CVE-2026-27824

CVE-2026-27824 affects calibre (Content Server) prior to version 9.4.0 where brute-force protection derives its ban key from both remote_addr and X-Forwarded-For. Because X-Forwarded-For is read directly from the HTTP request without validation or trusted-proxy checks, an attacker can bypass IP-b...

CVE-2026-27466 BigBlueButton: Exposed ClamAV port enables Denial of Service

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that leave a BBB server vulnerable for Denial of Service. The flawed command exposes both...

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities KEV catalog. The vulnerability, tracked as CVE-2025-8110 CVSS score: 8.7, relates to a case of path...

CVE-2025-52694 Execution of arbitrary SQL commands

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

PT-2026-1814

Name of the Vulnerable Software and Affected Versions Advantech IoTSuite & IoT Edge products affected versions not specified Description Successful exploitation of a SQL injection issue could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when...

CVE-2025-10460

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...

CVE-2024-53961

ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outsid...

CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS Sector

Today, CISA and the Environmental Protection Agency EPA released Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems. This joint fact sheet provides Water and Wastewater Systems WWS facilities with recommendations for limiting the exposure of Human Machine Interfaces HM...

Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

New research has uncovered more than 145,000 internet-exposed Industrial Control Systems ICS across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management company Censys, found that 38% of the devices are...

Threats in space (or rather, on Earth): internet-exposed GNSS receivers

What is GNSS? Global Navigation Satellite Systems GNSS are collections, or constellations of satellite positioning systems. There are several GNSSs launched by different countries currently in operation: GPS US, GLONASS Russia, Galileo EU, BeiDou Navigation Satellite System BDS, China, Navigation...

Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining

Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...

VulnCheck KEV: CVE-2024-20767

Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel...

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software. IOS XE is an operating system that runs on a wide range of Cisco networking devices,...

Supporting Our U.S. Federal Customers for BOD 23–02 by Mitigating the Risk From Internet-Exposed Management Interfaces

On June 13, 2023, the U.S. Cybersecurity & Infrastructure Security Agency CISA released Binding Operational Directive BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces. The directive requires federal civilian executive-branch agencies to adhere to two primary actions:...

Reducing your attack surface is more effective than playing patch-a-mole

On June 13, 2023 the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive BOD 23-02. BOD 23-02 is titled Mitigating the Risk from Internet-Exposed Management Interfaces, and requires federal civilian agencies to remove specific networked management interfaces...

CISA Order Highlights Persistent Risk at Network Edge

The U.S. government agency in charge of improving the nations cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely...

CISA Issues BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

Today, CISA issued Binding Operational Directive BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, requiring Federal Civilian Executive Branch FCEB agencies to reduce risks posed by internet-exposed networked management interfaces on federal information systems. This...

CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware

Poorly managed Microsoft SQL MS SQL servers are the target of a new campaign that's designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware. "Similar to web shell, which can be installed on web servers,...