techtimes.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-04.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-04 2026 | Cisco Unified CM SSRF Flaw CVE-2026-20230: Public Exploit Code Opens Path to RootSSRF | A critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2026-20230, has been discovered in Cisco Unified Communications Manager (CM). Publicly available exploit code for this flaw allows unauthenticated attackers to craft malicious requests, potentially leading to unauthorized access and remote code execution. This could enable attackers to gain root privileges on affected systems, posing a significant security risk. Cisco has acknowledged the vulnerability, and users are advised to apply security updates and follow Cisco's guidance to mitigate the risk. |
| 2026-05-31 2026 | Anthropic AI Vulnerability Scanner in Enterprise Beta: IBM Joins Glasswing After 10000 Flaws FoundAPI Sec | Tool for AI-powered application security scanning, Claude Security, now in public beta for enterprise customers, identifies vulnerabilities by reasoning over code behavior and data flows, moving beyond traditional signature matching. This approach has surfaced over 10,000 critical software flaws through Anthropic's Project Glasswing consortium, which includes IBM, and has also revealed specific vulnerabilities like CVE-2026-5194 in wolfSSL. The tool aims to compress the find-fix cycle, though patching remains a bottleneck for maintainers. |
| 2026-05-26 2026 | llama.cpp GGUF Parser Flaws: Critical Integer Overflow Enables Arbitrary Reads in Every Local AI StackPython | Library of six vulnerabilities found in llama.cpp's GGUF parser, including a critical integer overflow (V-01) allowing arbitrary file reads and memory exhaustion flaws (V-02, V-03) affecting tools like Ollama and LM Studio. These issues, including V-01 and V-02, are present in the C++ gguf.cpp and Python gguf_reader.py implementations, and unlike CVE-2026-7482 (Bleeding Llama), do not have assigned CVE numbers, bypassing standard scanning workflows. |
| 2026-05-26 2026 | Chrome Security Update Patches Two Critical RCE Flaws: One Exploit Still Public UnpatchedRCE | Library for detecting and mitigating browser-based threats, including two critical RCE flaws patched in Chrome (CVE-2026-9111, CVE-2026-9110). It also addresses the publicly disclosed, unpatched Browser Fetch API vulnerability, which enables persistent background connections and potential botnet enrollment across Chromium-based browsers like Edge and Brave, requiring manual updates or enterprise patch management for protection. |
| 2026-05-25 2026 | Ghost CMS SQL Injection Hits 700 Sites: Harvard DuckDuckGo Serve Fake Cloudflare MalwareSQLi | Library for detecting and remediating CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS versions 3.24.0 through 6.19.0. This flaw allows unauthenticated attackers to steal Admin API Keys, enabling them to inject malicious JavaScript into published articles. The compromised sites are then used to serve fake Cloudflare verification pages, tricking visitors into executing PowerShell scripts that download stealer trojans and other malware. The exploitation targets the Content API's slug-filter-order.js serializer and has impacted hundreds of websites, including those of Harvard University and DuckDuckGo. |