Researchers have identified two significant access control vulnerabilities in the RabbitMQ message broker service. These flaws could allow attackers to access confidential OAuth client secrets and potentially take over enterprise messaging systems. Additionally, the vulnerabilities may enable attackers to bypass tenant boundaries, which is a serious concern for organizations using RabbitMQ in multi-tenant environments. The security team at Miggo discovered and reported these issues, emphasizing the need for companies to address them promptly to protect their messaging infrastructure. This situation is particularly urgent as leaked OAuth secrets can lead to further compromises within affected systems.
Articles tagged "Vulnerability"
Found 927 articles
Researchers have identified a serious vulnerability in Cursor, a widely used AI coding platform. This flaw allows attackers to execute malicious code automatically when users interact with compromised repositories. The issue was reported back in December, but it has not yet been resolved, putting users at risk of falling victim to poisoned repository attacks. This is particularly concerning for developers who rely on Cursor for coding tasks, as the vulnerability could lead to unauthorized access or data breaches. Users should be cautious when using Cursor until a fix is implemented to mitigate this risk.
A vulnerability linked to ClaudeBleed affects Chrome extensions, allowing them to access potentially sensitive information from users' Gmail and Calendar accounts. Despite eight patches being released, this flaw remains unaddressed, raising concerns for users who rely on these services. The issue stems from how extensions interact with the browser, which could lead to unauthorized data access. This poses a significant risk, as malicious extensions could exploit this vulnerability to harvest private data without user consent. Users of Chrome should be cautious about the extensions they install and regularly check for updates to ensure their security.
Recent research indicates that passwords generated by AI chatbots may not be as secure as users expect. While these chatbots can create seemingly random strings of characters, studies show that they often produce passwords that are more predictable than traditional methods. This raises concerns for users who rely on AI for password generation, as it could leave them vulnerable to cyberattacks. Security experts advise against using AI-generated passwords and recommend sticking to established password management practices. This issue is particularly relevant as more individuals and businesses turn to AI tools for everyday tasks, highlighting the need for caution in their use.
ABB has identified multiple vulnerabilities in its T-MAC Plus version 4.0-24 software, which could allow attackers to exploit the system in various ways. These vulnerabilities include issues like file disclosure, broken access controls, cross-site scripting (XSS), and an insecure network protocol that could lead to denial-of-service attacks. Affected users are urged to update to version 4.0-25, which contains fixes for these issues. The vulnerabilities are considered serious, with CVSS scores ranging from 7.4 to 9.9, indicating that they pose significant risks to security. Companies using this software should prioritize applying the update to protect their systems from potential exploitation.
Rockwell Automation's 1715-AENTR EtherNet/IP Adapter has a serious vulnerability (CVE-2026-10577) affecting versions up to 3.003. This flaw exposes a debug port that lacks proper authentication controls, allowing attackers to gain unauthorized access to critical functions. If exploited, they could read or delete files, halt tasks, modify memory, and alter I/O states, threatening the device's confidentiality, integrity, and availability. This vulnerability is particularly concerning as it impacts sectors like energy and manufacturing, where security is crucial. Users are advised to upgrade to version 3.011 or later to mitigate the risks associated with this vulnerability.
ABB has identified a vulnerability, CVE-2026-31431, in its ABB Ability Edgenius platform, which affects versions 3.2.0.0 to 3.2.4.0. This vulnerability is linked to a flaw in the Linux kernel's cryptographic interface that could allow a locally authenticated user to gain elevated privileges, potentially leading to full control of the system. While there have been no reports of this vulnerability being exploited in the wild, ABB recommends that users update to version 3.2.4.1 to mitigate the risk. Users should also limit access to their systems to enhance security. This incident underscores the importance of timely software updates and access controls in protecting against potential exploits.
ABB has identified a vulnerability in its Advant Master Online Builder products that could allow unauthorized code execution due to improper handling of search paths for loading dynamic link libraries (DLLs). Affected versions include Control Builder A versions up to 1.4/4 and multiple iterations of 800xA for Advant Master. To mitigate the risk, ABB has released updates that resolve the vulnerability, advising users to upgrade to specific patched versions. Importantly, the vulnerability requires physical access to the system, which limits its exploitability. However, users are still urged to manage access strictly and enforce strong security practices to prevent potential exploitation.
The Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating they are being actively exploited in the wild. The vulnerabilities include two related to SonicWall SMA1000 Appliances, specifically a server-side request forgery and a code injection vulnerability. Additionally, there are two Microsoft vulnerabilities affecting Active Directory Federation Services and SharePoint Server, which involve insufficient access control and missing authentication for critical functions, respectively. These vulnerabilities pose significant risks, especially to federal agencies, as they can lead to total asset control by attackers post-exploitation. CISA's guidance encourages all organizations to prioritize remediation of these high-risk vulnerabilities to enhance their security posture.
SAP has issued a warning regarding 16 vulnerabilities in various products, with three of these classified as critical. The affected products include NetWeaver, Commerce Cloud, and AppRouter. These flaws could potentially allow attackers to exploit weaknesses in the systems, which is particularly concerning for organizations relying on these platforms for their operations. Users of these SAP products should take immediate action to address these vulnerabilities to protect their data and systems. The update comes as part of SAP's July 2026 security updates, emphasizing the ongoing need for vigilance in cybersecurity practices.
FIFA's network has been found to have significant vulnerabilities that could be accessed by individuals with minimal permissions. This raises serious security concerns about the integrity of sensitive information within FIFA's systems. The implications are broad, particularly for user data and operational security, as attackers could potentially exploit these weaknesses to gain unauthorized access. It is crucial for FIFA and similar organizations to address these vulnerabilities to protect against potential breaches and ensure the safety of their digital infrastructure. The situation highlights the need for ongoing security assessments in high-profile organizations.
SCM feed for Latest
Security researchers at Varonis have found vulnerabilities in Google Cloud's Dialogflow CX, a platform widely used for creating chatbots. These flaws could allow attackers to hijack AI agents, potentially leading to unauthorized access and misuse of chatbot functionalities. Organizations using Dialogflow CX should be particularly vigilant, as this could impact customer interactions and data security. The discovery raises concerns about the security of AI-driven applications and the need for more stringent safeguards in cloud-based platforms. Users are encouraged to review their configurations and stay updated on any fixes released by Google.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about security vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla. Attackers are exploiting these flaws to execute remote code on affected systems by uploading arbitrary files. This situation poses a significant risk to users of these Joomla extensions, as it could allow unauthorized access and control over their websites. Organizations using these extensions should take immediate action to protect their systems and prevent potential breaches. Ignoring these vulnerabilities could lead to severe consequences, including data theft and website defacement.
A recently discovered vulnerability in RabbitMQ allows unauthenticated attackers to access the broker's confidential OAuth client secret. This could give them the ability to take control of the broker, posing a significant risk to enterprise systems that rely on this messaging platform. Organizations using RabbitMQ should be particularly vigilant as this flaw could lead to unauthorized access and data breaches. The issue underscores the need for companies to regularly update their security measures and monitor for potential intrusions. As RabbitMQ is widely used in various applications, the implications of this vulnerability could be far-reaching if not addressed promptly.
The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability, CVE-2008-4128, to its Known Exploited Vulnerabilities Catalog. This vulnerability affects Cisco IOS and is associated with cross-site request forgery, which allows attackers to exploit vulnerable systems. It poses significant risks, particularly for federal agencies, as it can lead to total control over affected assets after exploitation. CISA's Binding Operational Directive 26-04 emphasizes the need for federal agencies to prioritize rapid remediation of such high-risk vulnerabilities. While this directive primarily applies to federal agencies, CISA encourages all organizations to adopt similar practices for managing vulnerabilities effectively. Agencies are also urged to check for any compromises before applying patches to mitigate risks.