Articles tagged "CVE"

Found 341 articles

Actively Exploited

CISA has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, specifically CVE-2026-48282, which affects Adobe ColdFusion. This path traversal vulnerability allows attackers to gain unauthorized access and control over affected systems, posing significant risks, particularly to federal agencies. The Binding Operational Directive (BOD) 26-04 emphasizes the need for federal agencies to address high-risk vulnerabilities quickly, while also encouraging all organizations to adopt similar risk-based vulnerability management practices. CISA will continue to update the catalog as new vulnerabilities are identified, and organizations are urged to report any exploited vulnerabilities not currently listed. Rapid remediation is essential to mitigate potential exploitation risks.

Read Original

Hydro-Québec's Le Circuit Electrique charging station backend has several critical vulnerabilities that could be exploited by attackers. These include improper access controls that allow unauthorized connections, insufficient restrictions on authentication attempts, and the ability to overload the system with multiple connections. If exploited, these vulnerabilities could lead to privilege escalation or denial-of-service attacks, affecting the operation of charging stations across Canada. Hydro-Québec has taken steps to mitigate these risks by disabling certain protocols and implementing stronger authentication measures. Users of these charging stations should remain vigilant and ensure their systems are updated to protect against potential exploitation.

Read Original
Critical
Siemens Mendix Studio Pro

All CISA Advisories

Siemens Mendix Studio Pro has a significant security vulnerability that affects multiple versions of the software, specifically those before version 11.12. This flaw allows attackers to execute arbitrary code by tricking users into opening malicious project files during the build process. The affected versions include Mendix Studio Pro 10.11 through 10.24, as well as 11.0 through 11.9. Siemens has released updates to address this issue, urging users to upgrade to version 10.24.21 or later, or version 11.6.7 or later. This vulnerability poses a serious risk, particularly in critical sectors like manufacturing and energy, making timely updates essential to protect user systems from potential exploits.

Read Original
Critical
Labcenter Proteus 9

All CISA Advisories

Labcenter Electronics' Proteus 9 software has been found to have several critical vulnerabilities, including out-of-bounds write, stack-based buffer overflow, and use-after-free issues. These vulnerabilities could allow attackers to execute arbitrary code on affected installations, potentially compromising sensitive systems in various sectors like healthcare, energy, and defense. Specifically, version 9.1_SP4_Build_42914 is affected, and users are urged to upgrade to the latest version, 9.2 SPO, to protect against these risks. While there are currently no known public exploits actively targeting these vulnerabilities, the potential for abuse remains concerning. It’s crucial for organizations to apply the recommended updates and implement security measures to safeguard their systems.

Read Original
Critical
Hitachi Energy e-mesh EMS

All CISA Advisories

Hitachi Energy has identified a buffer overflow vulnerability in specific versions of its e-mesh EMS product, which could lead to application outages and potential arbitrary code execution. The affected versions include e-mesh EMS 4.1.6, 4.4.2, and 4.7.0, which utilize NGINX versions 1.30.0 and below. Attackers could exploit this vulnerability by sending specially crafted HTTP requests under certain conditions, particularly if the system's Address Space Layout Randomization (ASLR) is disabled. Users are advised to apply a hotfix to update NGINX to version 1.30.2 or later and ensure ASLR is active. This vulnerability poses a significant risk to critical infrastructure sectors like energy, as it could lead to denial of service and operational disruptions.

Read Original

Digi International has identified serious vulnerabilities in several of its products, including the PortServer TS, Digi One SP, and Digi One SP IA. These flaws could allow attackers to bypass authentication, access restricted resources, and even inject malicious scripts into the system. Specifically, CVE-2026-12352 enables unauthenticated users to gain unauthorized access, while CVE-2026-12948 allows authenticated administrators to execute scripts via the web management interface. Users of affected devices, particularly in critical sectors like manufacturing and transportation, are urged to upgrade to newer products or implement immediate security measures to mitigate risks. Failure to address these vulnerabilities could lead to significant security breaches.

Read Original

A group of hackers believed to be aligned with China is targeting universities in the U.S. and Canada, specifically their physics and engineering departments, using vulnerabilities in Roundcube webmail software. These attackers are exploiting critical security flaws, including CVE-2024-42009, which has a CVSS score of 9.3. This vulnerability allows them to steal user credentials from the affected systems, raising serious concerns about the security of sensitive academic information. The fact that these exploits are targeting educational institutions highlights the ongoing risk that cyber threats pose to the academic sector, which often holds valuable research and personal data. Universities need to ensure their software is up-to-date to protect against such attacks.

Read Original

The CERT Coordination Center (CERT/CC) has issued a warning about a serious vulnerability in several firmware versions from Tenda, a Chinese manufacturer of network devices. Researchers discovered an undocumented backdoor that allows attackers to gain administrative access to the web management interfaces of affected routers, bypassing the usual password protections. This vulnerability is identified as CVE-2026-11405 and poses a significant risk to users, as it could enable unauthorized control of the devices. Owners of Tenda routers are urged to take immediate action to secure their devices, as this flaw could lead to further exploitation. The discovery raises concerns about the security practices of IoT device manufacturers and the implications for consumer privacy and network safety.

Read Original

BeyondTrust has issued urgent updates to fix two serious vulnerabilities in its Remote Support and Privileged Remote Access products. These flaws, identified as CVE-2026-40138 and another unnamed vulnerability, could allow attackers to gain control over affected devices without needing authentication. The vulnerabilities score a high 9.2 on the CVSS scale, indicating their severity. Users of BeyondTrust's Remote Support and PRA should prioritize applying these updates to mitigate the risk of unauthorized access. With the potential for exploitation, this situation underscores the importance of timely patch management in maintaining security.

Read Original

A vulnerability in the Linux KVM hypervisor has been discovered, allowing guest virtual machines (VMs) to escape and potentially compromise the host system. This flaw, identified as CVE-2026-53359 and nicknamed 'Januscape,' arises from a use-after-free bug within the shadow MMU code that is utilized by both Intel and AMD x86 architectures. Researchers have demonstrated a proof-of-concept that can crash the host machine, raising concerns about the security of virtualized environments. The existence of an unreleased exploit that could further exploit this vulnerability has also been claimed, suggesting that the risk is significant. Organizations using Linux KVM on affected systems should take immediate precautions to secure their environments.

Read Original
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

The Hacker News

Actively Exploited

Researchers at Sysdig have reported that threat actors are actively trying to exploit a serious security vulnerability in Gitea Docker images, identified as CVE-2026-20896. This flaw, which carries a CVSS score of 9.8, allows unauthorized internet clients to gain elevated access by manipulating the 'X-WEBAUTH-USER' header. The vulnerability arises because Gitea's DevOps platform trusts this header from any source IP address, making it easier for attackers to gain control. The attempts to exploit this vulnerability began just 13 days after it was disclosed, indicating that attackers are quick to act on newly revealed weaknesses. Companies using Gitea should prioritize applying the latest patches to protect their systems from potential breaches.

Read Original

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in Microsoft SharePoint that is currently being exploited by attackers. This vulnerability, identified as CVE-2026-45659, allows for remote code execution, which means that hackers can run malicious code on affected systems. Organizations using SharePoint should take this threat seriously, as it could lead to unauthorized access and data breaches. Microsoft has already released a patch to address this issue, so it's crucial for users to apply the update as soon as possible to protect their systems from potential exploitation.

Read Original

Researchers at Cato AI Labs have identified two serious vulnerabilities in Cursor, an AI code editor. These flaws, named DuneSlide and tracked as CVE-2026-50548 and CVE-2026-50549, could allow an attacker to bypass the editor's safety sandbox using a seemingly harmless prompt. This means that any command could potentially be executed on a developer's computer without requiring any user interaction, such as clicks or approvals. With a severity rating of 9.8 out of 10, these vulnerabilities pose a significant risk to developers using Cursor. It is crucial for users to remain vigilant and consider the implications of these flaws on their systems and data security.

Read Original

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the BlueHammer vulnerability, identified as CVE-2026-33825, is now being exploited in ransomware attacks. This flaw allows attackers to escalate privileges within Microsoft Defender, potentially giving them SYSTEM-level access. Initially, BlueHammer was just a proof-of-concept, but it has now transitioned into a real threat actively being used by cybercriminals. Organizations using Microsoft Defender should be particularly vigilant as this vulnerability poses a significant risk to their security posture. Immediate action is required to mitigate the potential impacts of these ransomware attacks as they become more widespread.

Read Original

Researchers have discovered that attackers are exploiting a serious vulnerability in Langflow, identified as CVE-2026-33017, which has a CVSS score of 9.3. This flaw allows for unauthenticated remote code execution (RCE), making it a prime target for cybercriminals. In recent attacks, these hackers have been using the vulnerability to deploy a Monero cryptocurrency miner on exposed AI application endpoints. Organizations using Langflow need to be particularly vigilant as the vulnerability is actively being exploited. This situation underscores the critical need for timely updates and security measures to protect sensitive systems from unauthorized access.

Read Original
PreviousPage 3 of 23Next