VulnHub

Ivanti has patched two vulnerabilities in its Neurons for IT Service Management (ITSM) product that could allow remote attackers to maintain access to user accounts even after they have been disabled. Additionally, these flaws could enable attackers to access information from other user sessions. This raises serious concerns for organizations using Ivanti's ITSM solutions, as it puts sensitive user data at risk and undermines account security. Companies should ensure they update to the latest versions to mitigate these risks and protect their systems from potential exploitation. The vulnerabilities highlight the need for continuous monitoring and prompt application of security patches in IT management tools.

A serious vulnerability identified as CVE-2026-5194 has been found in wolfSSL, affecting a vast array of devices, including Internet of Things (IoT) devices, routers, and military systems. This flaw allows attackers to forge digital identities, which poses a significant risk to the security of billions of devices globally. Users and organizations utilizing wolfSSL should promptly update to version 5.9.1 to mitigate this risk. The widespread impact of this vulnerability emphasizes the importance of regular software updates to maintain security across various platforms. Failure to address this issue could lead to unauthorized access and potential exploitation of sensitive systems.

OpenAI has announced that its Mac applications require an update due to a security incident linked to the Axios hack. The company reported that a developer tool inadvertently fetched a compromised version of a widely used open-source library. However, OpenAI reassured users that the integrity of its overall systems and software remained intact. This incident highlights the risks associated with third-party libraries and the importance of maintaining secure development practices. Users of OpenAI's Mac apps should ensure they update to the latest versions to mitigate any potential issues arising from this vulnerability.

In the latest update, Chrome version 147 has addressed a total of 60 vulnerabilities, including two that are classified as critical. These critical flaws are linked to the browser's WebML component and were reported by anonymous researchers. The vulnerabilities are significant enough that they come with a combined bounty of $86,000 for anyone who can exploit them. Users of Chrome should ensure they are using the updated version to protect against potential attacks. Regular updates like this are crucial as they help safeguard users from newly discovered security risks.

A recently patched vulnerability in the EngageLab SDK, a third-party software development kit used in many Android applications, has potentially exposed the private data of around 50 million users, including 30 million cryptocurrency wallet holders. The flaw allowed apps on the same device to bypass Android's security measures, enabling unauthorized access to sensitive information. This incident raises significant concerns about the security of users' cryptocurrency assets, as the compromised data could have led to theft or fraud. Developers using the EngageLab SDK are urged to update their applications to protect users from potential attacks. The vulnerability was identified and addressed, but users should remain vigilant about app permissions and security practices.

OpenSSL has released patches for seven vulnerabilities, with many of them potentially allowing denial-of-service (DoS) attacks. The most notable of these is a data leakage vulnerability that could expose sensitive information. This issue affects a wide range of systems that rely on OpenSSL for secure communications, making it crucial for organizations to update their software to protect against possible exploits. Users and companies should prioritize applying the latest updates to mitigate risks associated with these vulnerabilities. Ignoring these patches could leave systems vulnerable to attacks that disrupt services or compromise data security.

A critical vulnerability has been discovered in Ninja Forms, a popular WordPress plugin, with a severity rating of 9.8 out of 10. This flaw affects versions up to 3.3.26 and could allow attackers to execute remote code on affected sites. Users running this version of Ninja Forms are at significant risk, as the vulnerability could be exploited to gain unauthorized access or control over their websites. It's crucial for website administrators to address this issue promptly to prevent potential exploitation. Users should update to the latest version of the plugin to protect their sites from this serious threat.

Grafana has patched a significant vulnerability that could have allowed attackers to exploit artificial intelligence features on their platform. By embedding harmful instructions in a webpage controlled by the attacker, the AI could interpret these commands as legitimate requests, potentially leading to the exposure of sensitive user data. This issue raises concerns for organizations using Grafana, as it highlights the risks associated with AI integrations in web applications. Users are advised to update their Grafana installations to safeguard against this vulnerability, which could have serious implications for data security if left unaddressed.