petri.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-08.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-07-08 2026 | CISA Flags Actively Exploited SharePoint RCE FlawRCE | Analysis of CVE-2026-45659, an actively exploited SharePoint RCE vulnerability, details its exploitation via insecure deserialization by authenticated users with basic permissions. The flaw, impacting SharePoint Server Subscription Edition, 2019, and 2016, carries a CVSS score of 8.8, a network attack vector, and low complexity. CISA has added it to its Known Exploited Vulnerabilities Catalog, mandating fixes by July 4th. |
| 2026-06-19 2026 | Microsoft's Exchange Server Updates Fix OWA XSS FlawXSS | Library update for Microsoft Exchange Server addresses CVE‑2026‑42897, a cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA). This flaw allows remote attackers to execute malicious JavaScript by sending specially crafted emails. Updates are available for Exchange Server Subscription Edition, 2019, and 2016, with support requirements for older versions. Administrators should use the Exchange Health Checker script and install the latest cumulative and security updates. |
| 2026-06-10 2026 | Microsoft Releases June 2026 Patch Tuesday UpdatesRCE | Microsoft's June 2026 Patch Tuesday updates are now available. These regular security patches address various vulnerabilities and aim to improve the overall security posture of Microsoft products. Users are advised to install these updates promptly to protect their systems from potential threats. |
| 2026-06-09 2026 | Supply Chain Attacks Target OpenSource PackagesSupply Chain | Analysis of rising supply chain attacks targeting open-source packages, highlighting risks from compromised npm and PyPI modules. Techniques like account hijacking, typosquatting, and exploiting unmaintained packages are discussed, alongside recommendations for dependency auditing, real-time monitoring, and securing developer accounts with MFA. Long-term strategies include SBOM generation and reducing unnecessary dependencies. |
| 2026-05-28 2026 | Microsoft Fixes SharePoint RCE Flaw Affecting On-Prem ServersRCE | Library of security updates fixes CVE-2026-45659, a critical RCE vulnerability in Microsoft SharePoint Server affecting on-premises versions. Discovered by MEOW, this flaw allows authenticated attackers with minimal privileges to execute malicious code remotely through improper data deserialization. The vulnerability carries a CVSS score of 8.8 and impacts SharePoint Server Subscription Edition, 2019, and 2016. Microsoft urges immediate application of security updates and recommends strengthening access controls and monitoring. |
| 2026-04-10 2026 | CISA Warns of Actively Exploited Ivanti EPMM VulnerabilityRCE | Reference for CVE-2026-1340, a critical code-injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM). This flaw allows unauthenticated remote code execution, granting attackers control over the mobile management server and connected devices. CISA has issued an urgent directive for federal agencies to remediate this actively exploited vulnerability, and private-sector organizations are strongly encouraged to apply patches immediately due to the significant risks it poses. |