Deep Analysis
Threat Articles
Long-form security analysis and prioritization guidance. 65 records found.
Woodpecker CI gRPC Agent ID Spoofing Vulnerability Allows Cross-Tenant Impersonation
A vulnerability in Woodpecker CI's gRPC layer (CVE-2026-50141, CVSS 7.1) allows authenticated agents to impersonate other agents by spoofing the `agent_id` metadata. This issue enables cross-tenant impersonation, potentially leading to unauthorized access and privilege escalation. Affected versions include Woodpecker CI 3.0.0 to 3.14.1. Immediate patching or workarounds are recommended.
Critical Vulnerability in User Registration & Membership WordPress Plugin Allows Unauthorized Role Elevation
A high-severity vulnerability (CVE-2026-11963, CVSS 8.1) exists in the User Registration & Membership WordPress plugin prior to version 5.2.2. This flaw allows any authenticated user, including subscribers, to change another user's WordPress role and membership tier without proper authorization. The vulnerability has not been actively exploited but poses a significant risk due to its ease of exploitation and potential impact.
Critical Use-After-Free Vulnerability in Zephyr's Dynamic Kernel-Object Tracking (CVE-2026-10667)
A critical use-after-free vulnerability (CVE-2026-10667) has been discovered in Zephyr's dynamic kernel-object tracking, affecting SMP systems with userspace enabled. This vulnerability allows a deprivileged user thread to corrupt kernel object-tracking structures, potentially leading to privilege escalation or denial of service. The vulnerability has a CVSS score of 7.8 and affects Zephyr versions from 1.14.0 to 4.4.0. Immediate patching is recommended to prevent potential exploitation.
CVE-2026-15484: Buffer Overflow Vulnerability in TRENDnet TEW-821DAP
A buffer overflow vulnerability (CVE-2026-15484) with a CVSS score of 8.8 affects TRENDnet TEW-821DAP version 1.12B01. The vulnerability is in the /goform/tools_nslookup component and can be exploited remotely. The vendor has confirmed the vulnerability but notes that the product is End-of-Life (EOL) and no longer supported. Immediate patching or mitigation is recommended.
Critical Vulnerability in Swiss Toolkit For WP Plugin: Arbitrary File Upload and Potential RCE
The Swiss Toolkit For WP plugin for WordPress, versions up to and including 1.4.6, is vulnerable to arbitrary file upload due to a flawed file type validation bypass. This allows authenticated attackers with Author-level access to upload arbitrary files, potentially leading to remote code execution if the 'Enhanced Multi-Format Image Support' feature is enabled. The vulnerability has a CVSS score of 8.8, indicating high severity. Immediate patching is recommended.
Unauthenticated Access Vulnerability in Clauster Dashboard
A critical vulnerability in Clauster, a dashboard and API management tool, allows unauthenticated access to its entire dashboard and API when deployed on non-loopback addresses and authentication is not properly enabled. This affects all released versions up to 0.2.1. An attacker with network access can gain full control, enabling remote code execution in project directories. Immediate action is required to set auth.enabled to true or bind to loopback addresses with secure access controls.
Critical Vulnerability in OpenStack Ironic: CVE-2026-54423
A critical vulnerability (CVE-2026-54423) has been discovered in OpenStack Ironic, allowing an authenticated user to send arbitrary IPMI commands to a node, bypassing access control. This vulnerability has a CVSS score of 8.2 and affects multiple versions of OpenStack Ironic. Immediate patching is recommended to prevent potential exploitation.
Critical RCE Vulnerability in Xerte Online Tools (CVE-2026-12116)
A critical vulnerability (CVE-2026-12116) with a CVSS score of 9.8 has been discovered in Xerte Online Tools, allowing for remote code execution (RCE) through manipulation of the antivirus binary path in the tools server settings. This vulnerability affects versions prior to v3.15.5 and 3.14.6. Immediate patching is recommended to prevent potential exploitation.
CVE-2026-14245: Critical Authentication Bypass in miniOrange OTP Login, Verification and SMS Notifications Plugin
The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to take control of an arbitrary Administrator account. The plugin's flawed implementation of the password reset process enables attackers to obtain a freshly generated password-reset URL for an Administrator account. Immediate patching is recommended.
CVE-2026-58480: Critical Unauthenticated Arbitrary File Upload Vulnerability in Blocksy Companion Pro Plugin
A critical vulnerability (CVE-2026-58480, CVSS 9.8) exists in the Blocksy Companion Pro plugin for WordPress before version 2.1.47. This unauthenticated arbitrary file upload vulnerability allows attackers to upload executable files, bypassing extension validation in the save_attachments function exposed through the Advanced Reviews feature. Successful exploitation leads to remote code execution. Immediate patching is recommended.
CVE-2026-14495: Critical Authentication Bypass in DoLogin Security Plugin for WordPress
The DoLogin Security plugin for WordPress is vulnerable to authentication bypass due to insufficient randomness in all versions up to and including 4.3. This vulnerability allows unauthenticated attackers to brute-force a limited seed space and reconstruct active passwordless login tokens, enabling them to authenticate as any targeted user, including administrators, without a password. The vulnerability has a CVSS score of 8.8 and requires a valid, unexpired passwordless login link to exist for the target account. Immediate patching is recommended.
Authenticated File Upload Vulnerability in Vtiger CRM Leading to Remote Code Execution (CVE-2026-23697)
A critical vulnerability (CVE-2026-23697) has been discovered in Vtiger CRM versions prior to 8.4.0. This authenticated file upload vulnerability allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module. The vulnerability has a CVSS score of 8.8 and is considered high severity. Organizations using affected versions of Vtiger CRM should immediately upgrade to version 8.4.0 or apply recommended mitigations.
CVE-2026-6509: Missing Authorization in TUBITAK BILGEM Pardus Update Leads to Privilege Escalation
A Missing Authorization vulnerability, CVE-2026-6509, with a CVSS score of 7.8, was discovered in TUBITAK BILGEM Software Technologies Research Institute's Pardus Update. This vulnerability allows for Privilege Escalation and affects versions up to 0.6.3 before 0.6.6. Although not actively exploited, the vulnerability poses a high risk due to its local attack vector and potential for high impact. Immediate patching to version 0.6.6 or later is recommended.
CVE-2026-14693: Improper Authorization in SourceCodester Multi-Vendor Online Grocery Management System 1.0
A vulnerability has been discovered in the SourceCodester Multi-Vendor Online Grocery Management System 1.0, specifically in the `cancel_order` function of the `classes/Master.php` file. This flaw leads to improper authorization, allowing remote attackers to manipulate the system without proper permissions. The vulnerability has a CVSS score of 5.4 and is classified as medium severity. While it has not been reported as actively exploited, a proof-of-concept exploit has been published.
Critical Vulnerability in n8n Execute Command Node Allows Arbitrary Command Execution
A critical vulnerability, CVE-2025-71380, with a CVSS score of 8.8, was discovered in the Execute Command node of n8n, a workflow automation tool. This vulnerability allows authenticated users to execute arbitrary commands on the host system, potentially leading to data exfiltration, service disruption, or complete system compromise. The vulnerability affects n8n versions up to 1.114.4 and has not been reported as actively exploited. Immediate patching or mitigation is recommended.
Critical Missing Authorization Vulnerability in TUBITAK BILGEM pardus-software
A critical Missing Authorization vulnerability, CVE-2026-14460, with a CVSS score of 8.8, was discovered in TUBITAK BILGEM's pardus-software. This vulnerability allows for Argument Injection and affects versions <= 1.0.4 before 1.0.5. Although not actively exploited, the vulnerability poses a high risk due to its local attack vector and potential for high impact. Immediate patching to version 1.0.5 is recommended.
Critical Vulnerability in UniFi Connect Application: CVE-2026-50746
A critical Improper Access Control vulnerability (CVE-2026-50746) with a CVSS score of 10 has been discovered in the UniFi Connect Application. This vulnerability allows a malicious actor with network access to execute Command Injection on the host device. The affected version is UniFi Connect Application < 3.4.20. Immediate patching is recommended to prevent potential exploitation.
Critical Vulnerability in GeoWebPlayer: CVE-2026-13132
A critical vulnerability, CVE-2026-13132, with a CVSS score of 8.3, was discovered in GeoWebPlayer, an addon for various GeoVision software. The vulnerability allows for out-of-bound access to arrays using the `index` value in the `setStream` command, potentially leading to remote code execution, high impact on confidentiality, integrity, and availability. Affected versions include V1.1.1.0, and the vendor has released a patched version V1.1.3.0. Immediate patching is recommended.
Apify Model Context Protocol (MCP) Server: Actor MCP Path Authority Injection Leaks Apify Token
A vulnerability in `@apify/actors-mcp-server` version `0.10.7` allows an attacker to inject a malicious `webServerMcpPath` value, causing the MCP client to exfiltrate the victim's Apify API token to the attacker's server. This is a Server-Side Request Forgery (SSRF) / URL authority injection vulnerability with a CVSS Base Score of 8.1 (High).
Critical Privilege Escalation Vulnerability in Rancher Manager
A critical vulnerability (CVE-2026-41052) with a CVSS score of 9.4 has been identified in Rancher Manager, allowing users with the Project Owner role to escalate privileges to the host level. This vulnerability is exploitable under specific access patterns, enabling attackers to deploy privileged containers, access host-level resources, and potentially compromise the entire cluster. The vulnerability has not been actively exploited but requires immediate attention. Affected versions can be patched by upgrading to Rancher versions v2.12.10, v2.13.6, or v2.14.2.
Authenticated Command Injection in Coolify: CVE-2026-27957
A critical vulnerability (CVE-2026-27957) with a CVSS score of 8.8 was discovered in Coolify, an open-source tool for managing servers, applications, and databases. This authenticated command injection vulnerability allows any authenticated user to execute arbitrary commands as the configured SSH user on the managed server host, potentially leading to complete compromise of the managed server and associated docker containers. The vulnerability is fixed in version 4.0.0-beta.464. Organizations using Coolify should immediately upgrade to the patched version.
Critical Authentication Bypass Vulnerability in Rancher GitHub Authentication Provider (CVE-2026-41053)
A critical vulnerability (CVE-2026-41053) with a CVSS score of 8.8 was discovered in the Rancher GitHub authentication provider. This vulnerability allows for incorrect authentication caching, granting principal access to any logged-in user. Affected versions include Rancher 2.13 before 2.13.6 and 2.14 before 2.14.2. Organizations are urged to upgrade to patched versions immediately to prevent potential authentication bypass attacks.
Critical Vulnerability in vscode-java Extension Allows Arbitrary Command Execution
A critical vulnerability, CVE-2026-12856, with a CVSS score of 8.8, was found in the vscode-java extension for Visual Studio Code. This flaw allows a malicious Java file to include hidden commands that can be executed when a user clicks a specially crafted link in a JavaDoc hover popup, potentially leading to full system compromise in trusted workspaces. The vulnerability is currently not actively exploited but requires immediate attention due to its high severity and potential impact. Affected products include Red Hat OpenShift Dev Spaces. Users are advised to apply patches or updates as soon as possible.
Memory Safe Context Switching Vulnerability in Fil-C
A vulnerability in Fil-C's context switching mechanism using longjmp and setjmp has been disclosed. This issue relates to memory safety and could potentially lead to security problems if not properly addressed. The vulnerability is not currently being actively exploited. Organizations using Fil-C should review their configurations and update to patched versions if available.
CVE-2026-13518: Tenda JD12L Stack-Based Buffer Overflow Vulnerability
A stack-based buffer overflow vulnerability has been discovered in Tenda JD12L version 16.03.53.23. The vulnerability affects the fromAddressNat function in the /goform/addressNat file and can be exploited remotely. The CVSS score for this vulnerability is 8.8, indicating a high severity. Although it is not currently being actively exploited, the exploit has been disclosed to the public and may be used.
SQL Injection Vulnerability in SourceCodester Class and Exam Timetabling System
A SQL injection vulnerability has been discovered in SourceCodester Class and Exam Timetabling System 1.0, specifically in the /preview7.php file. The vulnerability is caused by the manipulation of the course_year_section argument and can be exploited remotely. The CVSS score for this vulnerability is 7.3, indicating a high severity. Although it is not currently being actively exploited, the exploit has been released to the public and may be used for attacks. Immediate patching or mitigation is recommended.
CVE-2026-13333: SQL Injection Vulnerability in Groundhogg Plugin for WordPress
The Groundhogg plugin for WordPress is vulnerable to a generic SQL injection attack via the 'query[select]' parameter in versions up to and including 4.5.5. This vulnerability allows authenticated attackers with Sales Representative-level access and above to append additional SQL queries to extract sensitive information from the database. The CVSS score for this vulnerability is 6.5, indicating a medium severity. Organizations using the affected versions of the Groundhogg plugin should apply the necessary patches immediately to prevent potential exploitation.
Critical Unauthenticated SQL Injection Vulnerability in JetBooking Plugin
A critical SQL injection vulnerability (CVE-2026-54820) has been discovered in the JetBooking plugin, affecting versions up to 4.0.4.1. This unauthenticated vulnerability has a CVSS score of 9.3, indicating a high severity threat. Successful exploitation could lead to unauthorized access to sensitive data. Immediate patching to version 4.0.4.2 or later is strongly recommended.
CVE-2026-2053: WSO2 API Manager WS-Addressing Header Manipulation Vulnerability
A critical vulnerability (CVE-2026-2053) in WSO2 API Manager's message flow component allows unauthenticated attackers to manipulate WS-Addressing headers, potentially leading to unauthorized access to internal network resources. The vulnerability has a CVSS score of 8.3 and is considered high severity. Affected versions include WSO2 API Manager 3.1.0 to 4.2.0. Immediate patching is recommended.
Critical SQL Injection Vulnerability in SALESmanago & Leadoo Plugin
A critical SQL injection vulnerability, CVE-2026-54822, has been discovered in the SALESmanago & Leadoo plugin versions up to 3.11.2. This vulnerability has a CVSS score of 8.5, indicating high severity. Although not actively exploited, it poses a significant risk due to its potential for unauthorized data access. Immediate patching to version 3.11.3 or later is recommended.