appsec.fyi · Sources

cybersecuritynews.com

70 curated AppSec resources from cybersecuritynews.com across 10 topics on appsec.fyi.

cybersecuritynews.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-21.

XSS 22 RCE 19 SSRF 18 Supply Chain 3 AI 2 SQLi 2 API Sec 1 AuthN 1 Deser 1 Secrets 1
Date Added Resource Excerpt
2026-04-21 2026CISA Warns Axios npm Package Was Compromised in Major Supply Chain AttackSupply ChainCISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack https://ift.tt/bSQfTkG
2026-04-21 2026Claude Code Gemini CLI and GitHub Copilot Vulnerable to Prompt Injection via GitHub CommentsAIClaude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via GitHub Comments https://ift.tt/FS25xif
2026-04-21 2026Critical Anthropics MCP Vulnerability Enables Remote Code Execution AttacksRCECritical Anthropic’s MCP Vulnerability Enables Remote Code Execution Attacks https://ift.tt/NgPh5a6
2026-04-20 2026Lovable AI App Builder Reportedly Exposes Customer Data From Projects via Unpatched API FlawAPI SecLovable AI App Builder Reportedly Exposes Customer Data From Projects via Unpatched API Flaw https://ift.tt/U5uy4dg
2026-04-20 2026Critical Vulnerability In Flowise Allows Remote Command Execution Via MCP AdaptersRCECritical Vulnerability In Flowise Allows Remote Command Execution Via MCP Adapters https://ift.tt/NBwdZU2
2026-04-18 2026Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious CodeRCECritical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code https://ift.tt/w79ePIr
2026-04-16 2026Windows Active Directory Vulnerability Allow Attackers to Execute Malicious CodeRCEWindows Active Directory Vulnerability Allow Attackers to Execute Malicious Code https://ift.tt/MaeJ2jN
2026-04-16 2026Splunk Enterprise and Cloud Platform Vulnerability Enables Remote Code Execution AttacksRCESplunk Enterprise and Cloud Platform Vulnerability Enables Remote Code Execution Attacks https://ift.tt/CABqpw7
2026-04-15 2026Agentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data TheftAIAgentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data Theft https://ift.tt/KeHF0om
2026-04-15 202625000 Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain AttackSupply Chain25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack https://ift.tt/urPB6SM
2026-04-15 2026Critical ShowDoc RCE Vulnerability Active Exploited in the WildRCECritical ShowDoc RCE Vulnerability Active Exploited in the Wild https://ift.tt/16vB7tb
2026-04-14 2026Microsoft Patch Tuesday April 2026 168 Vulnerabilities Fixed Including Actively Exploited 0-dayRCEMicrosoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited 0-day https://ift.tt/TbdJPtY
2026-04-14 2026Critical FortiSandbox Vulnerabilities Allow Attackers to Execute Unauthorized CommandsRCECritical FortiSandbox Vulnerabilities Allow Attackers to Execute Unauthorized Commands https://ift.tt/36oOGsb
2026-04-14 2026CISA Warns of Fortinet SQL Injection Vulnerability Actively Exploited in AttacksSQLiCISA Warns of Fortinet SQL Injection Vulnerability Actively Exploited in Attacks https://ift.tt/HrQnkXP
2026-04-13 2026Marimo RCE Vulnerability Exploited in the Within 10 Hours of DisclosureRCEMarimo RCE Vulnerability Exploited in the Within 10 Hours of Disclosure https://ift.tt/LEjUohx
2026-04-13 2026Critical Axios Vulnerability Allows Remote Code ExecutionRCECritical Axios Vulnerability Allows Remote Code Execution https://ift.tt/W2I8efr
2026-04-12 2026Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive DataSupply ChainHackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data https://ift.tt/mHwP0Yn
2026-04-11 20260-Click Zendesk Account Takeover VulnerabilityAuthN0-Click Zendesk Account Takeover Vulnerability
2026-04-10 2026AI Router Vulnerabilities Allow Attackers to Inject Malicious Code and Steal Sensitive DataRCEAI Router Vulnerabilities Allow Attackers to Inject Malicious Code and Steal Sensitive Data https://ift.tt/RunsJvx
2026-04-10 2026Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary CodeRCECritical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code https://ift.tt/okJfyG0
2026-04-10 2026SolarWinds Web Help Desk Deserialization VulnerabilityDeserSolarWinds Web Help Desk Deserialization Vulnerability
2026-04-09 2026CISA Warns of Critical Ivanti EPMM Code Injection Vulnerability Exploited in AttacksRCECISA Warns of Critical Ivanti EPMM Code Injection Vulnerability Exploited in Attacks https://ift.tt/2MVIqDl
2026-04-09 2026Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation AttacksSQLiMultiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation Attacks https://ift.tt/7D4rhpX
2026-04-08 2026Claude Uncovers 13-Year-Old RCE Flaw in Apache ActiveMQ in Just 10 MinutesRCEClaude Uncovers 13-Year-Old RCE Flaw in Apache ActiveMQ in Just 10 Minutes https://ift.tt/JFu4DIs
2026-04-08 2026CUPS Vulnerability Chain Enables Remote Attacker to Execute Malicious Code as Root UserRCECUPS Vulnerability Chain Enables Remote Attacker to Execute Malicious Code as Root User https://ift.tt/fhiH3dM
2026-04-07 202650000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE VulnerabilityRCE50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability https://ift.tt/E9Pb0B5
2026-04-06 20262000 FortiClient EMS Instances Exposed Online Amid Active RCE Vulnerability Exploits in the WildRCE2,000+ FortiClient EMS Instances Exposed Online Amid Active RCE Vulnerability Exploits in the Wild https://ift.tt/Xwvjd0z
2026-04-06 2026CERT-EU Confirms Trivy Supply Chain Attack Led to Credential ExposureSecretsCERT-EU Confirms Trivy Supply Chain Attack Led to Credential Exposure
2026-04-04 202614000 F5 BIG-IP APM Devices Exposed Online Amid Active RCE Vulnerability ExploitsRCE14,000+ F5 BIG-IP APM Devices Exposed Online Amid Active RCE Vulnerability Exploits https://ift.tt/WvUC40h
2026-04-02 2026Critical Grafana Vulnerabilities Let Attackers Achieve Remote Code ExecutionRCECritical Grafana Vulnerabilities Let Attackers Achieve Remote Code Execution https://ift.tt/bQpTgzY
2026-03-30 2026Stored XSS Bug in Jira Work Management Could Lead to Full Organization TakeoverXSSStored XSS Bug in Jira Work Management Could Lead to Full Organization Takeover https://ift.tt/chvJTgR
2026-03-20 2026Russian APT Exploits Zimbra XSS to Target Ukrainian Government in Operation GhostMailXSSRussian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’ https://ift.tt/XoOLnMt
2026-03-17 2026Angular XSS Vulnerability Exposes Thousands of web Applications to XSS AttacksXSSAngular XSS Vulnerability Exposes Thousands of web Applications to XSS Attacks https://ift.tt/FtpE0RI
2026-03-12 2026GitLab Security Update - Patch for XSS and API DoS VulnerabilitiesXSSGitLab Security Update - Patch for XSS and API DoS Vulnerabilities https://ift.tt/WObhDLV
2026-03-04 2026Critical XSS Vulnerability in Angular i18n Enables Malicious Code ExecutionXSSCritical XSS Vulnerability in Angular i18n Enables Malicious Code Execution https://ift.tt/MaisAIy
2026-03-02 2026Angular SSR Request Vulnerability Allows Attackers to Trick Applications into Sending Unauthorized RequestsSSRFAngular SSR Request Vulnerability Allows Attackers to Trick Applications into Sending Unauthorized Requests https://ift.tt/8hfCray
2026-02-26 2026Firefox 148 Released With Sanitizer API to Disable XSS AttackXSSFirefox 148 has been released with a Sanitizer API aimed at preventing XSS attacks. This new feature enhances security by disabling cross-site scripting attacks. The Sanitizer API is designed to protect users from malicious scripts that could exploit vulnerabilities in web applications. This update aims to improve the overall security of the Firefox browser and provide users with a safer browsing experience.
2026-02-20 2026Critical Jenkins Vulnerability Exposes Build Environments to XSS AttacksXSSA critical vulnerability in Jenkins exposes build environments to cross-site scripting (XSS) attacks. This vulnerability poses a significant risk to Jenkins users as it can be exploited to compromise build environments. XSS attacks can lead to unauthorized access, data theft, and other security breaches. Jenkins users are advised to update their systems promptly to protect against this vulnerability and ensure the security of their build environments.
2026-02-18 2026Microsoft VS Code Extension with 11M Downloads Expose Developers to One-Click XSS AttacksXSSA Microsoft VS Code extension with 11 million downloads has been found to expose developers to one-click cross-site scripting (XSS) attacks. This vulnerability could potentially allow attackers to execute malicious code on developers' systems with a single click. Developers are advised to be cautious and consider the security implications of using this extension.
2026-02-17 2026Langchain Community SSRF Bypass Vulnerability Enables Access to Internal ServicesSSRFThe Langchain Community SSRF Bypass Vulnerability allows unauthorized access to internal services. This vulnerability enables attackers to bypass security measures and gain entry to sensitive information. It poses a significant risk to the security of the Langchain Community platform.
2026-02-13 2026Zimbra Security Update - Patch for XSS XXE & LDAP Injection VulnerabilitiesXSSZimbra released a security update to address vulnerabilities including XSS, XXE, and LDAP injection. Users are advised to apply the patch to protect their systems from potential security risks.
2026-02-11 2026GitLab Patches Multiple Vulnerabilities That Enables DoS and Cross-site Scripting AttacksXSSGitLab has addressed several vulnerabilities that could lead to Denial of Service (DoS) and Cross-site Scripting (XSS) attacks. By patching these vulnerabilities, GitLab aims to enhance the security of its platform and protect users from potential exploitation. It is crucial for users to update their GitLab installations promptly to mitigate the risk of these security threats.
2026-02-10 2026FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary CommandsXSSThe FortiSandbox XSS vulnerability allows attackers to execute arbitrary commands. This security flaw poses a risk as it enables attackers to run unauthorized commands on the affected system. Organizations using FortiSandbox should be aware of this vulnerability and take necessary precautions to mitigate the risk of exploitation.
2026-02-04 2026CISA Warns of GitLab Community and Enterprise Editions SSRF Vulnerability Exploited in AttacksSSRFCISA issued a warning about a SSRF vulnerability in GitLab Community and Enterprise Editions being exploited in attacks. The vulnerability allows attackers to send unauthorized requests from the server, potentially leading to data breaches or server compromise. Users of GitLab should be vigilant and apply any available patches or updates to mitigate the risk of exploitation.
2026-02-03 2026Foxit PDF Editor Vulnerabilities Let Attackers Execute Arbitrary JavaScriptXSSThe Foxit PDF Editor has vulnerabilities that allow attackers to execute arbitrary JavaScript. This security flaw can be exploited by malicious actors to run unauthorized code within PDF documents, potentially leading to harmful consequences. Users of Foxit PDF Editor should be cautious and consider updating their software to protect against these vulnerabilities.
2026-01-22 2026Critical Chainlit AI Vulnerabilities Let Hackers Gain Control Over Cloud EnvironmentsSSRFCritical vulnerabilities in Chainlit AI allow hackers to take control of cloud environments, posing a significant security risk. These vulnerabilities could potentially lead to unauthorized access, data breaches, and other malicious activities within cloud systems. It is crucial for organizations using Chainlit AI to promptly address these vulnerabilities to prevent exploitation by cyber attackers.
2026-01-13 2026FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP RequestsSSRFThe content discusses a vulnerability in FortiSandbox that allows attackers to proxy internal traffic using specially crafted HTTP requests. This Server-Side Request Forgery (SSRF) vulnerability can be exploited by attackers to manipulate the server into making requests to internal systems, potentially leading to unauthorized access or data leakage. It is crucial for FortiSandbox users to be aware of this vulnerability and take necessary precautions to prevent exploitation by malicious actors.
2026-01-13 2026New Angular Vulnerability Enables an Attacker to Execute Malicious PayloadXSSA new vulnerability in Angular allows attackers to execute malicious payloads. This vulnerability poses a security risk as it can be exploited by attackers to compromise systems running Angular applications. It is crucial for users and developers to be aware of this issue and take necessary precautions to mitigate the risk of exploitation. Stay informed about security updates and patches released by Angular to protect against potential attacks leveraging this vulnerability.
2025-12-19 2025Roundcube Vulnerabilities Allow Attackers to Execute Malicious ScriptsXSSThe content discusses vulnerabilities in Roundcube, an open-source webmail software, that enable attackers to execute malicious scripts. These vulnerabilities pose a security risk by allowing unauthorized individuals to run harmful code on affected systems. It highlights the importance of promptly addressing such vulnerabilities to prevent potential cyber attacks and protect sensitive data.
2025-12-11 2025GitLab Patches Multiple Vulnerabilities that Allows Attackers to Trigger XSS and DoS AttackXSSGitLab has addressed several vulnerabilities that could be exploited by attackers to launch cross-site scripting (XSS) and denial of service (DoS) attacks. By patching these vulnerabilities, GitLab aims to enhance the security of its platform and protect users from potential exploitation. It is crucial for users to update their GitLab installations to the latest version to mitigate the risks associated with these vulnerabilities.
2025-12-10 2025Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSSXSSA critical vulnerability in Ivanti Endpoint Manager (EPM) allows attackers to hijack admin sessions through stored cross-site scripting (XSS). This flaw could be exploited by malicious actors to take control of administrative sessions, posing a significant security risk. Organizations using Ivanti EPM should address this vulnerability promptly to prevent unauthorized access and potential data breaches.
2025-12-03 2025Angular Platform Vulnerability Allows Malicious Code Execution Via Weaponized SVG Animation FilesXSSA vulnerability in the Angular platform enables malicious code execution through weaponized SVG animation files. This flaw allows attackers to embed harmful code within SVG files, potentially leading to security breaches. Organizations using Angular should be cautious when handling SVG files to prevent exploitation of this vulnerability. Vigilance and prompt updates are recommended to mitigate the risk of malicious code execution through this vector.
2025-11-29 2025CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in AttacksXSSThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a cross-site scripting vulnerability in OpenPLC ScadaBR that is being exploited in attacks. This vulnerability poses a security risk and has been actively targeted by malicious actors. Organizations using OpenPLC ScadaBR are advised to take immediate action to address this vulnerability to prevent potential exploitation and protect their systems from cyber threats.
2025-11-13 2025Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive DataXSSMultiple vulnerabilities in GitLab allow attackers to inject malicious prompts, potentially leading to the theft of sensitive data. These vulnerabilities could be exploited by attackers to compromise security and access valuable information. It is crucial for GitLab users to stay informed about these vulnerabilities and take necessary precautions to protect their data and systems from potential attacks.
2025-11-13 2025Multiple Kibana Vulnerabilities Enables SSRF and XSS AttacksSSRFThe content discusses how multiple vulnerabilities in Kibana can lead to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks. These vulnerabilities can be exploited to manipulate server requests and execute malicious scripts on users' browsers. It highlights the importance of addressing these vulnerabilities promptly to prevent potential security breaches and protect sensitive data.
2025-11-12 2025Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting AttacksXSSA vulnerability in Citrix NetScaler ADC and Gateway allows for Cross-Site Scripting (XSS) attacks. This flaw can be exploited by attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access or data theft. Organizations using these Citrix products should be aware of this security risk and take necessary precautions to mitigate the threat. Regularly updating software, implementing security patches, and monitoring network traffic for suspicious activity are recommended to protect against XSS attacks.
2025-11-12 2025ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose SecretsSSRFThe content discusses how ChatGPT was hacked using custom GPTs that exploited a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability allowed attackers to expose secrets within the system. The exploit highlights the importance of addressing SSRF vulnerabilities to prevent unauthorized access and data breaches.
2025-10-29 2025Wordpress Plugin Vulnerability Exposes 7 Million Sites to XSS AttackXSSA vulnerability in a WordPress plugin has put 7 million websites at risk of cross-site scripting (XSS) attacks. The flaw allows attackers to inject malicious code into websites using the vulnerable plugin, potentially leading to data theft or site compromise. Website owners are advised to update the plugin to the latest version to mitigate the risk of exploitation.
2025-10-25 2025CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in AttacksXSSThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) that is being actively exploited in attacks. The vulnerability involves cross-site scripting (XSS) and poses a significant risk to users of ZCS. Organizations using ZCS are advised to take immediate action to mitigate the threat posed by this exploit.
2025-10-21 2025CISA Warns Of Oracle E-Business Suite SSRF Vulnerability Actively Exploited In AttacksSSRFThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an SSRF vulnerability in Oracle E-Business Suite that is being actively exploited in attacks. This vulnerability poses a security risk and organizations using this software should take immediate action to protect their systems. CISA's alert highlights the importance of addressing vulnerabilities promptly to prevent potential cyber threats.
2025-10-18 2025Critical Zimbra SSRF Vulnerability Let Attackers Access Sensitive DataSSRFA critical Zimbra SSRF vulnerability allows attackers to access sensitive data. The vulnerability poses a significant security risk by enabling attackers to exploit Server-Side Request Forgery (SSRF) to access confidential information. This vulnerability highlights the importance of promptly addressing security flaws to prevent unauthorized access to sensitive data.
2025-09-10 2025GitLab Patches Multiple Vulnerabilities That Enables Denial Of Service and SSRF AttacksSSRFGitLab has fixed several vulnerabilities that could lead to Denial of Service (DoS) and Server-Side Request Forgery (SSRF) attacks. These vulnerabilities have been addressed to prevent potential security risks. It is crucial for GitLab users to update their systems to the latest patched versions to mitigate these security threats.
2025-08-11 2025Xerox FreeFlow Vulnerabilities leads to SSRF and RCE AttacksSSRFXerox FreeFlow software vulnerabilities have been identified, potentially enabling Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE) attacks. These vulnerabilities pose security risks that could allow malicious actors to manipulate server requests and execute unauthorized code. It is crucial for users of Xerox FreeFlow software to be aware of these vulnerabilities and take necessary precautions to mitigate the associated risks.
2025-06-19 2025Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary HostsSSRFThe content discusses a Server-Side Request Forgery (SSRF) vulnerability in Open Next for Cloudflare, allowing attackers to load remote resources from any host. This vulnerability can be exploited by attackers to manipulate the server into making unauthorized requests to external systems, potentially leading to data breaches or system compromise. It highlights the importance of promptly addressing and patching such vulnerabilities to prevent unauthorized access and protect sensitive information.
2025-05-16 2025SonicWall SMA1000 Vulnerability Let Attackers to Exploit Encoded URLs To Gain Internal Systems Access RemotelySSRFA vulnerability in SonicWall SMA1000 allows attackers to exploit encoded URLs, gaining remote access to internal systems. This security flaw poses a risk of unauthorized access and potential data breaches. Organizations using SonicWall SMA1000 should be aware of this issue and take necessary precautions to protect their systems and data from exploitation. Regular security updates and patches should be applied to mitigate the risk of such vulnerabilities being exploited by malicious actors.
2025-05-05 2025Hackers Leveraging Email Input Fields to Exploit Vulnerabilities Ranging from XSS to SSRFSSRFHackers are exploiting vulnerabilities in email input fields, including cross-site scripting (XSS) and server-side request forgery (SSRF). By manipulating email input fields, attackers can execute malicious code or access sensitive information. These vulnerabilities pose significant risks to organizations and individuals. It is crucial to implement robust security measures to protect against such attacks and regularly update systems to patch any potential vulnerabilities.
2025-04-15 2025Hackers Exploiting EC2 Instance Metadata Vulnerability to Attacks Websites HostedSSRFHackers are targeting websites hosted on Amazon EC2 instances by exploiting a vulnerability in the instance metadata service. This vulnerability allows attackers to gain unauthorized access to sensitive information, potentially leading to website compromise. EC2 users are advised to implement security measures to protect against these attacks, such as restricting access to the metadata service and regularly updating their systems to patch any known vulnerabilities.
2025-03-12 2025400 IPs Actively Exploiting Multiple SSRF Vulnerabilities In The WildSSRFOver 400 IPs are currently exploiting various Server-Side Request Forgery (SSRF) vulnerabilities in the wild. This poses a significant security risk as SSRF vulnerabilities can be used by attackers to manipulate server requests and potentially access sensitive information or execute unauthorized actions. It is crucial for organizations to promptly address and patch these vulnerabilities to prevent exploitation and safeguard their systems and data from potential breaches.
2025-02-10 2025Microsoft SharePoint Connector Vulnerability Let Attackers Steal Users CredentialsSSRFA vulnerability in Microsoft SharePoint Connector allows attackers to steal users' credentials. This security flaw poses a risk of unauthorized access to sensitive information. It is crucial for users to be aware of this issue and take necessary precautions to protect their credentials and data. Microsoft may release patches or updates to address this vulnerability, and users should stay informed and implement any recommended security measures promptly.
2024-08-14 2024Critical SSRF Vulnerability in Microsoft Azure Let Hackers Compromise Health Bot ServicesSSRFA critical Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure allows hackers to compromise Health Bot Services. This vulnerability poses a significant security risk as it enables unauthorized access and manipulation of sensitive data within the Health Bot Services platform. It highlights the importance of addressing and patching such vulnerabilities promptly to prevent potential breaches and protect user information.