CVE-2026-2364 CODESYS Installer TOCTOU Privilege Escalation

If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability in the CODESYS installer...

Fake Zoom meeting “update” silently installs unauthorized version of monitoring tool abused by cybercriminals to spy on victims

UPDATE February 27, 2026: We have added more clarity around the abuse of legitimate commercial products. UPDATE February 25, 2026 : Teramind has stated that it is not affiliated with the threat actors described and did not authorize the deployment of the software referenced. Further updates have...

Security Bulletin: IBM Security Verify Directory products have multiple security vulnerabilities (CVE-2022-33164, CVE-2022-33168, CVE-2022-33161, CVE-2022-32755)

Summary Several vulnerabilities have been addressed in IBM Security Directory Server, IBM Security Directory Suite, and IBM Security Verify Directory products. Vulnerability Details CVEID:CVE-2022-33164 DESCRIPTION: IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse...

CVE-2024-7473

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...

CVE-2024-5126

An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Affected versions include 1.2.2 up to but not including 1.2.25. The vulnerability allows unauthorized users to update prompt details due t...

CVE-2024-5126 Improper Access Control in lunary-ai/lunary

An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Affected versions include 1.2.2 up to but not including 1.2.25. The vulnerability allows unauthorized users to update prompt details due t...

WordPress Geo Controller < 8.6.5 - PHP Object Injection

Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2024-22233: Spring Framework server Web DoS Vulnerability

The Spring Framework 6.0.16 and 6.1.3 releases shipped on January 11th includes a fix for CVE-2024-22233. The Spring Boot 3.1.8 and 3.2.2 releases shipped last week upgrade to the relevant Spring Framework versions. Users are encouraged to update as soon as possible...

Security Bulletin: QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-25881, CVE-2021-23440, CVE-2022-24785, CVE-2022-46175)

Summary QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics...

Security Bulletin: IBM Cloud Pak for Security (CP4S) is vulnerable to information disclosure (CVE-2021-39090)

Summary IBM Cloud Pak for Security CP4S could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. This has been updated in the latest release and the vulnerability has been addressed. Please follow the instructions in t...

CVE-2021-34527

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

Debian: Security Advisory (DLA-1643-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress 3.1.2 released – Security fixes !

WordPress 3.1.2 released – Security fixes ! The WordPress team just released a new version of WordPress 3.1.2 to fix a security issue where contributor-level users were allowed to publish posts. It is a small release, and everyone using WordPress should upgrade to it! From the WordPress site:...