vulnerability

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)
CISA has issued a warning regarding a critical vulnerability (CVE-2026-55255) in the Langflow AI framework, which is being actively exploited by attackers. The flaw allows authenticated users to execute arbitrary flows belonging to other users, potentially leading to the theft of sensitive credentials and data exposure, especially in multi-tenant environments. US federal agencies have been mandated to patch this vulnerability by July 10th.

Bug in top AI coding agents shows that Unix-era security headaches never really die
A vulnerability dubbed "GhostApproval" has been discovered in at least six popular AI coding assistants, allowing them to access files outside their designated workspaces and potentially execute remote code. The flaw exploits symbolic links, a long-standing security issue, to trick agents into writing malicious content, such as SSH keys, to sensitive system files. While some vendors have patched the issue and assigned CVEs, others have downplayed the risk or are yet to release fixes.

CISA orders feds to prioritize patching Langflow auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to prioritize patching a critical authentication bypass vulnerability within the Langflow AI agent framework. This directive comes as the flaw is reportedly being actively exploited.

Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti has issued updates to address seven critical vulnerabilities within its UniFi OS. Among these patched flaws is a command injection vulnerability rated at maximum severity.

CISA orders feds to patch max severity ColdFusion flaw by Friday
The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies address a maximum-severity Adobe ColdFusion vulnerability. This flaw is currently being actively exploited and requires patching by Friday.

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
Nebula Security has revealed GhostLock (CVE-2026-43499), a Linux kernel vulnerability present for 15 years. This flaw allows any logged-in user to achieve root privileges and container escape on unpatched systems, as it is included by default in most Linux distributions.

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
CISA has incorporated four new vulnerabilities into its Known Exploited Vulnerabilities (KEV) catalog. These flaws, affecting products from Adobe, Joomla, and Langflow, are all currently under active exploitation.

Dialogflow CX 'Rogue Agent' Flaw Enabled AI Chatbot Data Theft
Varonis identified a vulnerability in Google Dialogflow CX, dubbed the Rogue Agent flaw, which allowed for the theft of AI chatbot data. Google has since implemented a fix for this issue.

Chinese hackers develop LONGLEASH malware to expand ORB network
Chinese state-sponsored hackers, identified as UAT-7810, have developed new malware named LONGLEASH. It is being used to expand their ORB network by compromising internet-facing devices, specifically targeting unpatched Ruckus routers.

Hidden backdoor in Tenda router firmware grants admin access
A hidden backdoor has been discovered in multiple versions of Tenda router firmware. The hardcoded authentication backdoor allows unauthorized administrative access to the router web management panel.

Critical Gitea Flaw Under Active Exploitation, Researchers Warn
A critical vulnerability in Gitea, tracked as CVE-2026-20896, is being actively exploited. The flaw lets attackers bypass authentication with a single HTTP header to access repositories and secrets.

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots
A now-patched flaw in Google Dialogflow CX could have allowed chatbot hijacking. An attacker with edit rights on a single Code Block agent could compromise other agents in the same Google Cloud project and read live conversations.

'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows
A vulnerability dubbed GitLost leaks private data from GitHub Agentic Workflows. An unauthenticated attacker can craft a public GitHub Issue to silently exfiltrate data from private repositories.

Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
Noma Security demonstrated that a public GitHub Issue can trick GitHub Agentic Workflows into leaking private repository data. A seemingly innocuous issue on a public repo can be crafted to exfiltrate private contents.

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants
A now-patched critical session isolation flaw was found in the enterprise generative-AI platform Writer. It could have let agent previews leak session tokens, enabling cross-tenant compromise.

Critical Adobe ColdFusion Vulnerability Exploited in Attacks
A critical Adobe ColdFusion vulnerability, CVE-2026-48282 with a maximum CVSS score of 10, is being actively exploited in attacks. The flaw poses a severe risk to affected systems.

New Januscape Linux flaw allows VM escape on Intel, AMD devices
A newly identified Linux kernel vulnerability, dubbed Januscape, allows virtual machine escape on Intel and AMD systems. The 16-year-old flaw lets attackers break out of a VM and run code on the host.

Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems
A recently discovered 16-year-old vulnerability in the Linux kernel's KVM hypervisor, dubbed Januscape, allows attackers to break out of a virtual machine. This flaw affects both Intel and AMD systems and could enable unauthorized code execution on the underlying host system.

BeyondTrust warns of critical flaws in remote access software
BeyondTrust has alerted users to two critical vulnerabilities affecting its Remote Support and Privileged Remote Access software. These security weaknesses could potentially enable attackers to circumvent authentication mechanisms.

BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
BeyondTrust has issued patches for critical vulnerabilities in its Remote Support and Privileged Remote Access software. These flaws could permit unauthenticated attackers to gain unauthorized control over affected systems.

CitrixBleed-ing Again? NetScaler Vulnerability Under Attack
Attackers wasted little time targeting the latest memory disclosure flaw in Citrix's NetScaler products, after researchers published a proof-of-concept exploit (PoC).

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU

JadePuffer: The First Complete LLM-Driven Ransomware Attack
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from

Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, th

Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere.

New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in t

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This

New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new

'Djinn' Stealer Targets Cloud, AI Credentials
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.

Vulnerabilities Expose Private Data in Indian Government Systems
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.

Factoring RSA Keys with Many Zeros
Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developi

Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.

In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
A critical vulnerability affecting Cisco Unified CM and Unified CM SME deployments, which allows for server-side request forgery (SSRF) and root privilege escalation, was rapidly exploited by attackers. Threat actors weaponized the flaw within 24 hours of its public disclosure.

Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities
Microsoft Patch Tuesday details for June 2026.

Smashing Security podcast #470: This AI security flaw might be impossible to fix
A website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren't. And when a journalist tried to war

DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap
This white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format.

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits. The Dolby 0-click vulnerability existed across all of Android, until it

CVE-2026-33538: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured providers, each request triggers a full collection scan on the user database. This can be parallelized to saturate database resources. This issue has been patched in versions 8.6.58 and 9.6.0-alpha.52.

CVE-2026-33527: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST API. This allows bypassing the server's configured session lifetime policy, making a session effectively permanent. This issue has been patched in versions 8.6.57 and 9.6.0-alpha.48.

CVE-2026-33508: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrades or disrupts service availability. This issue has been patched in versions 8.6.56 and 9.6.0-alpha.45.

CVE-2026-33498: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server process. The server becomes completely unresponsive and must be manually restarted. This is a bypass of the fix for CVE-2026-32944. This issue has been patched in versions 8.6.55 and 9.6.0-alpha.44.

CVE-2026-33429: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe to LiveQuery with a watch parameter targeting a protected field. Although the protected field value is properly stripped from event payloads, the presence or absence of update events reveals whether the protected field changed, creating a binary oracle. For boolean protected fields, the timing of change events is equivalent to knowing the field value. This issue has been patched in versions 8.6.54 and 9.6.0-alpha.43.

CVE-2026-33421: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and 9.6.0-alpha.42, Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission (CLP) pointer permissions (readUserFields and pointerFields). Any authenticated user can subscribe to LiveQuery events and receive real-time updates for all objects in classes protected by pointer permissions, regardless of whether the pointer fields on those objects point to the subscribing user. This bypasses the intended read access control, allowing unauthorized access to potentially sensitive data that is correctly restricted via the REST API. This issue ha

CVE-2026-33417: Wallos is an open-source, self-hostable personal subscription tracker.
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The password_resets table includes a created_at timestamp column, but the token validation logic never checks it. A password reset token remains valid indefinitely until it is used, allowing an attacker who intercepts a reset link at any point to use it days, weeks, or months later. This issue has been patched in version 4.7.2.

CVE-2026-33409: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowing the user's credentials. The attacker only needs to know the user's provider ID to gain full access to their account, including a valid session token. This affects Parse Server deployments where the server option allowExpiredAuthDataToken is set to true. The default value is false. This issue has been patched in versions 8.6.52 and 9.6.0-alpha.41.

CVE-2026-33323: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.51 and 9.6.0-alpha.40, the Pages route and legacy PublicAPI route for resending email verification links return distinguishable responses depending on whether the provided username exists and has an unverified email. This allows an unauthenticated attacker to enumerate valid usernames by observing different redirect targets. The existing emailVerifySuccessOnInvalidEmail configuration option, which is enabled by default and protects the API route against this, did not apply to these routes. This issue has been patched in versions 8.6.51 and 9.6.0-alpha.40.

CVE-2026-30932: Froxlor is open source server administration software.
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and BIND zone file directives (e.g. $INCLUDE) into the zone file that gets written to disk when the DNS rebuild cron job runs. This issue has been patched in version 2.3.5.

CVE-2026-2417: A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware ver
A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.

CVE-2026-29772: Astro is a web framework.
Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse() allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achieves ~15x memory amplification (wire bytes to heap bytes), allowing a single unauthenticated request to exhaust the process heap and crash the server. The /_server-islands/[name] route is registered on all Astro SSR apps regardless of whether any component uses server:defer, and the body is parsed before the island name is validated, so any Astro SSR app with the Node standalone adapter is affected.

CVE-2026-23924: Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding the
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API.

CVE-2026-23923: An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classe
An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time.

CVE-2026-23921: A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data through time-based techniques, potentially leading to session identifier disclosure and administrator account compromise.

CVE-2026-23920: Host and event action script input is validated with a regex (set by the administrator), but the validation runs i
Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands.

CVE-2026-23919: For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript
For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks). This can lead to confidentiality loss where a regular (non-super) Zabbix administrator leaks data for hosts they do not have access to. A fix has been released that makes the built in Zabbix JavaScript objects read-only, but please be advised that usage of global JavaScript variables is not recommended because their content could be leaked. More information <a href='https://www.zabbix.com/documentation/7.4/en/manual/installation/known_issues#preprocessing-global-variables-are-unsafe'>in Zabbix documentation</a>.

CVE-2026-1995: IDrive’s id_service.exe process runs with elevated privileges and regularly reads from several files under the C:\P
IDrive’s id_service.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the system. An attacker can overwrite or edit the files to specify a path to an arbitrary executable, which will then be executed by the id_service.exe process with SYSTEM privileges.

CVE-2026-33407: Wallos is an open-source, self-hostable personal subscription tracker.
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/search.php accepts HTTP_PROXY and HTTPS_PROXY environment variables without validation, enabling SSRF via proxy hijacking. The server performs DNS resolution on user-supplied search terms, which can be controlled by attackers to trigger outbound requests to arbitrary domains. This issue has been patched in version 4.7.0.

CVE-2026-33401: Wallos is an open-source, self-hostable personal subscription tracker.
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 (CVE-2026-30840) added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI recommendations endpoint, and the notification cron job. An authenticated user can reach internal network services, cloud metadata endpoints (AWS IMDSv1, GCP, Azure IMDS), or localhost-bound services by supplying a crafted URL to any of these endpoints. This issue has been patched in version 4.7.0.