A serious vulnerability in MetInfo CMS, labeled CVE-2026-29014, has been discovered that allows unauthenticated attackers to execute arbitrary PHP code remotely. This flaw has a high severity rating of 9.8, indicating a significant risk to users of the platform. Organizations using MetInfo should be particularly vigilant, as this could lead to unauthorized access and control over their websites. As of now, there are concerns that this vulnerability is being actively exploited, which underscores the urgency for users to take action. It is crucial for affected users to apply any available patches and review their security measures to protect against potential intrusions.
Articles tagged "Vulnerability"
Found 949 articles
Ransomware attacks are increasingly successful even when organizations have backups, primarily because attackers often target and destroy these backups before encrypting the main data. Acronis explains that this tactic leaves victims with little to no options for recovery, as the backups become unusable. This highlights a significant vulnerability in many organizations' cybersecurity strategies, as they may rely too heavily on backups without considering their protection. Companies need to bolster their defenses by securing backup systems and implementing strategies that can withstand ransomware attacks, ensuring they have a path to recovery even if their primary data is compromised.
Security Affairs
Apache has released updates to address multiple vulnerabilities in its HTTP Server, including a serious flaw identified as CVE-2026-23918. This vulnerability, which has a CVSS score of 8.8, is a double-free error in the handling of HTTP/2 requests. If exploited, it could allow attackers to execute arbitrary code on affected systems. Organizations using Apache HTTP Server, particularly those enabling HTTP/2, should prioritize updating their software to mitigate this risk. The nature of the flaw makes it critical for system administrators to be proactive in applying the latest patches to safeguard against potential attacks.
Palo Alto Networks has issued a warning regarding a serious, unpatched vulnerability in the User-ID Authentication Portal of its PAN-OS. This flaw, categorized as a remote code execution (RCE) vulnerability, is currently being exploited in real-world attacks, putting users at significant risk. Organizations using affected versions of PAN-OS should be particularly vigilant as attackers may leverage this weakness to gain unauthorized access to systems. It's crucial for companies to assess their firewall configurations and implement necessary security measures to protect against potential breaches. The situation underscores the need for prompt action in addressing vulnerabilities as they arise.
Palo Alto Networks has issued a warning about a serious vulnerability in its PAN-OS, identified as CVE-2026-0300, which has a high severity score of 9.3. This flaw, a buffer overflow, allows attackers to execute remote code without authentication, making it particularly dangerous. The company reports that this vulnerability is currently being exploited in the wild, putting numerous users at risk. Organizations that rely on PAN-OS should prioritize addressing this vulnerability to prevent unauthorized access and potential system compromise. Immediate action is critical to mitigate the risks associated with this active threat.
Palo Alto Networks has announced a patch for a zero-day vulnerability, identified as CVE-2026-0300, that affects the Captive Portal service in its PAN-OS software. This vulnerability impacts both PA and VM series firewalls, allowing attackers to exploit the system and potentially gain unauthorized access. The existence of this zero-day exploit means that it is currently being used in the wild, putting users at risk. Companies using these firewalls should prioritize applying the upcoming patch to safeguard their networks. This incident underscores the need for organizations to stay vigilant and maintain their systems updated to protect against emerging threats.
A recent breach involving Trellix's source code has raised concerns about security in the software supply chain. Although details remain limited, such incidents can expose sensitive information about how security controls are implemented and detection mechanisms are structured. This type of vulnerability allows attackers to understand better how to bypass defenses, potentially putting users and organizations at risk. The incident serves as a reminder of the ongoing dangers associated with software supply chain security, emphasizing the need for companies to evaluate their security practices and monitor for potential exploitation. As these breaches become more common, it is crucial for developers and security teams to remain vigilant.
A critical vulnerability in the Weaver E-cology platform has been identified, allowing remote code execution (RCE) that could expose sensitive enterprise workflows and data. This flaw poses a significant risk to organizations using the software, as attackers can exploit it to gain unauthorized access to critical systems and information. The vulnerability is currently being actively exploited, which raises immediate concerns for businesses that rely on Weaver E-cology for their operations. Security experts are urging affected users to take swift action to mitigate the risks associated with this flaw. The situation underscores the need for organizations to remain vigilant and proactive in addressing security vulnerabilities.
Security Affairs
In April 2026, Vimeo confirmed that hackers accessed the personal data of 119,000 users through a breach involving a third-party vendor, Anodot. The ShinyHunters group, known for targeting various companies, exploited this vulnerability to steal sensitive information. This incident raises concerns about the security of third-party services that companies rely on, as they can serve as weak links in the overall security chain. Users affected by this breach should be vigilant about their personal information and consider changing their passwords, especially if they use the same credentials across multiple platforms. The breach serves as a reminder for companies to evaluate their partnerships and ensure that vendors adhere to strict security protocols.
SCM feed for Latest
The UK's National Cyber Security Centre (NCSC) has issued a warning about the increasing use of artificial intelligence by cybercriminals to find software vulnerabilities. Attackers are now able to discover weaknesses in systems much faster, which raises the stakes for companies and organizations relying on software to protect their data. This surge in rapid vulnerability discovery means that businesses must prioritize timely patching and updates to safeguard their systems. The NCSC's alert serves as a wake-up call for organizations to bolster their security measures in response to this evolving threat landscape. With attackers gaining an edge through AI, the urgency for effective cybersecurity practices is more critical than ever.
Progress Software has issued a warning about a serious vulnerability in MOVEit Automation, identified as CVE-2026-4670. This flaw impacts several versions of the software, which is widely used for automating file transfers and workflows. Organizations using affected versions should be concerned, as this vulnerability could potentially be exploited by attackers to gain unauthorized access or disrupt operations. It is crucial for companies to assess their systems and apply necessary updates to protect sensitive data. The company has urged users to monitor their systems closely and take immediate action to mitigate any risks associated with this vulnerability.
Hackers have been exploiting a significant vulnerability in Weaver E-cology, a platform used by various organizations in China for managing workflows and documents. According to threat intelligence firm Vega, these attacks have been targeting institutions that rely on this software for their internal business processes. The situation raises concerns for affected organizations, as successful exploitation could lead to unauthorized access to sensitive information and disruption of critical operations. As this vulnerability is actively being used by attackers, it is crucial for users of Weaver E-cology to take immediate action to protect their systems. Organizations should remain vigilant and consider reviewing their security protocols to mitigate potential risks.
A recent report from HeroDevs highlights a significant security gap in the use of Software Composition Analysis (SCA) tools, particularly regarding end-of-life (EOL) open source software. These tools often miss critical vulnerabilities in software that is no longer supported, leaving organizations exposed to risks they might not even be aware of. As many companies rely on outdated libraries, they may inadvertently introduce security weaknesses into their projects. HeroDevs is offering a free scan for users to identify EOL software in their projects, which can help organizations take proactive steps to secure their applications. This situation underscores the need for developers and security teams to regularly assess their software dependencies and update or replace outdated components to mitigate risks.
A serious vulnerability, identified as CVE-2026-0073, has been discovered in the Android System component. This flaw allows attackers to execute remote code without any user interaction, posing a significant risk to devices running affected versions of Android. Users of Android devices should be particularly cautious, as this vulnerability could lead to unauthorized access and control over their devices. The potential for exploitation is high, making it crucial for users to apply the latest security updates. Android's security team has addressed this issue by releasing a patch to fix the vulnerability, and all users are encouraged to update their devices promptly to mitigate any risks.
The Hacker News
Researchers from VulnCheck have identified a serious vulnerability in MetInfo, an open-source content management system. The flaw, designated as CVE-2026-29014, has a high severity score of 9.8 and allows for remote code execution through code injection. This issue affects MetInfo versions 7.9, 8.0, and 8.1, leaving users at risk of attackers executing arbitrary code on their servers without authentication. The vulnerability is currently being exploited in the wild, making it imperative for users of these versions to take immediate action. Failure to address this vulnerability could lead to unauthorized access and potential data breaches.