secnews.gr
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-19.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-07-19 2026 | Swarm Rpc: Rt-claw SSRF on Loopback resourcesSSRF | This report details a Server-Side Request Forgery (SSRF) vulnerability found in Swarm RPC, specifically the `rt-claw` component. The vulnerability allows attackers to exploit loopback resources. This means an attacker could potentially trick the Swarm RPC into making requests to internal services that are normally inaccessible from the outside. The report does not mention a specific bounty payout amount. |
| 2026-07-14 2026 | CVE-2008-4128 Cisco IOS CSRF: CISA KEV deadline 16/7CSRF | CISA has added CVE-2008-4128, a Cisco IOS Cross-Site Request Forgery (CSRF) vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This means the vulnerability is actively being exploited in the wild and poses a significant risk. Organizations are strongly advised to patch or mitigate this vulnerability by the CISA KEV deadline of July 16th to prevent potential attacks. The provided link offers further details on the vulnerability. |
| 2026-07-12 2026 | AstrBot MCP CVE-2026-15501: SSRF in AI FrameworkSSRF | AstrBot MCP CVE-2026-15501 is a Server-Side Request Forgery (SSRF) vulnerability found in an AI framework. The vulnerability, detailed in the provided link, allows an attacker to potentially make unauthorized requests from the server. No bug bounty payout amount is mentioned in the content. |
| 2026-07-06 2026 | SourceCodester Timetabling: SQL Injection vulnerability CVE-2026-14770SQLi | A SQL injection vulnerability, identified as CVE-2026-14770, has been discovered in SourceCodester Timetabling. This flaw allows attackers to potentially execute arbitrary SQL commands on the database. Further details regarding the exploit and its impact can be found at the provided link. No bug bounty payout amount was specified in the content. |
| 2026-07-01 2026 | VS Code Tasks: Npm and Go Packages Download InfostealerSupply Chain | VS Code Tasks: Npm and Go Packages Download Infostealer https://ift.tt/lUvqoTB |
| 2026-04-28 2026 | Critical bug leaves Hugging Face's LeRobot exposedDeser | A critical vulnerability has been discovered in Hugging Face's LeRobot library, potentially exposing user data and systems. The bug, if exploited, could allow unauthorized access and control over robotic systems integrated with the library. Hugging Face has been alerted and is working on a fix. This incident highlights the importance of robust security in AI and robotics development. Further details regarding the specific nature of the exploit and its potential impact are expected as the investigation progresses. |
| 2026-04-24 2026 | Over 10000 Zimbra Servers Vulnerable to XSS AttacksXSS | Over 10,000 Zimbra Servers Vulnerable to XSS Attacks https://ift.tt/UNZfrVk |
| 2026-04-24 2026 | Claude Mythos discovered 271 vulnerabilities in FirefoxBug BountyFuzzing | Claude Mythos identified a significant number of vulnerabilities in the Firefox browser, totaling 271. This extensive discovery highlights potential security weaknesses within the popular web browser. |
| 2026-04-22 2026 | Terrarium Sandbox: Critical Vulnerability Allows Root CodeRCE | Terrarium Sandbox: Critical Vulnerability Allows Root Code https://ift.tt/xt7SA8a |
| 2026-02-22 2026 | Jenkins Vulnerability Exposes Build Environments to XSS AttacksXSS | The content discusses a vulnerability in Jenkins that exposes build environments to cross-site scripting (XSS) attacks. This vulnerability can potentially allow attackers to inject malicious scripts into the Jenkins environment, compromising the security of the build process. It highlights the importance of addressing this vulnerability promptly to prevent exploitation and protect sensitive data. |