cybersecuritynews.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-18.
RCE 48
XSS 24
SSRF 20
API Sec 9
Supply Chain 9
SQLi 5
AI 3
Mobile 2
AuthN 1
AuthZ 1
Deser 1
GraphQL 1
Python 1
Secrets 1
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-18 2026 | Claude Code RCE Flaw Lets Attackers Execute Commands via Malicious DeeplinksRCE | A critical vulnerability has been discovered in Claude Code, allowing attackers to execute arbitrary commands on a user's system through malicious deep links. This Remote Code Execution (RCE) flaw exploits how Claude Code handles specially crafted URLs. By tricking a user into clicking such a link, an attacker could potentially gain control of their machine. The exact payout for this bug bounty was not specified in the provided content. |
| 2026-05-16 2026 | PraisonAI Vulnerability Exploited Within Hours of Public DisclosureAPI Sec | PraisonAI experienced a critical vulnerability that was exploited within hours of its public disclosure. The exact nature of the vulnerability and the extent of the damage are not detailed in the provided content, other than that it was a significant security concern. No specific bug bounty payout amount was mentioned in the text. |
| 2026-05-15 2026 | Critical Next.js Vulnerability Exposes Cloud Credentials API keys and Admin PanelsSSRF | A critical vulnerability in Next.js has been disclosed, potentially exposing sensitive cloud credentials, API keys, and admin panels. This flaw could allow attackers to gain unauthorized access to vital system resources. Further details on the exploit and mitigation strategies are available through the provided link, which was shared via IFTTT. |
| 2026-05-15 2026 | Critical GitLab Vulnerabilities Enables XSS and Unauthenticated DoS AttacksXSS | Two critical vulnerabilities have been discovered in GitLab, allowing attackers to perform Cross-Site Scripting (XSS) attacks and unauthenticated Denial-of-Service (DoS) attacks. These flaws could lead to sensitive data exposure and service disruption. Users are strongly advised to update their GitLab instances to the latest versions to mitigate these risks. The specific versions affected and the patches available are detailed in the linked security advisory. |
| 2026-05-15 2026 | OpenAI Confirms Security Breach Via TanStack npm Supply Chain AttackSupply Chain | OpenAI has confirmed a security breach resulting from a supply chain attack on the TanStack npm package. Malicious code was injected into a TanStack dependency, which was then used by OpenAI. This breach allowed unauthorized access to some of OpenAI's private customer data. The company has since taken steps to secure its systems and is notifying affected customers. |
| 2026-05-15 2026 | node-ipc npm Package with 822K Weekly Downloads Compromised in Supply Chain AttackSupply Chain | The popular npm package `node-ipc`, downloaded over 822,000 times weekly, has been compromised in a supply chain attack. Malicious code was intentionally injected into the package, affecting users who installed or updated it. This incident highlights a significant security risk within the open-source software ecosystem. Developers are advised to immediately review their dependencies and consider reverting to a previous, uncompromised version of `node-ipc` to mitigate potential harm. Further details regarding the specific malicious payload and its impact are available in the provided link. |
| 2026-05-15 2026 | DarkMoon AI-Powered Autonomous Penetration Testing Platform With 50 ToolsGraphQL | DarkMoon is an AI-powered autonomous penetration testing platform featuring over 50 tools. It automates the process of identifying vulnerabilities in systems. |
| 2026-05-14 2026 | Langflow CVE-2026-33017 Exploited to Steal AWS Keys and Deploy NATS WorkerAPI Sec | A critical vulnerability, CVE-2026-33017, in Langflow has been exploited. Attackers leveraged this flaw to steal AWS keys and deploy a NATS worker, indicating a sophisticated and potentially wide-reaching compromise. The exploitation highlights significant security risks associated with the affected Langflow versions. Further details on the exploit and its impact can be found at the provided link. |
| 2026-05-14 2026 | Critical Canon MailSuite Vulnerability Enables Remote Code Execution AttacksRCE | A critical vulnerability has been discovered in Canon MailSuite software that allows attackers to execute arbitrary code remotely. This means malicious actors could potentially take control of affected systems by exploiting this flaw. Further details on the vulnerability and its impact are available at the provided link. No bug bounty payout amount is mentioned in the content. |
| 2026-05-14 2026 | Critical MongoDB Vulnerability Allow Attackers to Execute Arbitrary CodeRCE | A critical vulnerability has been discovered in MongoDB that allows attackers to execute arbitrary code on affected systems. This significant security flaw poses a serious risk to data confidentiality and system integrity. Users are strongly advised to update their MongoDB installations to the latest patched version immediately to mitigate this threat. Further details on the exploit are available through the provided link. |
| 2026-05-14 2026 | Windows DNS Client Vulnerability Enables Remote Code Execution AttacksRCE | A critical vulnerability in the Windows DNS Client allows for remote code execution (RCE). Attackers can exploit this flaw by sending specially crafted DNS responses to trigger the vulnerability. This could enable attackers to gain control of a victim's system without any user interaction. The vulnerability affects multiple Windows versions. Further details and mitigation strategies are available via the provided link. |
| 2026-05-14 2026 | Critical 18-Year-Old NGINX Vulnerability Enables Remote Code Execution AttacksRCE | An 18-year-old NGINX vulnerability has been discovered, posing a critical risk of remote code execution (RCE) attacks. This allows attackers to potentially gain full control of affected servers. The vulnerability's long-standing presence highlights a significant security oversight. Further details on the specific exploit and its impact are available via the provided link. |
| 2026-05-14 2026 | Critical SandboxJS Escape Vulnerability Enables Host TakeoverRCE | A critical vulnerability has been discovered in SandboxJS, a JavaScript sandbox environment. This exploit allows attackers to escape the sandbox, potentially leading to a complete takeover of the host system. The vulnerability's nature suggests it could compromise the security of applications relying on SandboxJS for isolation. Further details on the exploit's specifics and impact are available via the provided link. No bounty payout amount is mentioned. |
| 2026-05-13 2026 | Critical Fortinet FortiSandbox Vulnerability Enables Code Execution AttacksRCE | A critical vulnerability in Fortinet's FortiSandbox allows for unauthenticated remote code execution. Successful exploitation of this flaw could enable attackers to compromise systems without needing any prior authentication. This is a severe security risk as it could lead to widespread damage. Further details on the vulnerability and potential mitigations are available at the provided link. No payout amount was specified. |
| 2026-05-12 2026 | Microsoft Patch Tuesday May 2026 - 120 Vulnerabilities Fixed Including 29 Critical RCE FlawsRCE | Microsoft's May 2026 Patch Tuesday addressed 120 vulnerabilities, a significant update focusing on security. Among these, 29 critical flaws were patched, specifically impacting Remote Code Execution (RCE). This regular release is crucial for users to maintain system security and protect against potential exploits that could compromise their devices. The update aims to close security gaps and reinforce the overall integrity of Microsoft's software ecosystem. |
| 2026-05-12 2026 | SAP Patches Critical SQL injection Vulnerability in SAP S/4HANASQLi | SAP has released a patch for a critical SQL injection vulnerability in its S/4HANA enterprise resource planning software. This vulnerability could allow attackers to gain unauthorized access to sensitive data and potentially disrupt business operations. The company urges all users of SAP S/4HANA to apply the security update immediately to protect their systems from potential exploitation. |
| 2026-05-12 2026 | Critical PHP SOAP Extension Vulnerabilities Enables Remote Code Execution AttacksRCE | The PHP SOAP extension contains critical vulnerabilities that allow for remote code execution (RCE). These flaws can be exploited by attackers to gain control of affected systems. The extent of the impact and specific attack vectors are detailed in the linked advisory. No bug bounty payout amount is mentioned. |
| 2026-05-10 2026 | New cPanel and WHM Flaws Enable Code Execution DoS AttacksRCE | New vulnerabilities in cPanel and WHM allow attackers to execute code and launch Denial of Service (DoS) attacks. These security flaws could compromise server integrity and availability. Users are strongly advised to update their cPanel and WHM installations to the latest versions to patch these vulnerabilities and protect their systems. |
| 2026-05-09 2026 | Critical Ollama Memory Leak Vulnerability Exposes 300000 Servers GloballyAPI Sec | A critical memory leak vulnerability in Ollama, an open-source tool for running large language models, has been discovered, potentially impacting an estimated 300,000 servers worldwide. The vulnerability allows for denial-of-service (DoS) attacks by exhausting server memory. While the exact payout amount for reporting this bug isn't specified, the discovery highlights a significant security risk for users of Ollama, emphasizing the need for prompt patching and security awareness in the AI infrastructure landscape. |
| 2026-05-09 2026 | Palo Alto Networks Firewall Zero-Day RCE Vulnerability Exploited in the Wild Since AprilRCE | A critical zero-day Remote Code Execution (RCE) vulnerability in Palo Alto Networks firewalls has been actively exploited in the wild since April. The vulnerability affects specific PAN-OS versions and allows attackers to gain unauthorized access and control. Palo Alto Networks has released patches and urges customers to update their systems immediately to mitigate the risk of compromise. Users are advised to check their firewall configurations and monitor for suspicious activity. |
| 2026-05-08 2026 | Multiple Critical Vulnerabilities Patched in Next.js and React Server ComponentsSSRF | Multiple critical vulnerabilities have been patched in Next.js and React Server Components. These security flaws could have allowed for unauthorized code execution and data exposure. Developers are urged to update their Next.js and React Server Components to the latest versions immediately to mitigate these risks. The exact payout amounts for the bounties related to these vulnerabilities were not specified in the provided content. |
| 2026-05-07 2026 | Critical Redis Vulnerabilities Enables Remote Code Execution AttacksRCE | This content describes critical vulnerabilities in Redis that allow for remote code execution. These flaws enable attackers to compromise systems by exploiting specific configurations or weaknesses in the popular in-memory data structure store. The exploitation of these vulnerabilities can lead to severe security breaches, granting attackers unauthorized control over affected servers. Further details are available via the provided link. |
| 2026-05-07 2026 | Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution AttacksRCE | Critical vulnerabilities in the vm2 Node.js library have been disclosed, allowing attackers to execute arbitrary code. These flaws enable sandbox escapes, meaning malicious actors can bypass security restrictions and gain control of systems running vulnerable versions of vm2. Users are strongly advised to update to the latest version to mitigate these risks. The article provides a link for further details on the specific vulnerabilities and their implications. |
| 2026-05-06 2026 | New MajorDoMo RCE Vulnerability Exposes Servers to Code Execution AttacksRCE | A critical Remote Code Execution (RCE) vulnerability has been discovered in MajorDoMo, a popular home automation system. This flaw allows attackers to execute arbitrary code on vulnerable servers, potentially leading to complete system compromise. The vulnerability's exploitability and the wide adoption of MajorDoMo present a significant risk to users. While the specific impact and technical details are still emerging, the discovery highlights the need for immediate attention and patching by MajorDoMo users to protect their systems from malicious actors. |
| 2026-05-06 2026 | Argo CD's ServerSideDiff Vulnerability Enables Kubernetes Secret ExtractionAPI Sec | Argo CD's ServerSideDiff vulnerability allows attackers to extract sensitive Kubernetes secrets. This flaw enables the unauthorized disclosure of confidential information stored within the cluster. The vulnerability arises from how Argo CD handles diffing operations on the server side, creating an exploitable condition. This discovery highlights a significant security risk for users of Argo CD and emphasizes the need for prompt patching and security audits. |
| 2026-05-06 2026 | Zero-Auth Flaw Exposes DoD Contractor to Cross-Tenant Data AccessAPI SecAuthZ | A critical zero-authentication flaw in a contractor's system has exposed the Department of Defense (DoD) to cross-tenant data access risks. This vulnerability allowed unauthorized access to sensitive information without any credentials. The specific details and the contractor involved were not disclosed. This breach highlights significant security concerns for government contractors and the sensitive data they handle. |
| 2026-05-05 2026 | New ScarCruft Supply Chain Attack Hits Gaming Platform With Windows and Android BackdoorsSupply Chain | ScarCruft, a sophisticated threat group, has launched a new supply chain attack targeting a gaming platform. This attack delivers backdoors for both Windows and Android devices. The attackers exploit vulnerabilities to compromise the platform and subsequently infect its users. The specific gaming platform and the extent of the compromise are not detailed in the provided title and link. This incident highlights the ongoing threat of supply chain attacks and the need for robust security measures in the gaming industry. |
| 2026-05-05 2026 | Critical Weaver E-cology RCE Vulnerability Actively Exploited in AttacksRCE | Critical Weaver E-cology RCE Vulnerability Actively Exploited in Attacks https://ift.tt/HivswZq |
| 2026-05-05 2026 | Critical Qualcomm Chipset Vulnerabilities Enables Remote Code ExecutionMobileRCE | Researchers have discovered critical vulnerabilities in Qualcomm chipsets that could allow remote code execution. These flaws, detailed in a linked article, pose a significant security risk, potentially enabling attackers to compromise devices without user interaction. The implications are broad, affecting a wide range of Android devices utilizing these chipsets. The specific impact and exploitability of these vulnerabilities are still being assessed, but the potential for widespread compromise is high. No bug bounty payout amount is mentioned. |
| 2026-05-05 2026 | DAEMON Tools Software Hacked to Deliver Malware in a Supply Chain AttackSupply Chain | This article reports a supply chain attack where DAEMON Tools software was compromised to distribute malware. Attackers injected malicious code into the software's update mechanism, potentially affecting users who downloaded or updated DAEMON Tools. This highlights the vulnerability of software supply chains and the importance of robust security measures to prevent malicious actors from compromising legitimate software distribution channels and distributing malware to unsuspecting users. |
| 2026-05-05 2026 | Critical Android Zero-Click Vulnerability Grants Remote Shell AccessMobileRCE | Critical Android Zero-Click Vulnerability Grants Remote Shell Access https://ift.tt/WMdoOBe |
| 2026-05-05 2026 | Apache HTTP Server Exposes Millions of Servers to Remote Code Execution AttacksRCE | Apache HTTP Server, a widely used web server, has a critical vulnerability that could allow attackers to execute remote code. This bug, detailed in a security advisory, affects a significant number of servers globally, potentially exposing millions to attacks. The exact impact and potential for exploitation are still being assessed, but the severity of remote code execution (RCE) vulnerabilities is high. No bug bounty payout amount was mentioned. |
| 2026-05-04 2026 | Apache MINA Vulnerabilities Enables Remote Code Execution AttacksRCE | Apache MINA, a network application framework, has vulnerabilities that can allow for remote code execution. The specific details of these vulnerabilities are not provided in the content, but the title indicates a significant security risk. Attackers could potentially exploit these flaws to gain control of systems running Apache MINA. No bug bounty payout amount is mentioned. |
| 2026-05-04 2026 | FreeBSD DHCP Client Vulnerability Enables Remote Code Execution as RootRCE | A critical vulnerability in FreeBSD's DHCP client allows for remote code execution with root privileges. This flaw, discovered by researchers, enables attackers to exploit the client's handling of DHCP packets to gain complete control of a vulnerable system. The specific details of the exploit are available via the provided link. No bounty payout amount is mentioned in the provided content. |
| 2026-05-03 2026 | Jenkins Patches High-Severity Plugin Flaws Including Path Traversal and Stored XSSXSS | Jenkins Patches High-Severity Plugin Flaws Including Path Traversal and Stored XSS https://ift.tt/GQ1udUD |
| 2026-05-01 2026 | Critical Wireshark Vulnerabilities Let Attackers Execute Arbitrary Code Via Malformed PacketsRCE | Critical vulnerabilities have been discovered in Wireshark, a popular network protocol analyzer, that could allow attackers to execute arbitrary code on a victim's system. These vulnerabilities stem from the program's handling of malformed packets, meaning specially crafted network data can be used to exploit the flaw. Successful exploitation could lead to complete compromise of the affected system. Users are advised to update Wireshark to the latest version to patch these serious security risks. |
| 2026-04-30 2026 | Google Gemini CLI Vulnerabilities Allow Attackers to Execute Commands on Host SystemsAPI SecRCE | Vulnerabilities discovered in Google's Gemini CLI allow attackers to execute arbitrary commands on host systems. These flaws, detailed in a recent report, pose a significant security risk. The specific bounty payout amount for this discovery is not mentioned in the provided content. |
| 2026-04-30 2026 | Qinglong Task Scheduler RCE Vulnerabilities Exploited in the WildAPI SecRCE | Qinglong Task Scheduler is facing widespread exploitation of Remote Code Execution (RCE) vulnerabilities in the wild. These security flaws allow attackers to gain unauthorized control over systems running the scheduler. Organizations using Qinglong are urged to update to the latest versions and implement immediate security patches to mitigate the risk of compromise. The exploitation of these vulnerabilities highlights the critical need for prompt security updates and diligent monitoring of task scheduling systems. |
| 2026-04-30 2026 | CVE MCP Server Turns Claude Into a Full-Spectrum Security Analyst With 27 Tools Across 21 APIsAIAPI Sec | The CVE MCP Server leverages Claude's AI capabilities to transform it into a comprehensive security analyst. It integrates 27 distinct security tools through 21 different APIs. This allows Claude to analyze vulnerabilities and threats from a wide spectrum of angles, enhancing its ability to identify and address security issues. The tool aims to provide a more robust and integrated approach to cybersecurity analysis by bringing together diverse functionalities under a single AI-powered platform. |
| 2026-04-30 2026 | ProFTPDs SQL Injection Vulnerability Enables Remote Code Execution AttacksRCESQLi | A critical SQL injection vulnerability in ProFTPD, an FTP server, allows remote code execution. Attackers can exploit this flaw to gain control of affected servers. The vulnerability is present in the `mod_sql` module, which is used for authentication against SQL databases. Successful exploitation could lead to severe security breaches, data theft, and system compromise. Users are advised to update ProFTPD to the latest version to patch this critical vulnerability. |
| 2026-04-29 2026 | Hugging Face LeRobot Vulnerability Enables Unauthenticated RCE AttacksRCE | A critical vulnerability in Hugging Face's LeRobot library allows unauthenticated remote code execution (RCE) attacks. Attackers can exploit this flaw to compromise systems without needing any prior authentication. This could lead to significant security breaches. The report does not mention a specific bug bounty payout amount. |
| 2026-04-29 2026 | Critical Chrome Vulnerabilities Enables Remote Code Execution AttacksRCE | Critical vulnerabilities in Google Chrome have been discovered, posing a significant security risk. These flaws allow for remote code execution (RCE) attacks, meaning malicious actors could potentially run unauthorized code on a user's system without their direct interaction. This could lead to data theft, system compromise, or other harmful actions. Users are strongly advised to ensure their Chrome browsers are updated to the latest version to patch these critical security holes and protect themselves from potential exploitation. No specific bounty payout amount was mentioned in the provided content. |
| 2026-04-28 2026 | Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server CompromiseRCESupply Chain | A critical Remote Code Execution (RCE) vulnerability has been discovered in GitHub.com and GitHub Enterprise Server. This flaw allows attackers to achieve full server compromise. The vulnerability's details have been shared via a link, but no specific payout amount for reporting it has been mentioned. This discovery highlights a significant security risk for users and organizations relying on GitHub's platforms. |
| 2026-04-28 2026 | Critical LiteLLM SQL Injection Vulnerability Exploited in the WildSQLi | A critical SQL injection vulnerability in LiteLLM has been exploited in the wild. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification. Details are limited, but the discovery highlights a significant security risk for users of LiteLLM. Further information on the specific exploit and mitigation strategies is expected. |
| 2026-04-28 2026 | Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious ScriptsSupply Chain | A popular Python package, downloaded over a million times monthly, was compromised and used to inject malicious scripts. The attacker reportedly injected malicious code into a new version of the package, which was then published to the Python Package Index (PyPI). This incident highlights a significant security risk for developers relying on third-party libraries. Further details on the exact nature of the malicious scripts and any potential impact are still emerging. |
| 2026-04-27 2026 | Critical Gemini CLI Vulnerability Enables Remote Code Execution AttacksRCE | A critical vulnerability in the Gemini Command Line Interface (CLI) has been discovered, posing a significant security risk. This flaw allows for Remote Code Execution (RCE) attacks, meaning attackers could potentially run arbitrary code on a user's system without their knowledge or consent. This could lead to data breaches, system compromise, and other malicious activities. Users are strongly advised to update their Gemini CLI to the latest version to patch this vulnerability. |
| 2026-04-27 2026 | Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM PrivilegesRCE | A critical vulnerability has been discovered in Nessus Agents on Windows, allowing for arbitrary code execution with SYSTEM privileges. This means an attacker could potentially gain complete control over a vulnerable system. The vulnerability, detailed in a linked report, highlights a significant security risk for organizations using Nessus Agents. No specific bounty payout amount is mentioned in the provided content. |
| 2026-04-24 2026 | Python Vulnerability Allows Out-of-Bounds Write on Windows SystemsPython | A critical vulnerability has been discovered in Python that permits out-of-bounds writes on Windows systems. This flaw could potentially lead to arbitrary code execution. While the vulnerability is significant, no specific bug bounty payout amount is mentioned in the provided content. Users of Python on Windows are advised to update to the latest version to mitigate this security risk. |
| 2026-04-21 2026 | CISA Warns Axios npm Package Was Compromised in Major Supply Chain AttackSupply Chain | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack https://ift.tt/bSQfTkG |
| 2026-04-21 2026 | Claude Code Gemini CLI and GitHub Copilot Vulnerable to Prompt Injection via GitHub CommentsAI | Claude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via GitHub Comments https://ift.tt/FS25xif |
| 2026-04-21 2026 | Critical Anthropics MCP Vulnerability Enables Remote Code Execution AttacksRCE | Critical Anthropic’s MCP Vulnerability Enables Remote Code Execution Attacks https://ift.tt/NgPh5a6 |
| 2026-04-20 2026 | Lovable AI App Builder Reportedly Exposes Customer Data From Projects via Unpatched API FlawAPI Sec | Lovable AI App Builder Reportedly Exposes Customer Data From Projects via Unpatched API Flaw https://ift.tt/U5uy4dg |
| 2026-04-20 2026 | Critical Vulnerability In Flowise Allows Remote Command Execution Via MCP AdaptersRCE | Critical Vulnerability In Flowise Allows Remote Command Execution Via MCP Adapters https://ift.tt/NBwdZU2 |
| 2026-04-18 2026 | Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious CodeRCE | Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code https://ift.tt/w79ePIr |
| 2026-04-16 2026 | Windows Active Directory Vulnerability Allow Attackers to Execute Malicious CodeRCE | Windows Active Directory Vulnerability Allow Attackers to Execute Malicious Code https://ift.tt/MaeJ2jN |
| 2026-04-16 2026 | Splunk Enterprise and Cloud Platform Vulnerability Enables Remote Code Execution AttacksRCE | Splunk Enterprise and Cloud Platform Vulnerability Enables Remote Code Execution Attacks https://ift.tt/CABqpw7 |
| 2026-04-15 2026 | Agentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data TheftAI | Agentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data Theft https://ift.tt/KeHF0om |
| 2026-04-15 2026 | 25000 Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain AttackSupply Chain | 25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack https://ift.tt/urPB6SM |
| 2026-04-15 2026 | Critical ShowDoc RCE Vulnerability Active Exploited in the WildRCE | Critical ShowDoc RCE Vulnerability Active Exploited in the Wild https://ift.tt/16vB7tb |
| 2026-04-14 2026 | Microsoft Patch Tuesday April 2026 168 Vulnerabilities Fixed Including Actively Exploited 0-dayRCE | Microsoft Patch Tuesday April 2026 – 168 Vulnerabilities Fixed, Including Actively Exploited 0-day https://ift.tt/TbdJPtY |
| 2026-04-14 2026 | Critical FortiSandbox Vulnerabilities Allow Attackers to Execute Unauthorized CommandsRCE | Critical FortiSandbox Vulnerabilities Allow Attackers to Execute Unauthorized Commands https://ift.tt/36oOGsb |
| 2026-04-14 2026 | CISA Warns of Fortinet SQL Injection Vulnerability Actively Exploited in AttacksSQLi | CISA Warns of Fortinet SQL Injection Vulnerability Actively Exploited in Attacks https://ift.tt/HrQnkXP |
| 2026-04-13 2026 | Marimo RCE Vulnerability Exploited in the Within 10 Hours of DisclosureRCE | Marimo RCE Vulnerability Exploited in the Within 10 Hours of Disclosure https://ift.tt/LEjUohx |
| 2026-04-13 2026 | Critical Axios Vulnerability Allows Remote Code ExecutionRCE | Critical Axios Vulnerability Allows Remote Code Execution https://ift.tt/W2I8efr |
| 2026-04-12 2026 | Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive DataSupply Chain | Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data https://ift.tt/mHwP0Yn |
| 2026-04-11 2026 | 0-Click Zendesk Account Takeover VulnerabilityAuthN | 0-Click Zendesk Account Takeover Vulnerability |
| 2026-04-10 2026 | AI Router Vulnerabilities Allow Attackers to Inject Malicious Code and Steal Sensitive DataRCE | AI Router Vulnerabilities Allow Attackers to Inject Malicious Code and Steal Sensitive Data https://ift.tt/RunsJvx |
| 2026-04-10 2026 | Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary CodeRCE | Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code https://ift.tt/okJfyG0 |
| 2026-04-10 2026 | SolarWinds Web Help Desk Deserialization VulnerabilityDeser | SolarWinds Web Help Desk Deserialization Vulnerability |
| 2026-04-09 2026 | CISA Warns of Critical Ivanti EPMM Code Injection Vulnerability Exploited in AttacksRCE | CISA Warns of Critical Ivanti EPMM Code Injection Vulnerability Exploited in Attacks https://ift.tt/2MVIqDl |
| 2026-04-09 2026 | Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation AttacksSQLi | Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation Attacks https://ift.tt/7D4rhpX |
| 2026-04-08 2026 | Claude Uncovers 13-Year-Old RCE Flaw in Apache ActiveMQ in Just 10 MinutesRCE | Claude Uncovers 13-Year-Old RCE Flaw in Apache ActiveMQ in Just 10 Minutes https://ift.tt/JFu4DIs |
| 2026-04-08 2026 | CUPS Vulnerability Chain Enables Remote Attacker to Execute Malicious Code as Root UserRCE | CUPS Vulnerability Chain Enables Remote Attacker to Execute Malicious Code as Root User https://ift.tt/fhiH3dM |
| 2026-04-07 2026 | 50000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE VulnerabilityRCE | 50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability https://ift.tt/E9Pb0B5 |
| 2026-04-06 2026 | 2000 FortiClient EMS Instances Exposed Online Amid Active RCE Vulnerability Exploits in the WildRCE | 2,000+ FortiClient EMS Instances Exposed Online Amid Active RCE Vulnerability Exploits in the Wild https://ift.tt/Xwvjd0z |
| 2026-04-06 2026 | CERT-EU Confirms Trivy Supply Chain Attack Led to Credential ExposureSecrets | CERT-EU Confirms Trivy Supply Chain Attack Led to Credential Exposure |
| 2026-04-04 2026 | 14000 F5 BIG-IP APM Devices Exposed Online Amid Active RCE Vulnerability ExploitsRCE | 14,000+ F5 BIG-IP APM Devices Exposed Online Amid Active RCE Vulnerability Exploits https://ift.tt/WvUC40h |
| 2026-04-02 2026 | Critical Grafana Vulnerabilities Let Attackers Achieve Remote Code ExecutionRCE | Critical Grafana Vulnerabilities Let Attackers Achieve Remote Code Execution https://ift.tt/bQpTgzY |
| 2026-03-30 2026 | Stored XSS Bug in Jira Work Management Could Lead to Full Organization TakeoverXSS | Stored XSS Bug in Jira Work Management Could Lead to Full Organization Takeover https://ift.tt/chvJTgR |
| 2026-03-20 2026 | Russian APT Exploits Zimbra XSS to Target Ukrainian Government in Operation GhostMailXSS | Russian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’ https://ift.tt/XoOLnMt |
| 2026-03-17 2026 | Angular XSS Vulnerability Exposes Thousands of web Applications to XSS AttacksXSS | Angular XSS Vulnerability Exposes Thousands of web Applications to XSS Attacks https://ift.tt/FtpE0RI |
| 2026-03-12 2026 | GitLab Security Update - Patch for XSS and API DoS VulnerabilitiesXSS | GitLab Security Update - Patch for XSS and API DoS Vulnerabilities https://ift.tt/WObhDLV |
| 2026-03-04 2026 | Critical XSS Vulnerability in Angular i18n Enables Malicious Code ExecutionXSS | Critical XSS Vulnerability in Angular i18n Enables Malicious Code Execution https://ift.tt/MaisAIy |
| 2026-03-02 2026 | Angular SSR Request Vulnerability Allows Attackers to Trick Applications into Sending Unauthorized RequestsSSRF | Angular SSR Request Vulnerability Allows Attackers to Trick Applications into Sending Unauthorized Requests https://ift.tt/8hfCray |
| 2026-02-26 2026 | Firefox 148 Released With Sanitizer API to Disable XSS AttackXSS | Firefox 148 has been released with a Sanitizer API aimed at preventing XSS attacks. This new feature enhances security by disabling cross-site scripting attacks. The Sanitizer API is designed to protect users from malicious scripts that could exploit vulnerabilities in web applications. This update aims to improve the overall security of the Firefox browser and provide users with a safer browsing experience. |
| 2026-02-20 2026 | Critical Jenkins Vulnerability Exposes Build Environments to XSS AttacksXSS | A critical vulnerability in Jenkins exposes build environments to cross-site scripting (XSS) attacks. This vulnerability poses a significant risk to Jenkins users as it can be exploited to compromise build environments. XSS attacks can lead to unauthorized access, data theft, and other security breaches. Jenkins users are advised to update their systems promptly to protect against this vulnerability and ensure the security of their build environments. |
| 2026-02-18 2026 | Microsoft VS Code Extension with 11M Downloads Expose Developers to One-Click XSS AttacksXSS | A Microsoft VS Code extension with 11 million downloads has been found to expose developers to one-click cross-site scripting (XSS) attacks. This vulnerability could potentially allow attackers to execute malicious code on developers' systems with a single click. Developers are advised to be cautious and consider the security implications of using this extension. |
| 2026-02-17 2026 | Langchain Community SSRF Bypass Vulnerability Enables Access to Internal ServicesSSRF | The Langchain Community SSRF Bypass Vulnerability allows unauthorized access to internal services. This vulnerability enables attackers to bypass security measures and gain entry to sensitive information. It poses a significant risk to the security of the Langchain Community platform. |
| 2026-02-13 2026 | Zimbra Security Update - Patch for XSS XXE & LDAP Injection VulnerabilitiesXSS | Zimbra released a security update to address vulnerabilities including XSS, XXE, and LDAP injection. Users are advised to apply the patch to protect their systems from potential security risks. |
| 2026-02-11 2026 | GitLab Patches Multiple Vulnerabilities That Enables DoS and Cross-site Scripting AttacksXSS | GitLab has addressed several vulnerabilities that could lead to Denial of Service (DoS) and Cross-site Scripting (XSS) attacks. By patching these vulnerabilities, GitLab aims to enhance the security of its platform and protect users from potential exploitation. It is crucial for users to update their GitLab installations promptly to mitigate the risk of these security threats. |
| 2026-02-10 2026 | FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary CommandsXSS | The FortiSandbox XSS vulnerability allows attackers to execute arbitrary commands. This security flaw poses a risk as it enables attackers to run unauthorized commands on the affected system. Organizations using FortiSandbox should be aware of this vulnerability and take necessary precautions to mitigate the risk of exploitation. |
| 2026-02-04 2026 | CISA Warns of GitLab Community and Enterprise Editions SSRF Vulnerability Exploited in AttacksSSRF | CISA issued a warning about a SSRF vulnerability in GitLab Community and Enterprise Editions being exploited in attacks. The vulnerability allows attackers to send unauthorized requests from the server, potentially leading to data breaches or server compromise. Users of GitLab should be vigilant and apply any available patches or updates to mitigate the risk of exploitation. |
| 2026-02-03 2026 | Foxit PDF Editor Vulnerabilities Let Attackers Execute Arbitrary JavaScriptXSS | The Foxit PDF Editor has vulnerabilities that allow attackers to execute arbitrary JavaScript. This security flaw can be exploited by malicious actors to run unauthorized code within PDF documents, potentially leading to harmful consequences. Users of Foxit PDF Editor should be cautious and consider updating their software to protect against these vulnerabilities. |
| 2026-01-22 2026 | Critical Chainlit AI Vulnerabilities Let Hackers Gain Control Over Cloud EnvironmentsSSRF | Critical vulnerabilities in Chainlit AI allow hackers to take control of cloud environments, posing a significant security risk. These vulnerabilities could potentially lead to unauthorized access, data breaches, and other malicious activities within cloud systems. It is crucial for organizations using Chainlit AI to promptly address these vulnerabilities to prevent exploitation by cyber attackers. |
| 2026-01-13 2026 | FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP RequestsSSRF | The content discusses a vulnerability in FortiSandbox that allows attackers to proxy internal traffic using specially crafted HTTP requests. This Server-Side Request Forgery (SSRF) vulnerability can be exploited by attackers to manipulate the server into making requests to internal systems, potentially leading to unauthorized access or data leakage. It is crucial for FortiSandbox users to be aware of this vulnerability and take necessary precautions to prevent exploitation by malicious actors. |
| 2026-01-13 2026 | New Angular Vulnerability Enables an Attacker to Execute Malicious PayloadXSS | A new vulnerability in Angular allows attackers to execute malicious payloads. This vulnerability poses a security risk as it can be exploited by attackers to compromise systems running Angular applications. It is crucial for users and developers to be aware of this issue and take necessary precautions to mitigate the risk of exploitation. Stay informed about security updates and patches released by Angular to protect against potential attacks leveraging this vulnerability. |
| 2025-12-19 2025 | Roundcube Vulnerabilities Allow Attackers to Execute Malicious ScriptsXSS | The content discusses vulnerabilities in Roundcube, an open-source webmail software, that enable attackers to execute malicious scripts. These vulnerabilities pose a security risk by allowing unauthorized individuals to run harmful code on affected systems. It highlights the importance of promptly addressing such vulnerabilities to prevent potential cyber attacks and protect sensitive data. |
| 2025-12-11 2025 | GitLab Patches Multiple Vulnerabilities that Allows Attackers to Trigger XSS and DoS AttackXSS | GitLab has addressed several vulnerabilities that could be exploited by attackers to launch cross-site scripting (XSS) and denial of service (DoS) attacks. By patching these vulnerabilities, GitLab aims to enhance the security of its platform and protect users from potential exploitation. It is crucial for users to update their GitLab installations to the latest version to mitigate the risks associated with these vulnerabilities. |
| 2025-12-10 2025 | Critical Ivanti EPM Vulnerability Allows Admin Session Hijacking via Stored XSSXSS | A critical vulnerability in Ivanti Endpoint Manager (EPM) allows attackers to hijack admin sessions through stored cross-site scripting (XSS). This flaw could be exploited by malicious actors to take control of administrative sessions, posing a significant security risk. Organizations using Ivanti EPM should address this vulnerability promptly to prevent unauthorized access and potential data breaches. |
| 2025-12-03 2025 | Angular Platform Vulnerability Allows Malicious Code Execution Via Weaponized SVG Animation FilesXSS | A vulnerability in the Angular platform enables malicious code execution through weaponized SVG animation files. This flaw allows attackers to embed harmful code within SVG files, potentially leading to security breaches. Organizations using Angular should be cautious when handling SVG files to prevent exploitation of this vulnerability. Vigilance and prompt updates are recommended to mitigate the risk of malicious code execution through this vector. |
| 2025-11-29 2025 | CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in AttacksXSS | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a cross-site scripting vulnerability in OpenPLC ScadaBR that is being exploited in attacks. This vulnerability poses a security risk and has been actively targeted by malicious actors. Organizations using OpenPLC ScadaBR are advised to take immediate action to address this vulnerability to prevent potential exploitation and protect their systems from cyber threats. |
| 2025-11-13 2025 | Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive DataXSS | Multiple vulnerabilities in GitLab allow attackers to inject malicious prompts, potentially leading to the theft of sensitive data. These vulnerabilities could be exploited by attackers to compromise security and access valuable information. It is crucial for GitLab users to stay informed about these vulnerabilities and take necessary precautions to protect their data and systems from potential attacks. |
| 2025-11-13 2025 | Multiple Kibana Vulnerabilities Enables SSRF and XSS AttacksSSRF | The content discusses how multiple vulnerabilities in Kibana can lead to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks. These vulnerabilities can be exploited to manipulate server requests and execute malicious scripts on users' browsers. It highlights the importance of addressing these vulnerabilities promptly to prevent potential security breaches and protect sensitive data. |
| 2025-11-12 2025 | Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting AttacksXSS | A vulnerability in Citrix NetScaler ADC and Gateway allows for Cross-Site Scripting (XSS) attacks. This flaw can be exploited by attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access or data theft. Organizations using these Citrix products should be aware of this security risk and take necessary precautions to mitigate the threat. Regularly updating software, implementing security patches, and monitoring network traffic for suspicious activity are recommended to protect against XSS attacks. |
| 2025-11-12 2025 | ChatGPT Hacked Using Custom GPTs Exploiting SSRF Vulnerability to Expose SecretsSSRF | The content discusses how ChatGPT was hacked using custom GPTs that exploited a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability allowed attackers to expose secrets within the system. The exploit highlights the importance of addressing SSRF vulnerabilities to prevent unauthorized access and data breaches. |
| 2025-10-29 2025 | Wordpress Plugin Vulnerability Exposes 7 Million Sites to XSS AttackXSS | A vulnerability in a WordPress plugin has put 7 million websites at risk of cross-site scripting (XSS) attacks. The flaw allows attackers to inject malicious code into websites using the vulnerable plugin, potentially leading to data theft or site compromise. Website owners are advised to update the plugin to the latest version to mitigate the risk of exploitation. |
| 2025-10-25 2025 | CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in AttacksXSS | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) that is being actively exploited in attacks. The vulnerability involves cross-site scripting (XSS) and poses a significant risk to users of ZCS. Organizations using ZCS are advised to take immediate action to mitigate the threat posed by this exploit. |
| 2025-10-21 2025 | CISA Warns Of Oracle E-Business Suite SSRF Vulnerability Actively Exploited In AttacksSSRF | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an SSRF vulnerability in Oracle E-Business Suite that is being actively exploited in attacks. This vulnerability poses a security risk and organizations using this software should take immediate action to protect their systems. CISA's alert highlights the importance of addressing vulnerabilities promptly to prevent potential cyber threats. |
| 2025-10-18 2025 | Critical Zimbra SSRF Vulnerability Let Attackers Access Sensitive DataSSRF | A critical Zimbra SSRF vulnerability allows attackers to access sensitive data. The vulnerability poses a significant security risk by enabling attackers to exploit Server-Side Request Forgery (SSRF) to access confidential information. This vulnerability highlights the importance of promptly addressing security flaws to prevent unauthorized access to sensitive data. |
| 2025-09-10 2025 | GitLab Patches Multiple Vulnerabilities That Enables Denial Of Service and SSRF AttacksSSRF | GitLab has fixed several vulnerabilities that could lead to Denial of Service (DoS) and Server-Side Request Forgery (SSRF) attacks. These vulnerabilities have been addressed to prevent potential security risks. It is crucial for GitLab users to update their systems to the latest patched versions to mitigate these security threats. |
| 2025-08-11 2025 | Xerox FreeFlow Vulnerabilities leads to SSRF and RCE AttacksSSRF | Xerox FreeFlow software vulnerabilities have been identified, potentially enabling Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE) attacks. These vulnerabilities pose security risks that could allow malicious actors to manipulate server requests and execute unauthorized code. It is crucial for users of Xerox FreeFlow software to be aware of these vulnerabilities and take necessary precautions to mitigate the associated risks. |
| 2025-06-19 2025 | Open Next for Cloudflare SSRF Vulnerability Let Attackers Load Remote Resources from Arbitrary HostsSSRF | The content discusses a Server-Side Request Forgery (SSRF) vulnerability in Open Next for Cloudflare, allowing attackers to load remote resources from any host. This vulnerability can be exploited by attackers to manipulate the server into making unauthorized requests to external systems, potentially leading to data breaches or system compromise. It highlights the importance of promptly addressing and patching such vulnerabilities to prevent unauthorized access and protect sensitive information. |
| 2025-05-16 2025 | SonicWall SMA1000 Vulnerability Let Attackers to Exploit Encoded URLs To Gain Internal Systems Access RemotelySSRF | A vulnerability in SonicWall SMA1000 allows attackers to exploit encoded URLs, gaining remote access to internal systems. This security flaw poses a risk of unauthorized access and potential data breaches. Organizations using SonicWall SMA1000 should be aware of this issue and take necessary precautions to protect their systems and data from exploitation. Regular security updates and patches should be applied to mitigate the risk of such vulnerabilities being exploited by malicious actors. |
| 2025-05-05 2025 | Hackers Leveraging Email Input Fields to Exploit Vulnerabilities Ranging from XSS to SSRFSSRF | Hackers are exploiting vulnerabilities in email input fields, including cross-site scripting (XSS) and server-side request forgery (SSRF). By manipulating email input fields, attackers can execute malicious code or access sensitive information. These vulnerabilities pose significant risks to organizations and individuals. It is crucial to implement robust security measures to protect against such attacks and regularly update systems to patch any potential vulnerabilities. |
| 2025-04-15 2025 | Hackers Exploiting EC2 Instance Metadata Vulnerability to Attacks Websites HostedSSRF | Hackers are targeting websites hosted on Amazon EC2 instances by exploiting a vulnerability in the instance metadata service. This vulnerability allows attackers to gain unauthorized access to sensitive information, potentially leading to website compromise. EC2 users are advised to implement security measures to protect against these attacks, such as restricting access to the metadata service and regularly updating their systems to patch any known vulnerabilities. |
| 2025-03-12 2025 | 400 IPs Actively Exploiting Multiple SSRF Vulnerabilities In The WildSSRF | Over 400 IPs are currently exploiting various Server-Side Request Forgery (SSRF) vulnerabilities in the wild. This poses a significant security risk as SSRF vulnerabilities can be used by attackers to manipulate server requests and potentially access sensitive information or execute unauthorized actions. It is crucial for organizations to promptly address and patch these vulnerabilities to prevent exploitation and safeguard their systems and data from potential breaches. |
| 2025-02-10 2025 | Microsoft SharePoint Connector Vulnerability Let Attackers Steal Users CredentialsSSRF | A vulnerability in Microsoft SharePoint Connector allows attackers to steal users' credentials. This security flaw poses a risk of unauthorized access to sensitive information. It is crucial for users to be aware of this issue and take necessary precautions to protect their credentials and data. Microsoft may release patches or updates to address this vulnerability, and users should stay informed and implement any recommended security measures promptly. |
| 2024-08-14 2024 | Critical SSRF Vulnerability in Microsoft Azure Let Hackers Compromise Health Bot ServicesSSRF | A critical Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure allows hackers to compromise Health Bot Services. This vulnerability poses a significant security risk as it enables unauthorized access and manipulation of sensitive data within the Health Bot Services platform. It highlights the importance of addressing and patching such vulnerabilities promptly to prevent potential breaches and protect user information. |