appsec.fyi · Sources

petri.com

6 curated AppSec resources from petri.com across 3 topics on appsec.fyi.

petri.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-08.

Date Added Resource Excerpt
2026-07-08 2026CISA Flags Actively Exploited SharePoint RCE FlawRCEAnalysis of CVE-2026-45659, an actively exploited SharePoint RCE vulnerability, details its exploitation via insecure deserialization by authenticated users with basic permissions. The flaw, impacting SharePoint Server Subscription Edition, 2019, and 2016, carries a CVSS score of 8.8, a network attack vector, and low complexity. CISA has added it to its Known Exploited Vulnerabilities Catalog, mandating fixes by July 4th.
2026-06-19 2026Microsoft's Exchange Server Updates Fix OWA XSS FlawXSSLibrary update for Microsoft Exchange Server addresses CVE‑2026‑42897, a cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA). This flaw allows remote attackers to execute malicious JavaScript by sending specially crafted emails. Updates are available for Exchange Server Subscription Edition, 2019, and 2016, with support requirements for older versions. Administrators should use the Exchange Health Checker script and install the latest cumulative and security updates.
2026-06-10 2026Microsoft Releases June 2026 Patch Tuesday UpdatesRCEMicrosoft's June 2026 Patch Tuesday updates are now available. These regular security patches address various vulnerabilities and aim to improve the overall security posture of Microsoft products. Users are advised to install these updates promptly to protect their systems from potential threats.
2026-06-09 2026Supply Chain Attacks Target OpenSource PackagesSupply ChainAnalysis of rising supply chain attacks targeting open-source packages, highlighting risks from compromised npm and PyPI modules. Techniques like account hijacking, typosquatting, and exploiting unmaintained packages are discussed, alongside recommendations for dependency auditing, real-time monitoring, and securing developer accounts with MFA. Long-term strategies include SBOM generation and reducing unnecessary dependencies.
2026-05-28 2026Microsoft Fixes SharePoint RCE Flaw Affecting On-Prem ServersRCELibrary of security updates fixes CVE-2026-45659, a critical RCE vulnerability in Microsoft SharePoint Server affecting on-premises versions. Discovered by MEOW, this flaw allows authenticated attackers with minimal privileges to execute malicious code remotely through improper data deserialization. The vulnerability carries a CVSS score of 8.8 and impacts SharePoint Server Subscription Edition, 2019, and 2016. Microsoft urges immediate application of security updates and recommends strengthening access controls and monitoring.
2026-04-10 2026CISA Warns of Actively Exploited Ivanti EPMM VulnerabilityRCEReference for CVE-2026-1340, a critical code-injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM). This flaw allows unauthenticated remote code execution, granting attackers control over the mobile management server and connected devices. CISA has issued an urgent directive for federal agencies to remediate this actively exploited vulnerability, and private-sector organizations are strongly encouraged to apply patches immediately due to the significant risks it poses.