< ciso
brief />
Tag Banner

All news with #vulnerability disclosure tag

573 articles · page 5 of 29

Cisco fixes CVSS 10.0 flaw in Secure Workload

🔒 Cisco issued updates for a maximum-severity vulnerability (CVE-2026-20223) in Secure Workload that allows unauthenticated, remote access to REST API endpoints. The flaw permits crafted API requests to read sensitive data and change configurations across tenant boundaries with Site Admin privileges. Affected versions include Release 3.9 and earlier (migrate), 3.10 (fixed in 3.10.8.3), and 4.0 (fixed in 4.0.3.17). Cisco discovered the issue internally and reports no evidence of exploitation in the wild.
read more →

Critical ChromaDB RCE Flaw Leaves Servers Exposed

🔒 Researchers disclosed a critical vulnerability in ChromaDB (CVE-2026-45829) that allows unauthenticated attackers to execute arbitrary code and access sensitive data on affected servers. The flaw is a race condition in the FastAPI-based API server that fetches and executes remote embedding model code before performing authentication checks. HiddenLayer says versions 1.0.0 through 1.5.8 are affected and many public instances remain vulnerable; they recommend using the Rust implementation and restricting network access until a patch is available.
read more →

Chromium leak exposes unfixed persistent JavaScript flaw

🛡️ Google inadvertently published details of an unfixed Chromium vulnerability that allows JavaScript to continue running after the browser is closed, enabling remote code execution via persistent Service Workers. Reported by researcher Lyra Rebane in December 2022, the issue affects all Chromium-based browsers and was marked fixed in February 2024 but a patch was not shipped. The bug tracker entry was briefly made public on May 20, revealing the exploit still works in Chrome Dev 150 and Edge 148, making attacks stealthier and increasing risk until an emergency fix is released.
read more →

Cisco fixes max-severity Secure Workload REST API flaw

🔒 Cisco released patches for a maximum-severity vulnerability in Secure Workload (formerly Tetration) that allowed unauthenticated attackers to gain Site Admin privileges by abusing internal REST APIs. The flaw, tracked as CVE-2026-20223, stems from insufficient validation and authentication of API endpoints and could let attackers read sensitive data and change configurations across tenant boundaries. Cisco provided fixed releases for on-premises deployments and has already remediated the issue in the SaaS offering; no workarounds exist.
read more →

Nine‑Year Linux ptrace Flaw Exposes SSH Keys

🔒 A nine‑year logic flaw in the Linux kernel's ptrace path (CVE‑2026‑46333) lets unprivileged local users read sensitive files on default Debian, Fedora and Ubuntu installations. Qualys TRU found the bug in __ptrace_may_access(), exploitable when a privileged process drops credentials and remains briefly reachable; pidfd_getfd() expanded the attack surface. Upstream patches and distro updates are available; mitigations include raising kernel.yama.ptrace_scope to 2.
read more →

B&R Automation Runtime SDM Vulnerabilities Fix Released

🔒 An update resolves multiple vulnerabilities in B&R Automation Runtime SDM prior to 6.4 that could allow session takeover, reflected XSS, or CSV formula injection. The vendor corrected the issues in Automation Runtime 6.4 and notes SDM is disabled by default in AR 6. Customers should apply the update based on risk assessment and follow recommended network isolation and access-control practices.
read more →

ABB Terra AC Wallbox Buffer Overflow Advisory

🔒 ABB reports heap, stack and classic buffer overflow vulnerabilities in select Terra AC Wallbox firmware. An attacker who hijacks Bluetooth and crafts oversized fields could corrupt memory and potentially alter firmware behavior. ABB has released firmware version 1.8.36 (JP) to address the issues and recommends updating as soon as possible.
read more →

ABB B&R UEFI PXE Vulnerabilities and Vendor Updates

🔒 ABB B&R reported multiple vulnerabilities in the UEFI PXE implementation of affected B&R PCs and controllers. EDK2 Network Package issues include out-of-bounds reads, buffer overflows, infinite loops, and weak PRNG usage that can lead to remote code execution, DoS, DNS poisoning, or data exposure. Vendor updates are available for many product versions and users are advised to apply patches or follow mitigations.
read more →

Hitachi Energy GMS600 OpenSSL timing flaw

🔒 Hitachi Energy reported that GMS600 versions are affected by CVE-2022-4304, a timing-based side-channel in OpenSSL RSA decryption that can allow recovery of pre-master secrets after many trial messages. The flaw impacts all RSA padding modes and can enable decryption of TLS application data. Vendor mitigation is to upgrade to version 1.3.2; CISA reiterates network isolation and defensive best practices.
read more →

Nine-Year Linux Kernel Flaw Lets Local Users Gain Root

🔒 Qualys disclosed a nine-year-old Linux kernel vulnerability tracked as CVE-2026-46333 (ssh-keysign-pwn) that stems from the __ptrace_may_access() code path. The flaw can allow an unprivileged local user to disclose sensitive files such as /etc/shadow and SSH host private keys and to execute arbitrary commands as root on default installs of Debian, Fedora, and Ubuntu. A public proof-of-concept appeared after a kernel commit; vendors have issued patches and recommend raising kernel.yama.ptrace_scope to 2 as a temporary mitigation.
read more →

Amazon RDS Custom adds latest SQL Server GDR fixes

🔔 Amazon RDS Custom for SQL Server now supports the latest General Distribution Release (GDR) updates for Microsoft SQL Server, including SQL Server 2019 CU32+GDR KB5084816 and SQL Server 2022 CU24+GDR KB5083252. These updates address vulnerabilities tracked as CVE-2026-32167 and CVE-2026-32176. You can apply the updates via the Amazon RDS Management Console or programmatically with the AWS SDK or CLI, and guidance is available in the Amazon RDS Custom User Guide.
read more →

Highly Critical PostgreSQL SQLi Fix Released for Drupal

🛡️ Drupal issued emergency updates addressing a "highly critical" SQL injection flaw tracked as CVE-2026-9082 in its database abstraction API that can be exploited against sites using PostgreSQL, allowing information disclosure and in some cases privilege escalation or remote code execution. The vendor released patched builds for supported 11.x and 10.x branches and published manual patches for EOL versions. Upstream Symfony and Twig fixes are also included in recent releases.
read more →

Critical Drupal Core Security Update Scheduled Today

🛡️ Drupal has issued a core security release scheduled for May 20 between 17:00 and 21:00 UTC, warning that exploits could appear within hours of disclosure. Administrators are urged to reserve time for the update and to upgrade sites running Drupal 8 or 9 to at least 10.6. Patches will be released for several 10.x and 11.x branches, and although some older branches are EOL, hotfixes will be provided for affected 9.5 and 8.9 releases. Sites using Drupal Steward have mitigations but should still apply updates promptly.
read more →

Microsoft Mitigation Released for BitLocker YellowKey

🔒 Microsoft has issued a mitigation for a BitLocker bypass called YellowKey (CVE-2026-45585), after a public proof-of-concept appeared. The flaw lets specially crafted FsTx files placed on a USB drive or EFI partition trigger an unrestricted shell when WinRE boots, risking access to encrypted volumes on affected Windows 11 and Windows Server 2025 systems. Microsoft and researchers recommend removing autofstx.exe from the WinRE image and switching from TPM-only to TPM+PIN to block exploitation.
read more →

Max-Severity ChromaDB Flaw Lets Attackers Hijack Servers

⚠️ A max-severity flaw (CVE-2026-45829) in the Python FastAPI server of ChromaDB allows unauthenticated attackers to load and execute remote models before authentication is enforced, enabling arbitrary code execution on exposed servers. The issue impacts PyPI-distributed releases used widely in AI retrieval stacks; a 1.5.9 release exists but it is unclear if the fix addresses this vulnerability. Mitigations include using the Rust frontend, avoiding public exposure of the Python API, and restricting network access to the ChromaDB API port.
read more →

Talos Discloses TP-Link, Photoshop, OpenVPN, Norton Flaws

🔒 Cisco Talos disclosed multiple vulnerabilities affecting TP‑Link, Adobe Photoshop, OpenVPN, and Norton VPN. Most issues were patched by vendors under Cisco’s third‑party disclosure policy; the Norton installer flaw was observed in use before a patch was available. The TP‑Link Archer AX53 firmware contains eight issues including buffer overflow and several command injection and config‑control flaws that allow code execution or arbitrary file access. Talos recommends applying vendor updates and using updated Snort rules to detect exploitation.
read more →

DirtyDecrypt PoC Released for Linux Kernel Privilege Bug

🔐 Proof-of-concept exploit code has been published for the recently patched Linux kernel vulnerability known as DirtyDecrypt (aka DirtyCBC), which enables local privilege escalation by bypassing copy-on-write protections in rxgk_decrypt_skb. The flaw (CVE-2026-31635) affects kernels built with CONFIG_RXGK, impacting distributions like Fedora, Arch and openSUSE Tumbleweed. In containerized environments, vulnerable worker nodes may enable pod escape and root compromise.
read more →

ABB CoreSense Path Traversal Fixed in New Updates Released

🔒 ABB published updates addressing a path traversal vulnerability (CWE-22, CVSS v3 7.1) affecting CoreSense HM and CoreSense M10. The flaw allowed unauthenticated local users to access restricted directories and could lead to full system compromise and sensitive data exposure. ABB fixed the issue in CoreSense HM v2.3.4 and CoreSense M10 v1.4.1.31 and recommends applying the update promptly. CISA republished the vendor advisory and advises network isolation, strict input validation, and restricting local host access to authorized users.
read more →

Drupal warns of urgent core security release on May 20

⚠️ The Drupal Security Team announced a planned core security release for all supported branches on May 20, 2026, from 5–9 p.m. UTC. Administrators are urged to reserve that window because exploits may emerge within hours or days, and to update to the latest patch for their branch in advance. Patches are expected for 11.3.x, 11.2.x, 10.6.x and 10.5.x, with mitigation guidance and instructions for end-of-life releases included.
read more →

Critical RCE and Data-Leak Flaws in SEPPMail Gateway

🔒 InfoGuard Labs disclosed multiple critical vulnerabilities in SEPPMail Secure E-Mail Gateway that allow unauthenticated remote code execution, path traversal, deserialization flaws, and exposure of sensitive server data. Researchers demonstrated an exploit chain leveraging the LFT path traversal (CVE-2026-2743) to overwrite syslog configuration and obtain a Perl reverse shell, enabling full appliance takeover and mail interception. SEPPmail has released fixes across versions 15.0.2.1, 15.0.3 and 15.0.4 and urges administrators to apply updates immediately.
read more →