appsec.fyi · Sources

secnews.gr

10 curated AppSec resources from secnews.gr across 9 topics on appsec.fyi.

secnews.gr

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-19.

Date Added Resource Excerpt
2026-07-19 2026Swarm Rpc: Rt-claw SSRF on Loopback resourcesSSRFThis report details a Server-Side Request Forgery (SSRF) vulnerability found in Swarm RPC, specifically the `rt-claw` component. The vulnerability allows attackers to exploit loopback resources. This means an attacker could potentially trick the Swarm RPC into making requests to internal services that are normally inaccessible from the outside. The report does not mention a specific bounty payout amount.
2026-07-14 2026CVE-2008-4128 Cisco IOS CSRF: CISA KEV deadline 16/7CSRFCISA has added CVE-2008-4128, a Cisco IOS Cross-Site Request Forgery (CSRF) vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This means the vulnerability is actively being exploited in the wild and poses a significant risk. Organizations are strongly advised to patch or mitigate this vulnerability by the CISA KEV deadline of July 16th to prevent potential attacks. The provided link offers further details on the vulnerability.
2026-07-12 2026AstrBot MCP CVE-2026-15501: SSRF in AI FrameworkSSRFAstrBot MCP CVE-2026-15501 is a Server-Side Request Forgery (SSRF) vulnerability found in an AI framework. The vulnerability, detailed in the provided link, allows an attacker to potentially make unauthorized requests from the server. No bug bounty payout amount is mentioned in the content.
2026-07-06 2026SourceCodester Timetabling: SQL Injection vulnerability CVE-2026-14770SQLiA SQL injection vulnerability, identified as CVE-2026-14770, has been discovered in SourceCodester Timetabling. This flaw allows attackers to potentially execute arbitrary SQL commands on the database. Further details regarding the exploit and its impact can be found at the provided link. No bug bounty payout amount was specified in the content.
2026-07-01 2026VS Code Tasks: Npm and Go Packages Download InfostealerSupply ChainVS Code Tasks: Npm and Go Packages Download Infostealer https://ift.tt/lUvqoTB
2026-04-28 2026Critical bug leaves Hugging Face's LeRobot exposedDeserA critical vulnerability has been discovered in Hugging Face's LeRobot library, potentially exposing user data and systems. The bug, if exploited, could allow unauthorized access and control over robotic systems integrated with the library. Hugging Face has been alerted and is working on a fix. This incident highlights the importance of robust security in AI and robotics development. Further details regarding the specific nature of the exploit and its potential impact are expected as the investigation progresses.
2026-04-24 2026Over 10000 Zimbra Servers Vulnerable to XSS AttacksXSSOver 10,000 Zimbra Servers Vulnerable to XSS Attacks https://ift.tt/UNZfrVk
2026-04-24 2026Claude Mythos discovered 271 vulnerabilities in FirefoxBug BountyFuzzingClaude Mythos identified a significant number of vulnerabilities in the Firefox browser, totaling 271. This extensive discovery highlights potential security weaknesses within the popular web browser.
2026-04-22 2026Terrarium Sandbox: Critical Vulnerability Allows Root CodeRCETerrarium Sandbox: Critical Vulnerability Allows Root Code https://ift.tt/xt7SA8a
2026-02-22 2026Jenkins Vulnerability Exposes Build Environments to XSS AttacksXSSThe content discusses a vulnerability in Jenkins that exposes build environments to cross-site scripting (XSS) attacks. This vulnerability can potentially allow attackers to inject malicious scripts into the Jenkins environment, compromising the security of the build process. It highlights the importance of addressing this vulnerability promptly to prevent exploitation and protect sensitive data.