appsec.fyi · Sources

petri.com

5 curated AppSec resources from petri.com across 3 topics on appsec.fyi.

petri.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-19.

RCE 3 Supply Chain 1 XSS 1
Date Added Resource Excerpt
2026-06-19 2026Microsoft's Exchange Server Updates Fix OWA XSS FlawXSSMicrosoft has released updates for Exchange Server to address a critical cross-site scripting (XSS) vulnerability found in Outlook Web App (OWA). This flaw could have allowed attackers to inject malicious scripts into web pages viewed by other users, potentially leading to data theft or unauthorized actions. The fix is available through the latest security updates provided by Microsoft, and users are strongly encouraged to apply them to protect their systems.
2026-06-10 2026Microsoft Releases June 2026 Patch Tuesday UpdatesRCEMicrosoft's June 2026 Patch Tuesday updates are now available. These regular security patches address various vulnerabilities and aim to improve the overall security posture of Microsoft products. Users are advised to install these updates promptly to protect their systems from potential threats.
2026-06-09 2026Supply Chain Attacks Target OpenSource PackagesSupply ChainAnalysis of rising supply chain attacks targeting open-source packages, highlighting risks from compromised npm and PyPI modules. Techniques like account hijacking, typosquatting, and exploiting unmaintained packages are discussed, alongside recommendations for dependency auditing, real-time monitoring, and securing developer accounts with MFA. Long-term strategies include SBOM generation and reducing unnecessary dependencies.
2026-05-28 2026Microsoft Fixes SharePoint RCE Flaw Affecting On-Prem ServersRCELibrary of security updates fixes CVE-2026-45659, a critical RCE vulnerability in Microsoft SharePoint Server affecting on-premises versions. Discovered by MEOW, this flaw allows authenticated attackers with minimal privileges to execute malicious code remotely through improper data deserialization. The vulnerability carries a CVSS score of 8.8 and impacts SharePoint Server Subscription Edition, 2019, and 2016. Microsoft urges immediate application of security updates and recommends strengthening access controls and monitoring.
2026-04-10 2026CISA Warns of Actively Exploited Ivanti EPMM VulnerabilityRCEReference for CVE-2026-1340, a critical code-injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM). This flaw allows unauthenticated remote code execution, granting attackers control over the mobile management server and connected devices. CISA has issued an urgent directive for federal agencies to remediate this actively exploited vulnerability, and private-sector organizations are strongly encouraged to apply patches immediately due to the significant risks it poses.