Tag

#Vulnerability

articleHIGH 8.1

Critical Vulnerability in User Registration & Membership WordPress Plugin Allows Unauthorized Role Elevation

A high-severity vulnerability (CVE-2026-11963, CVSS 8.1) exists in the User Registration & Membership WordPress plugin prior to version 5.2.2. This flaw allows any authenticated user, including subscribers, to change another user's WordPress role and membership tier without proper authorization. The vulnerability has not been actively exploited but poses a significant risk due to its ease of exploitation and potential impact.

1 source
articleHIGH 8.2

Critical Vulnerability in OpenStack Ironic: CVE-2026-54423

A critical vulnerability (CVE-2026-54423) has been discovered in OpenStack Ironic, allowing an authenticated user to send arbitrary IPMI commands to a node, bypassing access control. This vulnerability has a CVSS score of 8.2 and affects multiple versions of OpenStack Ironic. Immediate patching is recommended to prevent potential exploitation.

1 source
articleCRITICAL 9.8

Critical RCE Vulnerability in Xerte Online Tools (CVE-2026-12116)

A critical vulnerability (CVE-2026-12116) with a CVSS score of 9.8 has been discovered in Xerte Online Tools, allowing for remote code execution (RCE) through manipulation of the antivirus binary path in the tools server settings. This vulnerability affects versions prior to v3.15.5 and 3.14.6. Immediate patching is recommended to prevent potential exploitation.

1 source
newsHIGH 8.5

Critical Heap Buffer Overflow Vulnerability in X.Org xorg-server and xwayland

A critical vulnerability, CVE-2026-55999, with a CVSS score of 8.5, was discovered in X.Org's xorg-server and xwayland. Local attackers with an X connection can exploit this vulnerability to cause a heap buffer overflow via SetFont due to missing glyph boundary checks. Affected versions include xorg-server before 21.2.24 and xwayland before 24.1.13.

1 source
blogHIGH 8.1

Understanding CVE-2026-22555: Unauthorized Repository Forking in Gitea

CVE-2026-22555 is a high-severity vulnerability in Gitea, a popular open-source Git server, that allows API users to fork a repository into an organization without proper authorization. This can lead to exposure of organization secrets. The vulnerability has a CVSS score of 8.1 and affects Gitea versions before 1.26.0.

1 source
newsHIGH 8.3

GeoWebPlayer Vulnerability: CVE-2026-57264

A high-severity vulnerability (CVSS 8.3) exists in GeoWebPlayer, an addon for GeoVision software, allowing for out-of-bound access to arrays via a websocket server command. This could lead to arbitrary code execution. Affected versions include V1.1.1.0 on Windows and 64-bit platforms.

1 source
articleHIGH 8.1

Apify Model Context Protocol (MCP) Server: Actor MCP Path Authority Injection Leaks Apify Token

A vulnerability in `@apify/actors-mcp-server` version `0.10.7` allows an attacker to inject a malicious `webServerMcpPath` value, causing the MCP client to exfiltrate the victim's Apify API token to the attacker's server. This is a Server-Side Request Forgery (SSRF) / URL authority injection vulnerability with a CVSS Base Score of 8.1 (High).

1 source
newsCRITICAL 9.4

Rancher Vulnerable to Command Injection via Unsanitized YAML Parameter (CVE-2026-44939)

A critical command injection vulnerability (CVE-2026-44939, CVSS 9.4) has been identified in Rancher Manager's cluster import endpoint. An attacker can exploit this flaw by injecting malicious YAML configurations, potentially achieving full control over downstream Kubernetes clusters. Affected versions of Rancher must be updated to patched releases to mitigate this vulnerability.

1 source
newsHIGH 8.6

CVE-2026-11590: WP Support Plus Responsive Ticket System SQL Injection Vulnerability

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 is vulnerable to SQL injection attacks. An unauthenticated attacker can exploit this vulnerability to perform malicious SQL queries. The vulnerability has a CVSS score of 8.6, indicating high severity.

1 source
articleHIGH 8.8

Critical Authentication Bypass Vulnerability in Rancher GitHub Authentication Provider (CVE-2026-41053)

A critical vulnerability (CVE-2026-41053) with a CVSS score of 8.8 was discovered in the Rancher GitHub authentication provider. This vulnerability allows for incorrect authentication caching, granting principal access to any logged-in user. Affected versions include Rancher 2.13 before 2.13.6 and 2.14 before 2.14.2. Organizations are urged to upgrade to patched versions immediately to prevent potential authentication bypass attacks.

1 source
newsMEDIUM 5.0

Open Memory Protocol Vulnerability Under Scrutiny

A potential vulnerability in the Open Memory Protocol, used by AI models like Claude, ChatGPT, and Curso, has been identified. Although actively exploited, the severity and impact are still being assessed. Security professionals should investigate and apply necessary mitigations.

1 source
articleMEDIUM 6.0

Memory Safe Context Switching Vulnerability in Fil-C

A vulnerability in Fil-C's context switching mechanism using longjmp and setjmp has been disclosed. This issue relates to memory safety and could potentially lead to security problems if not properly addressed. The vulnerability is not currently being actively exploited. Organizations using Fil-C should review their configurations and update to patched versions if available.

1 source
newsMEDIUM 6.8

Information Exposure Vulnerability in Hitachi Storage Navigator (CVE-2025-7386)

A vulnerability in Hitachi Storage Navigator, tracked as CVE-2025-7386, exposes sensitive information. This medium-severity vulnerability affects various Hitachi Virtual Storage Platform models and versions. Administrators should update to the specified versions to mitigate this vulnerability.

1 source
newsMEDIUM 6.5

CVE-2026-3462: Frisbii Pay Plugin for WordPress Vulnerability

The Frisbii Pay plugin for WordPress has a vulnerability (CVE-2026-3462) that allows authenticated attackers with Subscriber-level access to modify data by uploading arbitrary CSV files. This vulnerability has a CVSS score of 6.5 and affects all versions up to 1.8.9. To mitigate, update the plugin to a patched version.

1 source
articleHIGH 8.3

CVE-2026-2053: WSO2 API Manager WS-Addressing Header Manipulation Vulnerability

A critical vulnerability (CVE-2026-2053) in WSO2 API Manager's message flow component allows unauthenticated attackers to manipulate WS-Addressing headers, potentially leading to unauthorized access to internal network resources. The vulnerability has a CVSS score of 8.3 and is considered high severity. Affected versions include WSO2 API Manager 3.1.0 to 4.2.0. Immediate patching is recommended.

1 source
articleHIGH 8.8

Critical IDOR Vulnerability in Langflow: CVE-2026-33760

A critical IDOR (Insecure Direct Object Reference) vulnerability, CVE-2026-33760, with a CVSS score of 8.8, was discovered in Langflow, a tool for building and deploying AI-powered agents and workflows. This vulnerability allows any authenticated user to read, modify, or permanently delete another user's data by supplying the target's resource ID or flow_id. The vulnerability is fixed in Langflow version 1.9.0. Organizations using Langflow should immediately upgrade to version 1.9.0 or later to mitigate this vulnerability.

1 source
newsMEDIUM 5.0

Anthropic's Fable 5 Model Vulnerability

Anthropic's Fable 5 model, designed to be a safe version of Mythos Preview with guardrails against creating cyberattacks, was jailbroken within days of its release. This incident indicates a potential vulnerability in the model's security measures. Security professionals should assess and enhance the model's guardrails.

1 source
newsHIGH 7.7

CVE-2026-42129: Grafana Loki Datasource Plugin Path Traversal Vulnerability

A path traversal vulnerability in the Grafana Loki datasource plugin allows an authenticated Viewer-role user to access administrative Loki endpoints and extract sensitive backend configuration and internal service information. This vulnerability has a CVSS score of 7.7 and is considered HIGH severity. Affected users should update Grafana OSS to a patched version.

1 source
newsCRITICAL 9.9

Critical Remote Code Execution Vulnerability in Prefect: CVE-2026-5366

A critical vulnerability (CVE-2026-5366, CVSS 9.9) in Prefect version 3.6.23 allows remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. Any user with deployment creation permissions can exploit this flaw to execute arbitrary commands on worker machines, compromising shared work pools in multi-tenant environments. Immediate action is required to mitigate this vulnerability.

1 source
newsMEDIUM 6.1

Cross-Site Scripting Vulnerability in Flowise Before 3.0.8

A cross-site scripting (XSS) vulnerability exists in Flowise before version 3.0.8, caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript, enabling theft of cookies and session data. Users of Flowise should update to version 3.0.8 or later.

1 source
newsHIGH 8.6

Uni-CLI Vulnerability: Legacy HTTP MCP Transport Accepts Browser-Originated Localhost Requests

A vulnerability in Uni-CLI versions before 0.225.2 allows a malicious web page to send CORS simple POST requests to the local /mcp endpoint, potentially driving tools/call requests against the user's local Uni-CLI server. The issue has a CVSS score of 8.6 and is classified as high severity. To mitigate, upgrade to version 0.225.2 or later.

1 source
articleHIGH 8.7

Lokka Azure Resource Manager URL Path Validation Issue: Critical SSRF Vulnerability

A critical Server-Side Request Forgery (SSRF) vulnerability was discovered in Lokka versions prior to 2.1.2. The issue allows attackers to craft malicious URLs that can alter Azure Resource Manager bearer token transmission, potentially leading to unauthorized access. The vulnerability has a CVSS score of 8.7 and is categorized under CWE-918. Immediate patching to version 2.1.2 or later is strongly recommended.

1 source
articleMEDIUM 6.0

Critical Vulnerability in Apple Beats Studio Buds: CVE-2025-20701

A security vulnerability, CVE-2025-20701, has been discovered in Apple Beats Studio Buds by researchers Dennis Heinze and Frieder Steinmetz of ERNW GmbH. This vulnerability has been patched by Apple, but details about its nature and impact are still emerging. Organizations using Beats Studio Buds should apply the security update immediately to mitigate potential risks. The vulnerability's severity and exploitability are currently being assessed.

1 source
blogHIGH 7.0

Understanding and Mitigating Stored XSS in n8n's Chat Trigger Node

A stored XSS vulnerability was discovered in n8n's Chat Trigger Node, allowing authenticated users with workflow edit access to inject arbitrary JavaScript. This could lead to code execution with the privileges of a logged-in user. The vulnerability has been patched in several n8n versions.

1 source
newsHIGH 7.2

n8n Microsoft SQL Node Vulnerability Allows Prototype Pollution

A vulnerability in the Microsoft SQL node of n8n allows authenticated users to achieve global prototype pollution, rendering the n8n instance non-functional. The issue has been fixed in n8n version 2.24.0.

1 source
blogHIGH 7.7

Understanding the Radius Controller Vulnerability: Preventing Cross-Tenant Resource Deletion

A configuration-validation issue in the Radius Kubernetes controller can cause it to delete a container resource via an injected Deployment annotation. This vulnerability, known as the 'Confused Deputy' pattern, can have significant impacts in multi-tenant installations.

1 source
newsHIGH 8.4

PDM Vulnerability Allows Arbitrary Code Execution

A vulnerability in PDM (Python package manager) allows arbitrary code execution with the privileges of the user running `pdm` from an untrusted repository checkout.

1 source
newsHIGH 8.0

Siemens KACO Blueplanet Inverters Contain Multiple Vulnerabilities

Multiple vulnerabilities in Siemens KACO Blueplanet Inverters could allow an attacker to derive credentials from the device's serial number and gain unauthorized access.

1 source
blogCRITICAL 9.0

Understanding the Netty QUIC Token Handler Vulnerability

A vulnerability in Netty's default QUIC token handler allows an attacker to bypass anti-amplification limits, potentially leading to denial-of-service attacks. The issue arises from the token handler's improper validation of client-supplied tokens.

1 source
newsHIGH 8.0

Netty SNI Handler Vulnerability Allows for Large Memory Allocation

A vulnerability in Netty's SNI handler allows for large memory allocation from a small amount of attacker-controlled data, potentially leading to a denial-of-service attack.

1 source