⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency c...

Palo Alto Networks PAN-OS 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS software allows an unauthenticated...

RHCOS 4 : OpenShift Container Platform 4.6.30 (RHSA-2021:1566)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1566 advisory. - runc: vulnerable to symlink exchange attack CVE-2021-30465 Note that Nessus has not tested for this issue but has instead relied only on th...

CVE-2026-41213

The CVE concerns @node-oauth/oauth2-server, a Node.js OAuth2 server module. The token exchange path accepts RFC7636-invalid code_verifier values for S256 PKCE flows (including one-character verifiers). The underlying cause is that ABNF enforcement for code_verifier is not performed during token e...

CVE-2026-32245 Tinyauth's OIDC authorization codes are not bound to client on token exchange

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...

PT-2026-3753

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the keycloak-services component of Keycloak. This issue allows the issuance of access and refresh tokens for disabled users, potentially leading to unauthorized use of...

MiracleLinux 9 : podman-5.4.0-9.el9_6 (AXSA:2025-10548:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10548:06 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of...

CVE-2025-11955

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid...

EUVD-2016-7771

Malware in sbrugna...

EUVD-2020-8927

Malware in sbrugna...

EUVD-2017-9324

Malware in sbrugna...

EUVD-2007-2380

Malware in sbrugna...

EUVD-2016-4408

Malware in sbrugna...

EUVD-2015-1894

Malware in sbrugna...

EUVD-2020-9096

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-30570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pluto in Libreswan before 4.11 allows a denial of service responder SPI mishandling and daemon crash via unauthenticated IKEv1 Aggressive Mode packets. The...

PT-2025-33331 · Cisco · Cisco Secure Firewall Threat Defense (Ftd) +1

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Adaptive Security Appliance ASA Software and Secure Firewall Threat Defense FTD Software affected versions not specified Description: A vulnerability exists in the Internet Key Exchange Version 2 IKEv2 module that could...

CVE-2025-25006

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

GHSA-522R-9946-FW43 Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2x5j-vhc8-9cwm. This link is maintained to preserve external references. Original Description A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to...

CVE-2013-10065 Sysax Multi-Server <= 6.10 SSHD Key Exchange DoS

A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a...