Articles tagged "CVE"

Found 342 articles

Researchers have discovered a critical vulnerability in the GNU InetUtils telnet daemon (telnetd), tracked as CVE-2026-24061, which has remained unnoticed for nearly 11 years. This flaw affects all versions from 1.9.3 to 2.7 and has a high severity score of 9.8, indicating a significant risk. If exploited, attackers could gain root access to affected systems, posing a serious threat to security. This vulnerability impacts a variety of systems that rely on GNU InetUtils, making it imperative for users and organizations to address this issue promptly. As this flaw has been present for so long, it raises concerns about the security practices in place for maintaining software.

Read Original

A serious vulnerability has been discovered in the GNU InetUtils telnet daemon (telnetd) that has existed for nearly 11 years. This flaw, identified as CVE-2026-24061, allows attackers to bypass authentication remotely and gain root access to affected systems. It impacts all versions of GNU InetUtils from 1.9.3 to 2.7. Given its high CVSS score of 9.8, this vulnerability poses a significant risk to organizations still using these versions. Users and administrators should prioritize addressing this issue to prevent unauthorized access to their systems.

Read Original
Actively Exploited

A serious vulnerability in SmarterTools' SmarterMail, identified as WT-2026-0001, is currently being exploited by attackers, just two days after a patch was released on January 15, 2026. Despite the urgency, the flaw has not yet been assigned a CVE identifier, which makes tracking and public awareness more challenging. This vulnerability could potentially affect organizations using SmarterMail, putting their email systems at risk. Given the rapid exploitation, companies relying on this software should prioritize applying the latest patch to safeguard their systems. Users are advised to remain vigilant and monitor their systems for any unusual activity that may indicate a breach.

Read Original

A newly discovered vulnerability in SmarterTools' SmarterMail email software is currently being exploited just two days after a patch was released on January 15, 2026. This flaw, tracked as WT-2026-0001 by watchTowr Labs, has not yet been assigned a CVE identifier. The issue allows attackers to bypass authentication mechanisms, posing a significant risk to users of the software. Organizations using SmarterMail should prioritize applying the latest patch to protect against potential exploitation. The rapid exploitation of this vulnerability highlights the need for timely updates and vigilance in monitoring for unusual activity.

Read Original
Actively Exploited

Cisco has addressed a serious security flaw in its Unified Communications and Webex Calling platforms, identified as CVE-2026-20045. This vulnerability allows attackers to execute arbitrary commands remotely without authentication, posing a significant risk to users. The flaw has been actively exploited in the wild, which raises concerns for organizations relying on these communication tools. With a CVSS score of 8.2, it is classified as critical, emphasizing the urgency for users to apply the available patches. Companies utilizing Cisco's services should prioritize updating their systems to mitigate potential attacks.

+1 more
Read Original

Cisco has addressed a serious vulnerability in its Unified Communications and Webex Calling platforms, identified as CVE-2026-20045. This remote code execution flaw was found to be actively exploited by attackers, posing a significant risk to users. The vulnerability could allow unauthorized access to systems, potentially leading to data breaches or service disruptions. Organizations using these Cisco products are urged to apply the latest updates to mitigate the risk. This incident underscores the importance of timely patch management in maintaining cybersecurity hygiene.

Read Original

The launch of the GCVE system aims to provide a decentralized approach to tracking software vulnerabilities, addressing the ongoing issues faced by the 25-year-old CVE program. This initiative comes in response to funding difficulties that have raised concerns about the sustainability of the CVE, a resource widely used by cybersecurity professionals globally. By decentralizing the tracking of vulnerabilities, GCVE hopes to enhance reliability and accessibility for users who need to stay informed about security risks. The success of this system may significantly impact how organizations manage and respond to software vulnerabilities, potentially leading to quicker updates and patches. As cybersecurity threats continue to evolve, having a more resilient tracking system could benefit both developers and end-users.

Read Original

Anthropic has addressed several critical vulnerabilities found in their Git MCP server, identified by the AI security startup Cyata. The issues include a path validation bypass (CVE-2025-68145), an unrestricted git_init problem (CVE-2025-68143), and an argument injection vulnerability in git_diff (CVE-2025-68144). These vulnerabilities could potentially allow attackers to manipulate Git operations, which could compromise the integrity of code repositories. It is essential for users of the Git MCP server to apply the latest patches to ensure their systems are secure against these threats, as failure to do so may expose them to exploitation. Users are urged to stay informed about these vulnerabilities and take necessary actions to protect their environments.

Read Original

Zoom and GitLab have rolled out security updates to fix several vulnerabilities, including a critical flaw that could allow remote code execution (RCE) on Zoom Node Multimedia Routers (MMRs). This vulnerability, identified as CVE-2026-22844, poses a significant risk as it could enable an attacker to execute malicious code during a meeting. Additionally, the updates address issues related to denial-of-service (DoS) attacks and two-factor authentication (2FA) bypasses, which could compromise user accounts. Organizations using these platforms should prioritize applying the latest updates to safeguard their systems against potential exploitation. Keeping software up to date is crucial to maintaining security and protecting sensitive data.

Read Original

TP-Link has addressed a serious vulnerability in its VIGI C and VIGI InSight camera models that allowed remote access to surveillance systems. This flaw, identified as CVE-2026-0629, has a CVSS score of 8.7, indicating high severity. Over 32 models were affected, with more than 2,500 devices exposed to the internet and potentially at risk of being hacked. Attackers could exploit this vulnerability to bypass local network restrictions, putting users' security and privacy in jeopardy. The fix for this issue is crucial for ensuring the safety of surveillance operations for both businesses and individuals who rely on these cameras.

Read Original

Cisco has addressed a serious flaw in its Secure Email products, which was exploited by a China-linked hacking group known as UAT-9686. The vulnerability, tracked as CVE-2025-20393, has a maximum severity score of 10.0 and affects the Secure Email Gateway and Email and Web Manager. Attackers were able to exploit this flaw as a zero-day, meaning it was actively used in attacks before a patch was made available. It's crucial for users of these products to apply the latest updates to protect their systems from potential exploitation. This incident highlights the ongoing risks posed by advanced persistent threat groups targeting widely used software.

+1 more
Read Original

A serious vulnerability, identified as CVE-2025-64155, has been discovered in Fortinet’s FortiSIEM security platform, allowing unauthenticated remote attackers to execute unauthorized code. This flaw specifically affects the phMonitor service, which is crucial for the operation of FortiSIEM. The release of proof-of-concept (PoC) exploit code has heightened concerns, urging organizations using this software to apply patches immediately. If not addressed, this vulnerability could lead to significant security risks, as attackers could manipulate the system remotely. Organizations should prioritize patching their FortiSIEM deployments to safeguard against potential exploitation.

Read Original

Palo Alto Networks has addressed a serious vulnerability in its GlobalProtect Gateway and Portal software, identified as CVE-2026-0227, which carries a CVSS score of 7.7. This flaw allows for a denial-of-service (DoS) condition that can crash firewalls without requiring user authentication. A proof-of-concept exploit for this vulnerability is already available, raising concerns about its potential impact on organizations using these systems. Companies utilizing GlobalProtect PAN-OS software should promptly apply the security updates released by Palo Alto to safeguard their networks. Failure to address this vulnerability could leave systems open to disruptions, affecting overall network availability.

Read Original

Fortinet has addressed six security flaws, two of which are critical vulnerabilities affecting its FortiFone and FortiSIEM products. These vulnerabilities could potentially allow attackers to exploit the systems without needing any authentication, which raises significant security concerns. Specifically, the flaws could lead to unauthorized access to configuration data or enable the execution of malicious code. Users of these products should prioritize applying the patches provided by Fortinet to safeguard their systems. Given the nature of these vulnerabilities, organizations using FortiFone and FortiSIEM need to act quickly to mitigate any potential risks.

Read Original

Fortinet has addressed a severe vulnerability in its FortiSIEM product that could allow attackers to execute arbitrary code without authentication. This flaw, known as CVE-2025-64155, has a CVSS score of 9.4, highlighting its potential impact on affected systems. The vulnerability arises from improper handling of special elements in OS commands, which could be exploited by malicious actors. Organizations using FortiSIEM should prioritize applying the latest updates to protect their systems. The existence of such vulnerabilities emphasizes the need for ongoing vigilance in maintaining security protocols and software updates.

Read Original
PreviousPage 18 of 23Next