cyberpress.org
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-23.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-23 2026 | New LMDeploy Vulnerability Exploited in the Wild Just 12 Hours After Public AdvisoryAPI Sec | New LMDeploy Vulnerability Exploited in the Wild Just 12 Hours After Public Advisory https://ift.tt/txmoBfy |
| 2026-04-23 2026 | Xinference PyPI Package Compromised With Malicious Code to Steal Cloud CredentialsSupply Chain | Xinference PyPI Package Compromised With Malicious Code to Steal Cloud Credentials https://ift.tt/MALwDp9 |
| 2026-04-22 2026 | Firefox 150 Released With Fixes for Multiple Code Execution VulnerabilitiesRCE | Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities https://ift.tt/oKqHTf5 |
| 2026-04-22 2026 | Critical Spring Authorization Server Flaw Enables XSS Privilege Escalation and SSRFSSRF | Critical Spring Authorization Server Flaw Enables XSS, Privilege Escalation, and SSRF https://ift.tt/b2pauUc |
| 2026-04-21 2026 | Lovable AI App Builder Reportedly Exposes Thousands of Project Data via API FlawAPI Sec | Lovable AI App Builder Reportedly Exposes Thousands of Project Data via API Flaw https://ift.tt/rUbhJN8 |
| 2026-04-21 2026 | Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference ServersRCE | Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers https://ift.tt/UTpIVmw |
| 2026-04-21 2026 | CISA Warns Axios npm Package Was Compromised in Major Supply Chain AttackSupply Chain | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack https://ift.tt/eymP7Vs |
| 2026-04-20 2026 | iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code ExecutionRCE | iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code Execution https://ift.tt/l13PHeM |
| 2026-04-20 2026 | Critical Anthropic MCP Vulnerability Enables Remote Code Execution AttacksAI | Critical Anthropic MCP Vulnerability Enables Remote Code Execution Attacks https://ift.tt/sjNEzGL |
| 2026-04-17 2026 | PoC Exploit Released for FortiSandbox Vulnerability that Allows attacker to execute commandsRCE | PoC Exploit Released for FortiSandbox Vulnerability that Allows attacker to execute commands https://ift.tt/Cld3i9q |
| 2026-04-17 2026 | Hugging Face Abused To Spread Blockchain-Based Backdoor In CVE-2026-39987 AttacksRCE | Hugging Face Abused To Spread Blockchain-Based Backdoor In CVE-2026-39987 Attacks https://ift.tt/QZjdzEJ |
| 2026-04-16 2026 | Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious CodeRCE | Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code https://ift.tt/m7TKb1e |
| 2026-04-16 2026 | Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary CodeRCE | Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code https://ift.tt/BcJYMZS |
| 2026-04-15 2026 | Windows Active Directory Vulnerability Allows Attackers to Execute Malicious CodeRCE | Windows Active Directory Vulnerability Allows Attackers to Execute Malicious Code https://ift.tt/wBTSFR1 |
| 2026-04-14 2026 | Critical etcd Auth Bypass Flaw Lets Attackers Access Sensitive Cluster APIs Without AuthorizationAuthZ | Critical etcd Auth Bypass Flaw Lets Attackers Access Sensitive Cluster APIs Without Authorization https://ift.tt/3a7iPej |
| 2026-04-14 2026 | Critical ShowDoc RCE Vulnerability Actively Exploited in the WildRCE | Critical ShowDoc RCE Vulnerability Actively Exploited in the Wild https://ift.tt/ug84a6E |
| 2026-04-14 2026 | SAP Patch Day Fixes Critical SQL Injection DoS and Code Injection FlawsSQLi | SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws https://ift.tt/lgQwt4L |
| 2026-04-14 2026 | CISA Warns of Fortinet SQL Injection Flaw Actively Exploited in AttacksSQLi | CISA Warns of Fortinet SQL Injection Flaw Actively Exploited in Attacks https://ift.tt/kN2acMA |
| 2026-04-14 2026 | SAP Patch Day Fixes Critical SQL Injection DoS and Code Injection FlawsSQLi | SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws https://ift.tt/QS2AJx7 |
| 2026-04-13 2026 | Critical Axios Vulnerability Allows Remote Code ExecutionRCE | Critical Axios Vulnerability Allows Remote Code Execution https://ift.tt/bDWH6Pi |
| 2026-04-13 2026 | Marimo RCE Vulnerability Exploited Within 10 Hours of Public DisclosureRCE | Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure https://ift.tt/fU4AYhF |
| 2026-04-11 2026 | Single Line of Code Can Jailbreak 11 AI Models Including ChatGPT, Claude, GeminiAI | Single Line of Code Can Jailbreak 11 AI Models Including ChatGPT, Claude, Gemini |
| 2026-04-10 2026 | GitLab Fixes Critical Bugs Allowing DoS and Code Injection AttacksAPI Sec | GitLab Fixes Critical Bugs Allowing DoS and Code Injection Attacks https://ift.tt/vZur7Tf |
| 2026-04-10 2026 | Critical Python PLY Library Vulnerability Enables RCEPython | Critical Python PLY Library Vulnerability Enables RCE |
| 2026-04-10 2026 | 50,000+ WordPress Sites at Risk from Critical Ninja Forms RCERCE | 50,000+ WordPress Sites at Risk from Critical Ninja Forms RCE |
| 2026-04-09 2026 | Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege EscalationSQLi | Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation https://ift.tt/fMHBmC1 |
| 2026-04-08 2026 | Claude Discovers 13-Year-Old RCE Vulnerability in Apache ActiveMQ Within MinutesRCE | Claude Discovers 13-Year-Old RCE Vulnerability in Apache ActiveMQ Within Minutes https://ift.tt/6HFLTCo |
| 2026-04-07 2026 | Critical CUPS Vulnerability Chain Allows Remote Code Execution as RootRCE | Critical CUPS Vulnerability Chain Allows Remote Code Execution as Root https://ift.tt/LX3eCBW |
| 2026-04-07 2026 | Critical Flaw in Windmill Developer Platform Allows Remote Code ExecutionRCE | Critical Flaw in Windmill Developer Platform Allows Remote Code Execution https://ift.tt/dyo0Wb8 |
| 2026-04-07 2026 | Poisoned Axios Package Linked To Cross-Platform Malware Delivery CampaignSupply Chain | Poisoned Axios Package Linked To Cross-Platform Malware Delivery Campaign https://ift.tt/g6zZsCJ |
| 2026-04-06 2026 | Researchers Uncover 36 Rogue npm Packages Delivering Redis RCE and Persistent MalwareSupply Chain | Researchers Uncover 36 Rogue npm Packages Delivering Redis RCE and Persistent Malware https://ift.tt/eSV5lXZ |
| 2026-04-02 2026 | Critical Cisco Smart Software Manager Vulnerability Enables Arbitrary Command ExecutionRCE | Critical Cisco Smart Software Manager Vulnerability Enables Arbitrary Command Execution https://ift.tt/mqhIRau |
| 2026-03-30 2026 | Stored XSS Flaw in Jira Work Management Could Enable Full Org CompromiseXSS | Stored XSS Flaw in Jira Work Management Could Enable Full Org Compromise https://ift.tt/tBU50wa |
| 2026-03-20 2026 | Russian APT Exploits Zimbra XSS In GhostMail Attacks On Ukrainian GovernmentXSS | Russian APT Exploits Zimbra XSS In GhostMail Attacks On Ukrainian Government https://cyberpress.org/ghostmail-targets-ukraine-mail/ |
| 2026-03-17 2026 | Angular XSS Vulnerability Puts Thousands of Web Apps at RiskXSS | Angular XSS Vulnerability Puts Thousands of Web Apps at Risk https://cyberpress.org/angular-xss-vulnerability/ |
| 2026-03-03 2026 | Severe XSS Vulnerability in Angular i18n Enables Malicious Script InjectionXSS | Severe XSS Vulnerability in Angular i18n Enables Malicious Script Injection https://cyberpress.org/severe-xss-vulnerability/ |
| 2026-03-02 2026 | Angular SSR Flaw Lets Attackers Trigger Unauthorized Server-Side RequestsSSRF | This allows header injection, enabling attacks on internal networks. Angular has patched its update now to avoid risks. |
| 2026-02-28 2026 | Stored XSS Flaw in RustFS Console Leaks Admin S3 CredentialsXSS | Stored XSS Flaw in RustFS Console Leaks Admin S3 Credentials https://cyberpress.org/stored-xss-flaw-in-rustfs-console-leaks-admin-s3-credentials/ |
| 2026-02-26 2026 | Mozilla Releases Firefox 148 With New Sanitizer API to Block XSS AttacksXSS | Mozilla has launched Firefox 148 featuring a new Sanitizer API to prevent XSS attacks. This update aims to enhance security by blocking cross-site scripting attacks, a common vulnerability exploited by hackers. The Sanitizer API helps sanitize input data to prevent malicious scripts from executing on web pages, thus safeguarding users from potential security threats. This release underscores Mozilla's commitment to improving browser security and protecting users' online experiences. |
| 2026-02-17 2026 | LangChain Community Flaw Allows SSRF Bypass to Access Internal InfrastructureSSRF | The LangChain community flaw enables a Server-Side Request Forgery (SSRF) bypass, granting unauthorized access to internal infrastructure. This vulnerability poses a significant security risk, potentially allowing attackers to exploit SSRF to access sensitive data or launch further attacks within the system. It is crucial for LangChain users and administrators to be aware of this flaw and take immediate action to mitigate the risk of unauthorized access and potential security breaches. More details can be found at the provided link. |
| 2026-02-13 2026 | Critical Zimbra Vulnerabilities Fixed: XSS XXE and LDAP Injection Risks MitigatedXSS | The article discusses critical vulnerabilities in Zimbra that have been fixed to mitigate risks of XSS, XXE, and LDAP injection. The vulnerabilities were addressed to enhance the security of Zimbra systems. More information can be found at the provided link. |
| 2026-02-11 2026 | GitLab Patches Multiple Vulnerabilities Enabling DoS and Cross-Site Scripting AttacksXSS | GitLab has addressed multiple vulnerabilities that could lead to Denial of Service (DoS) and Cross-Site Scripting (XSS) attacks. The patches aim to prevent potential security risks associated with these vulnerabilities. Users are advised to update their GitLab installations to the latest version to mitigate the risk of exploitation. More details can be found at the provided link. |
| 2026-02-04 2026 | CISA Warns of Actively Exploited GitLab SSRF Vulnerability in Community and Enterprise EditionsSSRF | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited Server-Side Request Forgery (SSRF) vulnerability in both the Community and Enterprise editions of GitLab. The vulnerability poses a risk of exploitation by threat actors. Users of GitLab are advised to update their systems promptly to mitigate the security threat. |
| 2026-02-03 2026 | Foxit PDF Editor Vulnerability Allows Attackers to Execute Arbitrary JavaScriptXSS | A vulnerability in Foxit PDF Editor enables attackers to execute arbitrary JavaScript. This flaw poses a security risk as it allows malicious actors to run code on affected systems. Users of Foxit PDF Editor should be cautious and consider updating their software to protect against potential attacks exploiting this vulnerability. More details can be found at the provided link. |
| 2026-01-17 2026 | Exploiting XSS in Meta Conversion API for Zero-Click Account TakeoverXSS | The content discusses exploiting Cross-Site Scripting (XSS) vulnerabilities in Meta Conversion API to achieve a Zero-Click Account Takeover. The article likely provides insights into how attackers can leverage XSS flaws in the API to compromise user accounts without any interaction required from the victim. This type of attack can be highly dangerous as it allows malicious actors to gain unauthorized access to accounts easily. The link provided likely offers more in-depth information on this security issue and its implications. |
| 2026-01-14 2026 | FortiSandbox SSRF Vulnerability Allows Attackers to Proxy Internal Traffic via Crafted HTTP RequestsSSRF | The FortiSandbox SSRF vulnerability enables attackers to proxy internal traffic by sending specially crafted HTTP requests. This vulnerability poses a risk as attackers can exploit it to manipulate internal traffic flow. More details can be found at https://cyberpress.org/fortisandbox-ssrf-vulnerability/. |
| 2026-01-13 2026 | Critical Apache Struts 2 Vulnerability Allows Attackers to Steal Sensitive DataSSRF | A critical vulnerability in Apache Struts 2 has been identified, enabling attackers to steal sensitive data. The flaw poses a significant risk to systems using this framework, potentially leading to data breaches and unauthorized access. Organizations utilizing Apache Struts 2 are advised to promptly apply patches or updates to mitigate the vulnerability and enhance their cybersecurity defenses. Vigilance and proactive measures are crucial to safeguard sensitive information and prevent exploitation by malicious actors. |
| 2026-01-13 2026 | New Angular Vulnerability Enables Attackers to Execute Malicious PayloadsXSS | A new vulnerability in Angular allows attackers to execute malicious payloads. This security flaw poses a risk as it can be exploited by cybercriminals to compromise systems using Angular. Organizations using Angular should be aware of this vulnerability and take necessary precautions to protect their systems from potential attacks. It is crucial to stay informed about security threats and promptly apply patches or updates to mitigate the risk of exploitation. |
| 2026-01-09 2026 | OWASP CRS Vulnerability Allows Attackers to Bypass Charset ValidationXSS | The OWASP CRS vulnerability enables attackers to bypass charset validation, as reported on cyberpress.org. This vulnerability poses a security risk by allowing malicious actors to circumvent charset validation measures. Organizations using OWASP CRS should be aware of this issue and take necessary steps to mitigate the vulnerability to prevent potential attacks. |
| 2026-01-09 2026 | Hackers Actively Exploit AI Deployments as 91000 Attack Sessions Are DetectedSSRF | Hackers are targeting AI deployments, with over 91,000 attack sessions detected. The article discusses the active exploitation of AI systems by cybercriminals, highlighting the growing threat to these technologies. It emphasizes the need for robust cybersecurity measures to protect AI deployments from malicious attacks. |
| 2025-12-21 2025 | Roundcube Vulnerabilities Allow Attackers to Execute Malicious ScriptsXSS | The content discusses vulnerabilities in Roundcube, a popular webmail software, that allow attackers to execute malicious scripts. These vulnerabilities could potentially lead to unauthorized access and compromise of sensitive information. It highlights the importance of promptly addressing security flaws in software to prevent exploitation by malicious actors. The article likely provides details on the specific vulnerabilities found in Roundcube and offers recommendations for users to protect themselves from potential attacks. |
| 2025-12-10 2025 | Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSSXSS | The content discusses a critical vulnerability in Ivanti EPM that enables admin session hijacking through stored XSS attacks. This flaw poses a significant security risk as it allows attackers to take control of admin sessions. The vulnerability highlights the importance of promptly addressing and patching such security issues to prevent unauthorized access and potential data breaches. Organizations using Ivanti EPM are advised to be aware of this vulnerability and take necessary precautions to mitigate the risk of exploitation. |
| 2025-12-03 2025 | Angular Platform Vulnerability Allows Malicious Code Execution via Weaponized SVG Animation FilesXSS | The content discusses a vulnerability in the Angular platform that enables malicious code execution through weaponized SVG animation files. This vulnerability poses a risk as attackers can exploit it to execute harmful code on affected systems. It highlights the importance of being cautious when handling SVG files to prevent potential security breaches and emphasizes the need for timely updates and patches to mitigate such risks. |
| 2025-11-27 2025 | Apache SkyWalking Vulnerability Lets Attackers Expose Users to XSS AttacksXSS | The content discusses a vulnerability in Apache SkyWalking that allows attackers to expose users to cross-site scripting (XSS) attacks. This vulnerability could potentially be exploited by malicious actors to compromise user data and security. It emphasizes the importance of addressing this vulnerability promptly to prevent exploitation and protect users from potential XSS attacks. |
| 2025-11-16 2025 | Cross-Site Scripting Vulnerability Discovered in Citrix NetScaler ADC and GatewayXSS | A Cross-Site Scripting (XSS) vulnerability has been found in Citrix NetScaler ADC and Gateway. The vulnerability could potentially allow attackers to execute malicious scripts on users' browsers when visiting compromised websites. This poses a security risk to organizations using these Citrix products. It is crucial for users to be aware of this vulnerability and take necessary precautions to mitigate the risk of exploitation. For more detailed information, refer to the original source at cyberpress.org. |
| 2025-11-13 2025 | Kibana Flaws Could Allow Server-Side Request Forgery and Cross-Site Scripting AttacksSSRF | The article discusses vulnerabilities in Kibana that could lead to server-side request forgery and cross-site scripting attacks. These flaws could potentially be exploited by attackers to manipulate server requests and execute malicious scripts on the client-side. It highlights the importance of addressing these vulnerabilities promptly to prevent security breaches and protect sensitive data. |
| 2025-11-13 2025 | Multiple GitLab Vulnerabilities Allow Malicious Prompt Injection and Data TheftXSS | The article discusses multiple vulnerabilities in GitLab that enable malicious prompt injection and data theft. These vulnerabilities pose a security risk to users of GitLab, potentially allowing attackers to inject malicious prompts and steal sensitive data. It highlights the importance of addressing these vulnerabilities promptly to prevent potential security breaches and protect user data. |
| 2025-11-12 2025 | Nagios XSS Flaw Allows Remote Execution of Arbitrary JavaScriptXSS | The article discusses a cross-site scripting (XSS) vulnerability in Nagios, a popular IT infrastructure monitoring tool. This flaw could potentially allow attackers to execute arbitrary JavaScript code remotely. The vulnerability poses a security risk to systems using Nagios, as it could be exploited to carry out malicious activities. It is important for Nagios users to be aware of this issue and take necessary precautions to prevent unauthorized access and potential attacks. |
| 2025-11-12 2025 | Custom GPTs Exploit SSRF in ChatGPT to Expose SecretsSSRF | The article discusses how custom GPTs exploit Server-Side Request Forgery (SSRF) vulnerabilities in ChatGPT to reveal sensitive information. By leveraging SSRF, attackers can manipulate the AI model to access internal systems and extract confidential data. This security flaw highlights the importance of addressing SSRF vulnerabilities in AI models like ChatGPT to prevent unauthorized access and data breaches. The article emphasizes the need for robust security measures to protect against such exploits and safeguard sensitive information from being exposed. |
| 2025-10-26 2025 | Multiple GitLab Flaws Could Allow Account Takeover and Stored XSS AttacksXSS | The article discusses multiple vulnerabilities in GitLab that could lead to account takeover and stored cross-site scripting (XSS) attacks. These flaws pose security risks for GitLab users, potentially allowing malicious actors to compromise accounts and execute harmful scripts. It emphasizes the importance of promptly addressing these vulnerabilities to prevent unauthorized access and protect sensitive data within the GitLab platform. |
| 2025-10-24 2025 | CISA Alerts on Active Exploitation of Oracle EBS SSRF FlawSSRF | The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding the active exploitation of a Server-Side Request Forgery (SSRF) vulnerability in Oracle E-Business Suite (EBS). This flaw could allow attackers to manipulate server requests and potentially access sensitive information. Organizations using Oracle EBS are urged to apply security patches and implement necessary safeguards to protect their systems from exploitation. CISA's warning highlights the importance of promptly addressing vulnerabilities to prevent cyber threats and safeguard critical data. |
| 2025-09-10 2025 | GitLab Patches Vulnerabilities Allowing Denial of Service and SSRF AttacksSSRF | GitLab has addressed vulnerabilities that could lead to Denial of Service (DoS) and Server-Side Request Forgery (SSRF) attacks. These vulnerabilities have been patched to prevent potential exploitation. It is crucial for GitLab users to update their systems promptly to mitigate the risk of these security threats. |
| 2025-08-11 2025 | Xerox FreeFlow Flaws Enable SSRF and Remote Code ExecutionSSRF | The Xerox FreeFlow software has vulnerabilities that allow Server-Side Request Forgery (SSRF) attacks and remote code execution. These flaws can be exploited by attackers to manipulate requests from the server and execute malicious code remotely. It poses a significant security risk and highlights the importance of patching software to prevent exploitation. |