< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2054 articles · page 12 of 103

Gitea flaw lets unauthenticated users pull private images

🔒 Researchers disclosed a vulnerability in Gitea that allowed unauthenticated remote attackers to pull private container images from affected deployments without credentials. Tracked as CVE-2026-27771, the issue affects all Gitea versions prior to 1.26.2, which contains the fix. Noscope estimates more than 30,000 deployments globally may be impacted, spanning healthcare, aerospace, retail, and ISPs. Users are advised to update to 1.26.2 or enable REQUIRE_SIGNIN_VIEW as a temporary mitigation.
read more →

Windows 11 KB5089573 preview brings performance fixes

🔧 Microsoft released the KB5089573 preview cumulative update for Windows 11 25H2 and 24H2, delivering 30 non-security changes focused on performance and reliability. The optional May 2026 update accelerates app launch and core shell experiences (Start, Search, Action Center) and improves Windows Hello sign-in behavior and reliability. It also addresses File Explorer stability, touch gestures, Modern Standby resume performance, and reduces authentication blocks for Windows Hello Enhanced Sign-in Security. Devices upgrade to builds 26200.8524 and 26100.8524 and updated Secure Boot certificates are being phased in ahead of expiring 2011 certificates.
read more →

ABB B&R Automation Runtime SDM Denial of Service

🔒 An Improper Resource Locking vulnerability in the System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network attacker to delete data and cause denial of service. The vendor corrected the issue in Automation Runtime 6.3 and Q4.93 and notes SDM is disabled by default in AR 6. B&R recommends applying updates, restricting SDM access, using TLS/mutual TLS, and limiting webserver access to trusted IPs.
read more →

ABB AC500 V2 Modbus Buffer Over-read Advisory

🛡️ The advisory details a buffer over-read vulnerability in ABB AC500 V2 devices that can cause Modbus server responses to include fragments of earlier telegrams. Affected devices running older firmware may return invalid or appended data when presented with unsupported Modbus function codes. ABB issued a fix in AC500 V2 firmware version 2.5.3 (2016) and later; operators are urged to update and minimize network exposure. CISA republished the vendor advisory to raise visibility and recommends isolating control networks and using secure remote access.
read more →

ABB Camera Connect VLC Component Vulnerabilities

🔔 ABB disclosed that several vulnerabilities exist in the VLC media player component delivered with older ABB Ability Camera Connect installers (≤ 1.5.0.14). An update (Camera Connect 1.5.0.15) and standalone VLC updates are available to remediate multiple memory-corruption and path-related issues. ABB notes that most deployments are air-gapped and isolated, which significantly reduces exposure and remote exploitability, but recommends applying updates at the earliest convenience.
read more →

ABB zenon Remote Transport Missing Authentication

🔒 ABB has identified a vulnerability in affected versions of the ABB Ability™ zenon Remote Transport Service that permits unauthorized use of the Reboot OS function, allowing an attacker to trigger a system reboot without required authentication. Remote exploitation requires prior access to the target network. Vendors report no evidence of active exploitation at this time. Workarounds include restricting network access and disabling the zensyssrv.exe service when Remote Transport is not needed.
read more →

ABB LVS MConfig: Cleartext Memory Exposure Fix

🔒 ABB disclosed a vulnerability in MConfig affecting versions listed by the vendor that allows sensitive data to be stored in cleartext in memory. An attacker with physical or local host access could export a memory dump that may include plaintext passwords. ABB released MConfig version 1.4.9.22 to remediate the issue and recommends applying defensive measures from the product manual.
read more →

Eppendorf BioFlo 320 VNC Hard‑coded Password Risk

🔒 The Eppendorf BioFlo 320 is affected by a high‑severity vulnerability (CVSS 9.8) due to a VNC server that uses a hard‑coded password. If remote access is enabled and an attacker knows the device's network address, they can gain full control of the controller interface; VNC traffic is unencrypted. Eppendorf has released Version 5.0 software that removes VNC access and urges users to verify VNC is disabled and restrict configuration changes to Admin and Supervisor roles.
read more →

ABB Terra AC Heap Overflow Risks and Fixes

🔒 ABB reported a heap-based buffer overflow in select Terra AC EV chargers that can be triggered via crafted OCPP messages. Exploitation may allow heap pollution, denial-of-service, altered firmware behavior, or possible remote code execution; the vendor has released patched firmware versions. ABB strongly recommends avoiding unencrypted HTTP for OCPP connections and applying updates promptly to mitigate remote exploitation risks.
read more →

Microsoft fixes critical SharePoint remote code flaw

🛡️ Microsoft released updates to address a SharePoint remote code execution vulnerability, CVE-2026-45659, rated CVSS 8.8 and classified as Important. The flaw involves deserialization of untrusted data, allowing an authenticated attacker with minimal Site Member permissions to execute code over a network without elevated privileges. Microsoft credited researcher MEOW for the discovery and urged administrators to apply the updates for affected SharePoint versions. The advisory follows recent fixes for other SharePoint issues that have been exploited in the wild.
read more →

CISA orders federal patching for exploited Drupal flaw

🛡️ CISA has mandated U.S. federal agencies to patch an actively exploited SQL injection vulnerability in the Drupal CMS (CVE-2026-9082) by the specified deadline. Discovered by Google/Mandiant researcher Michael Maturi, the flaw affects Drupal's database abstraction API and allows unauthenticated SQL injection against PostgreSQL-backed sites. The Drupal team labelled the bug highly critical and released fixes after observing exploitation in the wild; Shadowserver reports nearly 670 exposed installations. CISA added the issue to its KEV Catalog and urged all organizations to apply vendor mitigations immediately.
read more →

Windows Server 2016 DC lookup fails with KB5087537

🔔 Microsoft confirmed a known issue where domain controller discovery may fail on Windows Server 2016 after installing the KB5087537 May 2026 security update. The problem affects only systems whose hostnames are exactly 15 characters long, causing DCLocator calls to return ERROR_INVALID_PARAMETER. This can prevent applications and admin tools from locating domain controllers and may disrupt administrative scenarios such as DFS Namespace management.
read more →

LiteSpeed cPanel plugin bug allows root script execution

🔐 A critical vulnerability, CVE-2026-48172 (CVSS 10.0), in the LiteSpeed User-End cPanel Plugin allows privilege escalation via the lsws.redisAble function, enabling arbitrary scripts to run as root. The flaw affects plugin versions 2.3 through 2.4.4 and is being actively exploited; LiteSpeed fixed it in v2.4.5 and later bundled releases. Administrators are urged to upgrade to cPanel plugin v2.4.7 (with WHM plugin v5.3.1.0) or uninstall the user-end plugin if immediate patching is not feasible.
read more →

CISA Adds Drupal SQL Injection to KEV Catalog

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SQL injection flaw in Drupal Core (CVE-2026-9082, CVSS 6.5) to its Known Exploited Vulnerabilities list after evidence of active exploitation. The vulnerability affects all supported Drupal Core versions and could enable privilege escalation and remote code execution via crafted requests using the database abstraction API. Patches were released across multiple 8.x–11.x branches, with manual patches required for Drupal 9.5 and 8.9.
read more →

Chromium flaw allows persistent Service Worker abuse

🛡️ Chromium contains an unpatched vulnerability that lets attackers keep a Service Worker alive across restarts and execute JavaScript persistently. Reported by researcher Lyra Rebane, the bug abuses the Background Fetch API and a race that creates and aborts background fetches to evade UI visibility. Although some UI fixes were applied in 2023, the deeper issue—preventing indefinite Service Worker lifetimes—remains unresolved and can enable tracking, crypto mining, and browser-based bots.
read more →

BootROM flaw in Qualcomm chips lets attackers persist

🔒 Kaspersky researchers disclosed CVE-2026-25262, a BootROM-level flaw in Qualcomm’s Sahara/EDL implementation that enables arbitrary write operations during device recovery. The bug, a CWE-123 Write-What-Where condition in the ARM Primary Boot Loader, permits attackers with brief physical access via USB to upload and execute malicious code before the OS boots. Qualcomm confirmed the issue, issued a security bulletin, and pledged fixes for future silicon while advising mitigation steps for affected devices.
read more →

Trend Micro Apex One zero-day exploited in attacks

🛡️ Trend Micro disclosed a zero-day in its Apex One on-premises server (CVE-2026-34926), a directory traversal flaw that can let a local attacker with administrative access inject malicious code to be deployed to agents. The vendor noted the bug is restricted to on-prem installations and requires prior admin credentials, but observed at least one attempted exploitation in the wild. CISA added the vulnerability to its actively exploited list and ordered federal agencies to patch by June 4, while Trend Micro also released fixes for seven related SEP agent privilege escalation issues.
read more →

Drupal SQL injection flaw now being exploited

🔒 Drupal has warned administrators that a "highly critical" SQL injection vulnerability, tracked as CVE-2026-9082, is being actively targeted in the wild. Discovered by Google/Mandiant researcher Michael Maturi, the flaw affects Drupal's database abstraction API and allows specially crafted requests to trigger arbitrary SQL injection on sites using PostgreSQL. Exploitation requires no authentication and can lead to remote code execution, privilege escalation, and data disclosure; Drupal has released updates and urges immediate patching.
read more →

Ubiquiti patches three max-severity UniFi OS flaws

🛡️ Ubiquiti issued updates addressing three maximum-severity vulnerabilities in UniFi OS that allow remote, unauthenticated attackers to modify systems, read files via path traversal, and perform command injection after gaining network access. Additional fixes include another critical command injection and a high-severity information disclosure issue. The flaws were reported via HackerOne and can be exploited with low complexity; Ubiquiti has not confirmed any in-the-wild exploitation. Censys reports nearly 100,000 Internet-exposed UniFi OS endpoints, with about 50,000 in the United States, though it is unclear how many have been remediated.
read more →

CISA Adds Langflow and Apex One to KEV Catalog

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two flaws — CVE-2025-34291 in Langflow and CVE-2026-34926 in Trend Micro Apex One — to its Known Exploited Vulnerabilities (KEV) list citing active exploitation. CVE-2025-34291 (CVSS 9.4) enables arbitrary code execution via origin validation and chained weaknesses, exposing stored tokens and API keys. CVE-2026-34926 (CVSS 6.7) is a directory traversal affecting on-premise Apex One, requiring server access and admin credentials to exploit. Federal agencies must patch by June 4, 2026.
read more →