5139 matches found
Gogs <= 0.13.3 - Remote Code Execution
Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...
PT-2026-56921
Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3 Description An authenticated arbitrary file write exists in the legacy web UI program-upload workflow. The application stores an attacker-supplied filename prog file into the Programs.File database field and uses this...
Felons, Fraudsters Flog Offensive Cybersecurity Startup
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platfor...
CVE-2026-43713
creationtimestamp| type| source ---|---|--- 2026-07-01 03:15:02+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:59+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:43+00:00| seen|...
CVE-2026-43709
creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:39+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:59+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:43+00:00| seen|...
CVE-2026-43703
creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:25+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:58+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:42+00:00| seen|...
CVE-2026-43701
creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:23+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:58+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:42+00:00| seen|...
CVE-2026-39868
creationtimestamp| type| source ---|---|--- 2026-07-01 02:51:08+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:58+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:42+00:00| seen|...
CVE-2026-43716
creationtimestamp| type| source ---|---|--- 2026-07-01 02:49:57+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:00:59+00:00| seen| https://www.thezdi.com/blog/2026/6/30/the-june-2026-apple-security-update-review 2026-07-02 01:00:43+00:00| seen|...
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 CVSS score: 7.8...
CVE-2026-9776
ATEN Unizon contains a directory traversal flaw in writeFileToHttpServletResponse that allows remote disclosure of sensitive information without authentication. The issue stems from improper validation of a user-supplied path used in file operations, enabling an attacker to access data in the SYS...
PT-2026-52125
Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the ImportDeviceList method allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a...
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 CVSS score: 7.8, with the tech giant describing it as a privilege escalation flaw. "Microsoft is...
Vulnerabilities found in Check Point Remote and Mobile Access VPN-products
Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten...
PT-2026-49259
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A directory or path traversal issue exists in the web UI of Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage. The flaw occurs because the software does not properly...
The FCC Wants to Kill Burner Phones
Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more...
ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack
Google says ShinyHunters exploited Oracle PeopleSoft zero-day to steal data from 100+ organisations, with universities making up most victims...
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urgency of remediatio...
OESA-2026-2638 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A vulnerability was found in Apache HTTP Server Web Server affected version not known. It has been rated as critical.Using CWE to declare the problem leads to CWE-404. The product does not release or...