< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2062 articles · page 44 of 104

CISA Adds Two Actively Exploited Flaws in Roundcube

⚠️ CISA has added two Roundcube webmail vulnerabilities — CVE-2025-49113 and CVE-2025-68461 — to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. CVE-2025-49113 (CVSS 9.9) is an authenticated deserialization flaw allowing remote code execution via an unvalidated _from parameter and was fixed in June 2025. CVE-2025-68461 (CVSS 7.2) is an XSS triggered by the SVG animate tag and was patched in December 2025 in Roundcube releases 1.6.12 and 1.5.12. Researchers reported weaponization within 48 hours and an exploit was offered for sale; FCEB agencies must remediate by March 13, 2026.
read more →

CISA: BeyondTrust RCE Now Exploited in Ransomware Attacks

🔒 CISA warns that CVE-2026-1731, a pre-authentication remote code execution flaw in BeyondTrust Remote Support and Privileged Remote Access, is being actively exploited in ransomware attacks. The issue is an OS command injection reachable via specially crafted client requests and was added to the Known Exploited Vulnerabilities catalog on February 13. BeyondTrust reports the cloud (SaaS) was auto-patched on February 2; self-hosted customers must enable updates or install Remote Support 25.3.2 or Privileged Remote Access 25.1.1 and later.
read more →

Critical BeyondTrust Flaw Used to Deploy Web Shells

🔒 Palo Alto Networks Unit 42 reports active exploitation of a critical sanitization bug in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA), tracked as CVE-2026-1731 (CVSS 9.9), that allows OS command execution via the thin-scc-wrapper WebSocket interface. Threat actors have used the flaw for reconnaissance, deploying web shells and backdoors (including VShell and Spark RAT), lateral movement, and data theft. Multiple sectors across several countries are affected, and CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog.
read more →

CISA Adds Two RoundCube Vulnerabilities to KEV Catalog

⚠️ CISA has added two RoundCube Webmail vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-49113 (deserialization of untrusted data) and CVE-2025-68461 (cross-site scripting). These issues are tied to observed active exploitation and present significant risk to enterprise networks. Under BOD 22-01, Federal agencies must remediate cataloged CVEs by their due dates; CISA also urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

Amazon RDS for Oracle: January 2026 Release Update

🔔 Amazon RDS for Oracle now supports the Oracle January 2026 Release Update (RU) for Oracle Database versions 19c and 21c, and the corresponding Spatial Patch Bundle for 19c. The January 2026 RU includes important security updates, while the Spatial Patch Bundle delivers fixes to improve Oracle Spatial and Graph reliability and performance. You can apply these updates via the AWS Management Console, AWS SDK, or CLI, enable Automatic Minor Version Upgrade to apply during maintenance windows, and use AWS Organizations upgrade rollout policy to stagger upgrades across environments.
read more →

Critical Pre-auth RCE in BeyondTrust Remote Support

🚨 On Feb. 6, 2026, BeyondTrust published an advisory for CVE-2026-1731, a critical pre-auth remote code execution vulnerability affecting BeyondTrust Remote Support and some Privileged Remote Access deployments. The flaw allows unauthenticated attackers to inject shell commands via the WebSocket remoteVersion field during the handshake, resulting in OS command execution as the site user. Unit 42 observed active exploitation that included web shells, C2 traffic, account tampering and data theft. Immediate patching for self-hosted appliances and engagement of incident response if compromise is suspected are recommended.
read more →

Windows Admin Center: Microsoft Patches Privilege Bug

🔒 Microsoft disclosed and patched a high-severity flaw in Windows Admin Center that could allow an attacker to escalate privileges. Tracked as CVE-2026-26119 with a CVSS score of 8.8, Microsoft credited Semperis researcher Andrea Pierini and included the fix in Windows Admin Center version 2511 (Dec 2025). The vendor described the issue as improper authentication and tagged it as Exploitation More Likely; technical details are currently restricted. Administrators are advised to apply the update promptly and restrict access to the management endpoint.
read more →

Critical RCE in Grandstream GXP1600 VoIP Phones Exposed

🛡️ A critical stack-buffer overflow in Grandstream GXP1600 VoIP phones allows unauthenticated remote attackers to gain root and silently eavesdrop. Tracked as CVE-2026-2329 (CVSS 9.3), the issue affects six GXP1600 models running firmware before 1.0.7.81 and stems from an unauthenticated web API that fails to validate colon-delimited input. Rapid7 developed a Metasploit module to demonstrate the exploit; Grandstream issued firmware 1.0.7.81 on February 3 to address the vulnerability—apply updates immediately.
read more →

CISA orders feds to patch Dell RecoverPoint vulnerability

🔐 CISA has directed Federal Civilian Executive Branch agencies to apply fixes within three days for a maximum-severity hardcoded-credential flaw in Dell RecoverPoint (CVE-2026-22769) after active exploitation was observed since mid-2024. Researchers at Mandiant and the Google Threat Intelligence Group link the activity to UNC6201, which deploys multiple payloads including a new Grimbolt backdoor. CISA added the issue to its Known Exploited Vulnerabilities catalog and invoked BOD 22-01 guidance, urging mitigations or product discontinuation if patches are unavailable.
read more →

Six high-to-critical vulnerabilities discovered in OpenClaw

🔍 Endor Labs found six high-to-critical flaws in the open-source AI agent framework OpenClaw, including SSRF paths, missing webhook verification, authentication bypasses, and a path traversal in browser uploads. The team used an AI-driven SAST engine to trace attacker-controlled data flows and produced working proof-of-concept exploits that confirmed real-world exploitability. OpenClaw maintainers were notified and have published patches and security advisories addressing the issues.
read more →

Welker OdorEyes XL4 Controller Missing Authentication

🛡️ The Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller contains an authentication vulnerability tracked as CVE-2026-24790 that permits remote influence of the underlying PLC without proper safeguards. Successful exploitation could cause over- or under-odorization events, impacting safety and process control. CISA rates this issue High (CVSS 3.1 8.2) and recommends contacting Welker, minimizing network exposure, isolating control networks, and using secure remote-access methods such as updated VPNs.
read more →

PUSR USR-W610 Router: Multiple Critical Flaws - No Patch

⚠ The PUSR USR-W610 Wi‑Fi router contains multiple vulnerabilities that can disable authentication, expose credentials in transit and in the UI, and permit deauthentication-based denial-of-service. Affected firmware versions are <= 3.1.1.0; the most severe issue carries a CVSSv3 base score up to 9.8. The vendor has declared the product end-of-life and does not plan to issue patches. CISA advises minimizing network exposure, isolating affected devices behind firewalls, and using secure remote-access methods while applying other compensating controls.
read more →

EnOcean SmartServer IoT: Remote Code Execution Risk

🔒A pair of vulnerabilities in EnOcean SmartServer IoT firmware (<=4.60.009) can be exploited via crafted LON IP-852 management messages to execute arbitrary OS commands or trigger memory corruption. CVE-2026-20761 (command injection) carries a CVSS 3.1 score of 8.1 and permits remote command execution; CVE-2026-22885 is an out-of-bounds read (CVSS 3.1 score 3.7) that can leak memory. EnOcean advises updating to SmartServer 4.6 Update 2 (v4.60.023) or later, and CISA recommends isolating devices, avoiding internet exposure, using secure remote access, and monitoring for suspicious activity.
read more →

Valmet DNA Engineering Web Tools Vulnerability Overview

🛡️ An unauthenticated attacker can exploit a path traversal vulnerability in Valmet DNA Engineering Web Tools (CVE-2025-15577) by manipulating the web maintenance services URL to obtain arbitrary file read access. The issue is an instance of Improper Limitation of a Pathname to a Restricted Directory (CWE-22) and is rated CVSS 3.1 8.6 (High). Valmet has released a fix and recommends customers contact their automation customer service for remediation assistance. CISA advises reducing internet exposure for control system devices, isolating networks behind firewalls, and applying defense-in-depth controls.
read more →

Flaws in Popular IDE Extensions Risk Data Exfiltration

🔒 Researchers at OX Security discovered four vulnerabilities in popular IDE extensions that enable local file access, arbitrary code execution and data exfiltration. Affected platforms include Microsoft Visual Studio Code and forks Cursor and Windsurf, with the vulnerable extensions collectively downloaded over 128 million times. Three of the issues were assigned CVEs after disclosure; one Live Preview flaw was quietly fixed by Microsoft.
read more →

Researchers Reveal Six New High-Risk OpenClaw Flaws

🔒OpenClaw has patched six vulnerabilities disclosed by Endor Labs, including SSRF, missing webhook authentication and a path traversal issue that range from moderate to high severity. The set includes CVE-2026-26322 (Gateway SSRF, CVSS 7.6), CVE-2026-26319 (Telnyx webhook auth bypass, CVSS 7.5) and several GitHub Security Advisories such as GHSA-56f2-hvwg-5743. Endor warns that agent frameworks’ multi-layered architectures mean vulnerabilities can span files and components, requiring data-flow analysis and layered validation to mitigate exploitation. SecurityScorecard also flagged many publicly exposed OpenClaw instances, raising enterprise risk.
read more →

Critical Honeywell CCTV Auth Bypass Threat to Devices

🔒 CISA has issued an advisory for a critical Honeywell CCTV vulnerability tracked as CVE-2026-1670. An unauthenticated API endpoint can be abused to change the account recovery email, enabling account takeover and unauthorized access to camera feeds. The advisory lists several mid-range models; Honeywell users should contact support and limit network exposure until vendor guidance or patches are available.
read more →

Critical RCE in Grandstream GXP1600 VoIP Phones Exposed

⚠️ Researchers disclosed an unauthenticated stack-based buffer overflow (CVE-2026-2329) in Grandstream GXP1600-series VoIP phones that can yield remote code execution as root. The flaw lies in the web API endpoint /cgi-bin/api.values.get, where a malformed colon-delimited "request" parameter overruns a 64-byte stack buffer. Affected models include GXP1610/1615/1620/1625/1628/1630; Grandstream released firmware 1.0.7.81 to fix the issue. Rapid7 published a Metasploit module demonstrating exploitation and post-exploitation risks such as credential theft and SIP proxy hijacking.
read more →

Critical Flaws in Four Popular VS Code Extensions Reported

⚠️ OX Security researchers disclosed multiple high-severity vulnerabilities in four widely used VS Code extensions — Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview — collectively installed more than 125 million times. The flaws can enable local-file exfiltration, arbitrary JavaScript execution, and settings-based code execution; three remain unpatched while Microsoft fixed an XSS-style issue in Live Preview in version 0.4.16 (September 2025). Researchers advise disabling or uninstalling non-essential or untrusted extensions, avoiding untrusted configurations, keeping extensions updated, and hardening local networks and firewalls.
read more →

Critical VS Code Extension Flaws Expose 128M Installs

🔒 OX Security disclosed critical and high-severity vulnerabilities in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, and local network reconnaissance. Three CVEs were published; Microsoft privately patched Live Preview. The flaws also affected AI-powered IDEs Cursor and Windsurf, and OX Security said three maintainers did not respond to notifications. Researchers urge immediate updates, disabling unused extensions, and avoiding untrusted sites while localhost servers run.
read more →