | Hackers are targeting AI deployments, with over 91,000 attack sessions detected. The article discusses the active exploitation of AI systems by cybercriminals, highlighting the growing threat to these technologies. It emphasizes the need for robust cybersecurity measures to protect AI deployments from malicious attacks. |
| 2025-12-21 2025 | Roundcube Vulnerabilities Allow Attackers to Execute Malicious ScriptsXSS | The content discusses vulnerabilities in Roundcube, a popular webmail software, that allow attackers to execute malicious scripts. These vulnerabilities could potentially lead to unauthorized access and compromise of sensitive information. It highlights the importance of promptly addressing security flaws in software to prevent exploitation by malicious actors. The article likely provides details on the specific vulnerabilities found in Roundcube and offers recommendations for users to protect themselves from potential attacks. |
| 2025-12-10 2025 | Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSSXSS | The content discusses a critical vulnerability in Ivanti EPM that enables admin session hijacking through stored XSS attacks. This flaw poses a significant security risk as it allows attackers to take control of admin sessions. The vulnerability highlights the importance of promptly addressing and patching such security issues to prevent unauthorized access and potential data breaches. Organizations using Ivanti EPM are advised to be aware of this vulnerability and take necessary precautions to mitigate the risk of exploitation. |
| 2025-12-03 2025 | Angular Platform Vulnerability Allows Malicious Code Execution via Weaponized SVG Animation FilesXSS | The content discusses a vulnerability in the Angular platform that enables malicious code execution through weaponized SVG animation files. This vulnerability poses a risk as attackers can exploit it to execute harmful code on affected systems. It highlights the importance of being cautious when handling SVG files to prevent potential security breaches and emphasizes the need for timely updates and patches to mitigate such risks. |
| 2025-11-27 2025 | Apache SkyWalking Vulnerability Lets Attackers Expose Users to XSS AttacksXSS | The content discusses a vulnerability in Apache SkyWalking that allows attackers to expose users to cross-site scripting (XSS) attacks. This vulnerability could potentially be exploited by malicious actors to compromise user data and security. It emphasizes the importance of addressing this vulnerability promptly to prevent exploitation and protect users from potential XSS attacks. |
| 2025-11-16 2025 | Cross-Site Scripting Vulnerability Discovered in Citrix NetScaler ADC and GatewayXSS | A Cross-Site Scripting (XSS) vulnerability has been found in Citrix NetScaler ADC and Gateway. The vulnerability could potentially allow attackers to execute malicious scripts on users' browsers when visiting compromised websites. This poses a security risk to organizations using these Citrix products. It is crucial for users to be aware of this vulnerability and take necessary precautions to mitigate the risk of exploitation. For more detailed information, refer to the original source at cyberpress.org. |
| 2025-11-13 2025 | Kibana Flaws Could Allow Server-Side Request Forgery and Cross-Site Scripting AttacksSSRF | The article discusses vulnerabilities in Kibana that could lead to server-side request forgery and cross-site scripting attacks. These flaws could potentially be exploited by attackers to manipulate server requests and execute malicious scripts on the client-side. It highlights the importance of addressing these vulnerabilities promptly to prevent security breaches and protect sensitive data. |
| 2025-11-13 2025 | Multiple GitLab Vulnerabilities Allow Malicious Prompt Injection and Data TheftXSS | The article discusses multiple vulnerabilities in GitLab that enable malicious prompt injection and data theft. These vulnerabilities pose a security risk to users of GitLab, potentially allowing attackers to inject malicious prompts and steal sensitive data. It highlights the importance of addressing these vulnerabilities promptly to prevent potential security breaches and protect user data. |
| 2025-11-12 2025 | Nagios XSS Flaw Allows Remote Execution of Arbitrary JavaScriptXSS | The article discusses a cross-site scripting (XSS) vulnerability in Nagios, a popular IT infrastructure monitoring tool. This flaw could potentially allow attackers to execute arbitrary JavaScript code remotely. The vulnerability poses a security risk to systems using Nagios, as it could be exploited to carry out malicious activities. It is important for Nagios users to be aware of this issue and take necessary precautions to prevent unauthorized access and potential attacks. |
| 2025-11-12 2025 | Custom GPTs Exploit SSRF in ChatGPT to Expose SecretsSSRF | The article discusses how custom GPTs exploit Server-Side Request Forgery (SSRF) vulnerabilities in ChatGPT to reveal sensitive information. By leveraging SSRF, attackers can manipulate the AI model to access internal systems and extract confidential data. This security flaw highlights the importance of addressing SSRF vulnerabilities in AI models like ChatGPT to prevent unauthorized access and data breaches. The article emphasizes the need for robust security measures to protect against such exploits and safeguard sensitive information from being exposed. |
| 2025-10-26 2025 | Multiple GitLab Flaws Could Allow Account Takeover and Stored XSS AttacksXSS | The article discusses multiple vulnerabilities in GitLab that could lead to account takeover and stored cross-site scripting (XSS) attacks. These flaws pose security risks for GitLab users, potentially allowing malicious actors to compromise accounts and execute harmful scripts. It emphasizes the importance of promptly addressing these vulnerabilities to prevent unauthorized access and protect sensitive data within the GitLab platform. |
| 2025-10-24 2025 | CISA Alerts on Active Exploitation of Oracle EBS SSRF FlawSSRF | The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding the active exploitation of a Server-Side Request Forgery (SSRF) vulnerability in Oracle E-Business Suite (EBS). This flaw could allow attackers to manipulate server requests and potentially access sensitive information. Organizations using Oracle EBS are urged to apply security patches and implement necessary safeguards to protect their systems from exploitation. CISA's warning highlights the importance of promptly addressing vulnerabilities to prevent cyber threats and safeguard critical data. |
| 2025-09-10 2025 | GitLab Patches Vulnerabilities Allowing Denial of Service and SSRF AttacksSSRF | GitLab has addressed vulnerabilities that could lead to Denial of Service (DoS) and Server-Side Request Forgery (SSRF) attacks. These vulnerabilities have been patched to prevent potential exploitation. It is crucial for GitLab users to update their systems promptly to mitigate the risk of these security threats. |
| 2025-08-11 2025 | Xerox FreeFlow Flaws Enable SSRF and Remote Code ExecutionSSRF | The Xerox FreeFlow software has vulnerabilities that allow Server-Side Request Forgery (SSRF) attacks and remote code execution. These flaws can be exploited by attackers to manipulate requests from the server and execute malicious code remotely. It poses a significant security risk and highlights the importance of patching software to prevent exploitation. |