< ciso
brief />
Tag Banner

All news with #vulnerability disclosure tag

573 articles · page 2 of 29

CERT/CC warns of hidden admin backdoor in Tenda

🔒 The CERT Coordination Center (CERT/CC) has disclosed that multiple Tenda router firmware versions contain an undocumented authentication backdoor (CVE-2026-11405) that allows attackers to bypass password checks and gain administrative access. The backdoor resides in the login() function of the /bin/httpd binary and compares a submitted password to a configuration-stored value obtained via GetValue("sys.rzadmin.password"). Any username is accepted when the backdoor password matches, enabling full device takeover. Users should disable remote management and change default LAN IPs while a patch is pending.
read more →

Critical Opera GX mod flaw allowed cross‑site data theft

🔒 An independent researcher discovered a critical vulnerability in Opera GX where GX Mods auto-install on download with no permission prompt, allowing an attacker to inject CSS across all pages. This behavior enabled a zero-click XS-Leak to recover a victim's Gmail address and facilitated a DoS crash when mods were forced into private mode. The issue was reported in February, patched on May 8, and the PoC was published on July 3.
read more →

Max-severity Adobe ColdFusion flaw being actively exploited

🔧 Adobe has issued emergency updates to fix a maximum-severity ColdFusion vulnerability (CVE-2026-48282) that is now being actively exploited, the Canadian Center for Cyber Security (CCCS) warned. The flaw affects ColdFusion 2025.9, 2023.20, and earlier, enabling unauthenticated remote code execution on unpatched systems. Adobe urges administrators to install the patch immediately, and Shadowserver reports nearly 800 exposed ColdFusion instances online.
read more →

Opera GX auto-install flaw allowed silent data leaks

🛡️ Researchers discovered a flaw in the gaming-focused Opera GX browser that allowed malicious websites to silently auto-install a GX Mod (a .crx look-and-feel package) and use its CSS to extract specific data from pages a victim visited. In a proof of concept, the team reconstructed a signed-in user's full Gmail address from a single visit, with no clicks required. Opera patched the issue in Opera GX version 130.0.5847.89, labeled the bug P1, paid the $5,000 maximum bounty, and reported no evidence of in-the-wild exploitation. There was no practical workaround prior to the patch.
read more →

Seven vulnerabilities disclosed in ubiquitous FatFs library

🔒 Security firm runZero disclosed seven vulnerabilities in the FatFs filesystem library used to read FAT/exFAT on many embedded devices. The bugs—rated Medium to High—can lead to memory corruption, crashes, data leaks, or code execution when a device mounts malformed media or firmware images. Only the GPT hang issue is fixed upstream; most fixes must come from downstream vendors who bundle FatFs. runZero published PoCs and urges vendors and integrators to audit wrappers and treat physical ports and update channels as attack surfaces.
read more →

Bad Epoll kernel flaw lets local users become root

🛡️ A newly disclosed Linux kernel vulnerability, Bad Epoll (CVE-2026-46242), allows an ordinary local user to escalate privileges to root and affects Linux desktops, servers, and Android. The flaw is a use-after-free race in the epoll subsystem; the timing window is tiny but an exploit by researcher Jaeyoung Chung widens it and succeeds reliably. A fix is available upstream (commit a6dc643c6931) and distributions should backport it; kernels built on 6.4+ are affected unless patched.
read more →

Researcher Publishes Mass Open-Source Exploit Dump

🔍 A pseudonymous researcher published an 'Exploitarium' GitHub repository containing over 30 proof-of-concept exploits for zero-day vulnerabilities in many open-source projects without prior vendor notification. The dump, shared from June 27 onwards, targets projects like libssh2, FFmpeg, 7-Zip, Gitea, PHP and others, and the author claims AI-assisted fuzzing using OpenAI models. The release bypassed coordinated vulnerability disclosure, drew debate across the security community, and has led to some CVEs and patches, while others remain under review.
read more →

Argo CD flaw highlights GitOps as tier-zero risk

🔒 A critical vulnerability in Argo CD repo-server exposes risks inherent to GitOps platforms. Synacktiv found the unauthenticated GenerateManifest gRPC endpoint can be abused via Kustomize/Helm options to execute commands if an attacker can reach both the repo-server and Redis ports. The issue affects typical Helm deployments where Kubernetes network policies are not enabled by default, enabling lateral movement from a compromised pod. Synacktiv disclosed details July 1, 2026 and recommends strict network segmentation until a patch is available.
read more →

Critical Cursor sandbox escape bugs demand urgent patch

🛡️ Two high-severity flaws in the Cursor AI code editor allow a crafted prompt to escape the editor's sandbox and execute arbitrary commands on a developer's machine without any user interaction. Discovered by Cato AI Labs as DuneSlide and tracked as CVE-2026-50548 and CVE-2026-50549 (both rated 9.8), the issues are patched in Cursor 3.0 released April 2; versions before 3.0 are affected. The vulnerabilities exploit how Cursor handles a tool parameter and symlink resolution to cause writes that disable the sandbox, enabling full code execution as the user.
read more →

Over 900 Oracle E-Business instances exposed online

🔒 Over 900 Oracle E-Business Suite (EBS) instances were found exposed online amid active attacks exploiting a critical File Transmission flaw in Oracle Payments (CVE-2026-46817). The vulnerability permits unauthenticated HTTP takeover, and Oracle released patches in its May 2026 Critical Security Patch Update, urging immediate remediation. Threat intelligence firm Defused reported active exploitation observed on honeypots, while Shadowserver noted roughly 950 exposed instances and the extent of patching remains unclear.
read more →

Citrix issues patches for six NetScaler vulnerabilities

🔒 Citrix released security updates to address six vulnerabilities in NetScaler ADC and NetScaler Gateway that could allow arbitrary file reads or trigger denial-of-service conditions. The flaws include memory overread/overflow issues and an external control of file name vulnerability, each with CVSS scores ranging from 6.9 to 8.8. Fixed builds are available for 14.1 and 13.1 branches, with additional configuration changes required for one HTTP/2 issue. Citrix credited multiple external researchers and said there is no evidence of in-the-wild exploitation.
read more →

AirDrop and Quick Share weaknesses disrupt sharing

🔒 Two researchers disclosed six vulnerabilities in AirDrop and Quick Share that let a nearby attacker crash or manipulate file‑sharing sessions. The issues impact Apple and Samsung implementations and include a stack overflow in Apple's XML plist parser and a Windows memory bug in Google's Quick Share app. Apple, Google, and Samsung have begun issuing fixes and coordinating disclosures; users should update and restrict visibility settings.
read more →

DirtyClone Linux kernel flaw enables local root

🛡️ JFrog Security Research published a working exploit for DirtyClone (CVE-2026-43503) on June 25, demonstrating a local privilege escalation in the DirtyFrag family. The flaw lets a local user corrupt file-backed memory via cloned network packets to gain root; the upstream patch landed in mainline on May 21. Exploitation requires CAP_NET_ADMIN to configure an IPsec tunnel, and unprivileged user namespaces on Debian and Fedora enable the default attack path. Ubuntu 24.04+ mitigates the default vector via AppArmor restrictions.
read more →

CISA warns of critical Ubiquiti and Lantronix flaws

🔒 CISA has added four high-severity vulnerabilities to its Known Exploited Vulnerabilities catalog, including three Ubiquiti UniFi OS flaws and a Lantronix EDS5000 command injection. The agency's BOD 26-04 requires federal agencies to apply fixes or mitigations within three days. Vendors have released patches and detection guidance, and researchers provided proof-of-concept chaining and a detection script to help defenders identify affected devices.
read more →

Critical FFmpeg MagicYUV Flaw Demands SBOM Focus

🔒 A critical heap out-of-bounds write in the MagicYUV decoder of FFmpeg (CVE-2026-8461), dubbed PixelSmash, can crash applications or enable remote code execution. Researchers at JFrog demonstrated full exploits against Jellyfin and Nextcloud by uploading crafted media files; any app using libavcodec is potentially affected. Users and vendors should upgrade to FFmpeg 8.1.2 or disable the MagicYUV decoder if unused.
read more →

FFmpeg patches PixelSmash MagicYUV vulnerability

🛡️ FFmpeg fixed a high-severity heap out-of-bounds flaw dubbed PixelSmash (CVE-2026-8461) in the MagicYUV decoder that can be triggered by crafted AVI, MKV, or MOV files. The bug allows denial-of-service in many media apps and can enable remote code execution in specific setups — for example, Jellyfin and Nextcloud instances — particularly if ASLR is disabled or chained with another vulnerability. FFmpeg 8.1.2 addresses the issue and vendors are updating or applying mitigations.
read more →

Unauthenticated info disclosure in Gravity SMTP plugin

🔒 Threat actors are exploiting an unauthenticated information-disclosure vulnerability in the WordPress plugin Gravity SMTP, present on about 100,000 sites. Tracked as CVE-2026-4020 and rated medium, the flaw affects versions 2.1.4 and older and was fixed in 2.1.5 (released March 17). Wordfence reports millions of blocked attempts and recommends admins patch and monitor requests to the exposed REST endpoint.
read more →

CISA Adds One Vulnerability to KEV Catalog

🔔 CISA added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation. The alert underscores that such vulnerabilities are frequent attack vectors and pose significant risks to the federal enterprise. BOD 26-04 requires Federal Civilian Executive Branch agencies to prioritize rapid remediation of high-risk KEV-listed CVEs on internet-exposed assets and to check for compromise before patching. CISA encourages all organizations to adopt risk-based vulnerability management and to submit candidate vulnerabilities via the KEV Nomination Form.
read more →

Critical OIDC flaw lets attackers add SimpleHelp technicians

🔒 A critical vulnerability (CVE-2026-48558) in SimpleHelp allows unauthenticated actors to create privileged Technician accounts when OIDC authentication is enabled. Researchers at Horizon3.ai attribute the issue to improper validation of identity assertions from OIDC identity providers. The vendor released fixes in versions 5.5.16 and 6.0RC2 on June 9, and mitigations include IP allowlists and monitoring for suspicious technician registrations.
read more →

One-click Microsoft 365 Copilot SearchLeak flaw

🔎 Researchers at Varonis chained three bugs into a one-click exfiltration path dubbed SearchLeak that could have pulled emails, calendar entries, and indexed files from Microsoft 365 Copilot Enterprise Search. Because the malicious link used a legitimate microsoft.com domain, URL filters and anti-phishing tools were unlikely to block it. Microsoft assigned CVE-2026-42824, mitigated the issue on its backend, and Varonis released a proof-of-concept without observed exploitation.
read more →