[webapps] Flowise < 3.0.5 - Missing Authentication for Critical Function
Flowise < 3.0.5 - Missing Authentication for Critical Function
Aggregator
[webapps] coreruleset 4.21.0 - Firewall Bypass
1 month ago
coreruleset 4.21.0 - Firewall Bypass
[webapps] glances 4.5.2 - command injection
1 month ago
glances 4.5.2 - command injection
[webapps] Ninja Forms Uploads - Unauthenticated PHP File Upload
1 month ago
Ninja Forms Uploads - Unauthenticated PHP File Upload
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
1 month ago
Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale.
Jacob Santos
Claude Code /goal:让 AI 自主持续工作直到达成目标的新命令
1 month ago
用 [[Claude Code]] 写代码时,一直有一个令人微妙不适的摩擦:每当 Claude 完成一轮工作,控制权就回到了我这里,我需要再次发出指令,告诉它”继续”“再检查
Aur0ra
1 month ago
You must login to view this content
cohenido
US govt seeks Instructure testimony on massive Canvas cyberattack
1 month ago
The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company's Canvas platform, allowing threat actors to steal student data and disrupt schools during final exams. [...]
Lawrence Abrams
Daily Dose of Dark Web Informer - May 12th, 2026
1 month ago
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Dark Web Informer
Fedora Hummingbird brings the container security model to a Linux host OS
1 month ago
Container image security pipelines have spent the past several years pushing toward minimal footprints, hermetic builds, and continuous CVE remediation. The Fedora Project is now applying that same approach to the host operating system. At Red Hat Summit 2026, Fedora announced Fedora Hummingbird, a container-based rolling Linux distribution delivered as an OCI image. “The Linux market has split: IT operations teams need the decades-long stability of Red Hat Enterprise Linux, while builders, both human and … More →
The post Fedora Hummingbird brings the container security model to a Linux host OS appeared first on Help Net Security.
Anamarija Pogorelec
LeakedData
1 month ago
You must login to view this content
cohenido
LeakedData
1 month ago
You must login to view this content
cohenido
AMD Ionic Driver Vulnerabilities Affecting VMware ESX
1 month ago
We would like to bring your attention to a security bulletin from AMD: AMD-SN-2001: Ionic Driver Vulnerabilities. The bulletin details three vulnerabilities — CVE-2025-62623, CVE-2025-62624, and CVE-2025-62627 — present in the AMD ionic cloud driver for VMware ESX. These issues affect ESX hosts using AMD-Pensando DPU (Data Processing Unit) products. We strongly encourage you to … Continued
The post AMD Ionic Driver Vulnerabilities Affecting VMware ESX appeared first on VMware Security Blog.
Praveen Singh
Qilin
1 month ago
You must login to view this content
cohenido
Patch Tuesday, May 2026 Edition
1 month ago
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.
BrianKrebs
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
1 month ago
The campaign hit major registries and hid behind legitimate-looking release signatures, showing how attackers can weaponize the software update process itself.
The post ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack appeared first on CyberScoop.
Greg Otto
CVE-2026-44015 | 0xJacky nginx-ui up to 2.3.4 server-side request forgery
1 month ago
A vulnerability marked as critical has been reported in 0xJacky nginx-ui up to 2.3.4. Impacted is an unknown function. Performing a manipulation results in server-side request forgery.
This vulnerability was named CVE-2026-44015. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2026-45225 | heymrun heym up to 0.0.20 File Upload Endpoint upload_file path traversal
1 month ago
A vulnerability labeled as critical has been found in heymrun heym up to 0.0.20. This issue affects the function upload_file of the component File Upload Endpoint. Such manipulation leads to path traversal.
This vulnerability is uniquely identified as CVE-2026-45225. The attack can be launched remotely. No exploit exists.
The affected component should be upgraded.
vuldb.com
CVE-2026-35555 | Subnet Solutions PowerSYSTEM Center 2024/PowerSYSTEM Center 2026 up to 6.1.x authorization (icsa-26-132-02)
1 month ago
A vulnerability identified as problematic has been detected in Subnet Solutions PowerSYSTEM Center 2024 and PowerSYSTEM Center 2026 up to 6.1.x. This vulnerability affects unknown code. This manipulation causes incorrect authorization.
This vulnerability is handled as CVE-2026-35555. The attack can only be done within the local network. There is not any exploit available.
vuldb.com
CVE-2026-33570 | Subnet Solutions PowerSYSTEM Center 2020 up to 5.28.x REST API Endpoint authorization (icsa-26-132-02)
1 month ago
A vulnerability categorized as problematic has been discovered in Subnet Solutions PowerSYSTEM Center 2020 up to 5.28.x. This affects an unknown part of the component REST API Endpoint. The manipulation results in incorrect authorization.
This vulnerability is known as CVE-2026-33570. Access to the local network is required for this attack. No exploit is available.
vuldb.com