< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2054 articles · page 11 of 103

Microsoft fixes Windows 11 KB5089549 install failures

🔧 Microsoft has fixed a known issue that caused installation failures and 0x800f0922 errors for the May 2026 Windows 11 security update (KB5089549). The failures were triggered by insufficient free space on the EFI System Partition (ESP), causing updates to rollback during reboot at roughly 35–36% completion. The fix is included in the May 26, 2026 preview cumulative update (KB5089573) and will be made available broadly in the June Patch Tuesday updates, with mitigation options for enterprises via Known Issue Rollback or Group Policy.
read more →

Critical WP Maps Pro Flaw Enables Site Takeover

🛡️ WP Maps Pro, a popular WordPress plugin, contains a critical privilege escalation vulnerability (CVE-2026-8732) that allows unauthenticated attackers to create administrator accounts and take over sites. The flaw affects all versions up to 6.1.0 and was fixed in 6.1.1. Security researcher David Brown reported the issue, and Wordfence has observed active exploitation attempts. Site owners must update immediately to mitigate ongoing attacks.
read more →

Palo Alto fixes auth-bypass in GlobalProtect VPN

🔒 Palo Alto Networks patched CVE-2026-0257, an authentication bypass on the GlobalProtect portal and gateway, after attackers began exploiting the flaw. Initially rated medium, the issue was raised to high severity following multiple exploitation attempts on unpatched PAN-OS devices. Rapid7 observed forged-cookie probes and VPN IP assignment to internal networks, prompting urgent patching guidance. CISA added the vulnerability to its KEV Catalog and federal agencies must remediate by June 1.
read more →

Critical WP Maps Pro Bug Lets Attackers Create Admins

🔒 A critical vulnerability in WP Maps Pro (CVE-2026-8732) allowed unauthenticated attackers to create administrator accounts via a flawed "temporary access" AJAX endpoint. Discovered by researcher David Brown, the issue affected versions 6.1.0 and older and relied on a publicly exposed nonce in frontend JavaScript, making protections ineffective. Defiant observed active exploitation attempts and blocked thousands of requests, and the vendor released WP Maps Pro 6.1.1 to address the flaw. Site owners are urged to update immediately to prevent account takeover and persistent backdoors.
read more →

New CIFSwitch Linux flaw grants local root access

🛡️ A local privilege escalation named CIFSwitch in the Linux kernel allows forging of CIFS authentication key descriptions and abuse of the kernel key request flow, enabling root privilege escalation. The vulnerability affects kernels paired with vulnerable cifs-utils (6.14+) on several major distributions when user namespaces and permissive SELinux/AppArmor settings are present. The attacker can trigger a privileged cifs.upcall to trust attacker-controlled fields, force a namespace switch, and load a malicious NSS module before privilege drop. A kernel patch validating cifs.spnego request origins is available upstream; mitigations include disabling the CIFS module, removing cifs-utils, and disabling unprivileged user namespaces.
read more →

Notepad++ XML flaws allow local arbitrary code execution

🔒 Two High-severity vulnerabilities in Notepad++ (CVE-2026-48778 and CVE-2026-48800, CVSS 7.8) let local attackers run arbitrary commands by tampering with the editor’s XML configuration files. Both issues affected versions up to 8.9.6 and were patched in 8.9.6.1 along with a lower-severity crash bug (CVE-2026-48770). The flaws stem from unvalidated values in shortcuts.xml and config.xml, enabling persistence and stealthy execution if an attacker can write to a user’s AppData or supply a poisoned settings folder.
read more →

Unpatched critical Gogs vulnerability highlights open-source risks

🔒 A critical argument-injection vulnerability in the self-hosted Git service Gogs allows any authenticated user to execute code remotely by submitting a pull request with a malicious branch name. Discovered by a Rapid7 researcher, the flaw remains unpatched after months and the Gogs maintainer did not respond to disclosure requests. Rapid7 warns default configurations permit easy account and repo creation, enabling exploitation without admin privileges. Organizations using Gogs should restrict network access and disable self-registration until a fix is available.
read more →

Critical Gogs zero-day enables remote code execution

🛡️ An unpatched zero-day in the Gogs self-hosted Git service allows authenticated non-admin users to gain remote code execution on Internet-facing instances. The flaw, an argument injection in the Merge() code path affecting Gogs 0.14.2 and 0.15.0+dev, can be exploited via malicious branch names during a rebase-merge operation. Researcher Jonah Burges reported the issue in March; maintainers have acknowledged but not yet patched it. Shadowserver and Shodan count thousands of exposed Gogs servers, many with default open registration enabled.
read more →

Hard-coded Credentials in USR-W610 Converter Exposed

🔒 The USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter from Jinan USR IOT Technology Limited contains plaintext administrative credentials embedded in its firmware. These hard-coded credentials can be extracted through firmware analysis and used to authenticate to device services, enabling potential administrator access. CISA reports no confirmed public exploitation and encourages users to contact the vendor and apply updates where available. Mitigations include network segmentation, firewalling, and using secure remote access methods such as VPNs with current updates.
read more →

Supply Chain Intrusions Target Developer Tooling

🔒 CISA is addressing multiple software supply chain intrusions that target developer ecosystems, specifically CI/CD pipelines, code extensions, and workflows. A malicious Nx Console VS Code extension (version 18.95.0) exploited a prior compromise of Nx developer systems to access a GitHub employee’s device, leading to unauthorized access and exfiltration of internal repositories and assignment of CVE-2026-48027. The “Megalodon” campaign injected malicious GitHub Action workflows to harvest CI/CD secrets, cloud credentials, and tokens. CISA urges organizations to detect and remediate potential compromises and implement recommended best practices for package repositories and CI/CD security.
read more →

CP Plus NVR Stored XSS Advisory and Mitigation

📣 A stored Cross-Site Scripting (XSS) vulnerability affects certain CP Plus 8-channel NVR 1xxx series devices due to insufficient input sanitization. Successful exploitation can execute malicious scripts in the browsers of authenticated users and administrators, risking session hijacking, unauthorized actions, and data exposure. CP Plus recommends updating device firmware to the listed version and contacting support for upgrade assistance. CISA also advises network isolation, limiting internet exposure, and following established ICS defensive practices.
read more →

XCharge C6 charger firmware and access vulnerabilities

🔒 CISA reports critical vulnerabilities in the XCharge C6 electric vehicle charging controller that could allow attackers to gain administrator rights or execute arbitrary code. A firmware update mechanism lacks signature validation, a stack-based buffer overflow exists in signal processing, and a management service exposes default credentials over the charging interface. XCharge has deployed updates for affected units; users should contact XCharge Support for details.
read more →

ABB Busch‑Welcome Door Opener: Debug Code Risk

🔒 ABB has identified an authentication bypass in specific Busch‑Welcome 2 Wire Door Opener Actuator versions due to active debug code and a compatibility mode enabled by default. Exploitation could allow unauthorized physical access to buildings where the device is installed. ABB provides an on‑site mitigation: toggle the product mode from "Door‑Open" to "Light" and back, then perform a mains power restart to force recalibration. CISA republishes the vendor advisory and recommends network isolation, minimized exposure, and use of secure remote access methods such as updated VPNs while encouraging organizations to follow ICS security best practices.
read more →

Critical unauthenticated password reset in KMW cameras

🔒 The advisory details a critical vulnerability in KMW CCTV Security Cameras that allows an unauthenticated attacker to reset the administrator password to a known value, granting full access to camera feeds and settings. Vendor firmware (KM-IP421) is available to address the issue, though it may require re-authorizing cloud P2P connections. CISA urges network segmentation, restricted internet access, regular firmware updates, and other defensive measures to reduce exposure.
read more →

Frontier X2 BLE Authentication Vulnerability Alert

🔒 The Frontier X2 wearable and its companion Frontier X mobile app are affected by a vulnerability allowing unauthenticated BLE read/write access to critical GATT characteristics, enabling attackers in range to control device functions and inject fabricated health telemetry. Fourth Frontier is developing a fix; users should contact the vendor for assistance and connect the device to only one app at a time. CISA recommends isolating control networks, minimizing exposure, using secure remote access, and following ICS defensive best practices to reduce exploitation risk.
read more →

VDR G4e Firmware Update Fixes Credential Flaws

🔒 The MacGregor Voyage Data Recorder (VDR) G4e contains multiple credential management vulnerabilities, including default and hard-coded credentials, weak password hashing, and accessible authentication files that can allow an attacker to gain administrator access. Danelec has released firmware V5.250 to address these issues and users are urged to update at the next service attendance rather than waiting for annual maintenance. CISA recommends minimizing network exposure, isolating control networks behind firewalls, and using secure remote access methods such as up-to-date VPNs while performing risk assessments prior to deployment of mitigations.
read more →

ABB EIBPORT XSS Vulnerability and Firmware Patch

🔒 ABB disclosed a cross-site scripting vulnerability in affected ABB EIBPORT firmware versions that can expose session identifiers and allow unauthorized access. A firmware update is available that modifies session and credential handling and hardens product configuration. ABB recommends applying the update promptly and following network segmentation and firewall best practices to reduce exposure.
read more →

DICOM Heap Overflows: Orthanc, pydicom, GDCM Risks

🔍 This white paper examines DICOM parsing risks and demonstrates how malformed medical images can lead to heap overflow vulnerabilities during ingestion. It outlines a concrete case where an Orthanc server is targeted during image upload, producing an out-of-bounds write. The analysis highlights interactions between pydicom, GDCM, and Orthanc, and emphasizes the importance of robust parsing and hardening in PACS environments.
read more →

Starlette flaw enables auth bypass in FastAPI stacks

🔒 A single malformed character in a web request can allow unauthenticated attackers to bypass access controls in applications built on Starlette, the Python framework behind FastAPI. X41 D‑Sec disclosed the vulnerability (CVE‑2026‑48710) after finding it in a source‑code audit; Starlette’s maintainer released a patch via GitHub. The flaw stems from inconsistent parsing of the Host header when rebuilding request addresses, causing middleware to see a different path than the router. Researchers warn many model‑serving and AI infrastructure components are exposed unless a compliant reverse proxy rejects malformed Host headers.
read more →

Four MediaInfoLib Heap Buffer Overflows Patched

🛡️ Cisco Talos disclosed four heap-based buffer overflow vulnerabilities in the MediaArea MediaInfoLib (v26.01) library, all of which can lead to arbitrary code execution when processing a malicious media file. The issues were found by Dimitrios Tatsis of Talos and have been patched by the vendor per Cisco’s third-party disclosure policy. Users can obtain Snort rules to detect exploitation and consult Talos for vulnerability advisories. Administrators should update MediaInfoLib to the vendor-released fixed versions promptly.
read more →