ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enoug...

CVE-2026-35518

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

PT-2026-30960

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.1.0 Description ChurchCRM, an open-source church management system, has a critical pre-authentication remote code execution issue in its setup wizard. Unauthenticated attackers can inject arbitrary PHP code during...

CVE-2026-34977

Aperi'Solve is an open-source steganalysis web platform. Prior to version 3.2.1, uploading a JPEG with an optional password leads the password to be passed into an expect command and then into a bash -c command without sanitization. An unauthenticated attacker can achieve root-level RCE inside th...

Exploit for Code Injection in Apache Ranger

CVE-2025-59059: Misattributed RCE in Apache Ranger a correcti...

Fortra GoAnywhere MFT - Remote Code Execution

Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet. id: CVE-2023-0669 info: name: Fortra GoAnywhere MFT - Remote...

CVE-2026-34449 SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution RCE on any desktop running SiYuan by exploiting the permissive CORS policy Access-Control-Allow-Origin: + Access-Control-Allow-Private-Network: true to inject a JavaScri...

Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. id: CVE-2023-24489 info: name: Citrix ShareFile StorageZones...

kexploitbinary

DarkSword Red Team Framework Framework Python com CLI para en...

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

CVE-2026-23882 Blinko: Admin RCE - MCP Server Command Injection

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP Model Context Protocol server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4...

Malicious code in rce-pkg-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00722c1eda950154ab61163515f1ee91bd18cd2be33793e0bf446884abc30771 The package rce-pkg-1 was found to contain malicious code...

Malicious code in rce-pkg-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2e2ccfc70214b187f4ea10c848cbc319a6c508e555a0fc4eb820f3e4670c4b2 The package rce-pkg-2 was found to contain malicious code...

MAL-2026-1834 Malicious code in rce-pkg-2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2e2ccfc70214b187f4ea10c848cbc319a6c508e555a0fc4eb820f3e4670c4b2 The package rce-pkg-2 was found to contain malicious code...

MAL-2026-1833 Malicious code in rce-pkg-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00722c1eda950154ab61163515f1ee91bd18cd2be33793e0bf446884abc30771 The package rce-pkg-1 was found to contain malicious code...

CVE-2026-28674

Product/Context: xiaoheiFS (self-hosted financial/operational system). Vulnerability: In versions ≤ 0.3.15, the AdminPaymentPluginUpload endpoint allows admins to upload any file to plugins/payment/ with only a hardcoded password (qweasd123456) and disregards file content. A background watcher (S...

CVE-2026-2462

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x

PT-2026-25811

🚨 FRESH TOP THREAT ALERT 🚨 Critical RCE in Apache Tomcat March 16, 2026: CVE-2026-89102 – CVSS 9.8! Unauthenticated attackers can send one crafted request to trigger a deserialization flaw and execute arbitrary code on the server. Hits thousands of Java web apps worldwide. Remediation: Upgrade...

PT-2026-24662

Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 3.10.0 Description An unauthenticated remote attacker can read arbitrary files from the server's filesystem. The issue occurs in the create model version handler of mlflow/server/handlers.py when a...

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage ...