Tag

Vulnerability

All articles tagged with #vulnerability

Ubiquiti patches seven UniFi OS flaws, including a critical UniFi Connect command-injection risk
security2 days ago

Ubiquiti patches seven UniFi OS flaws, including a critical UniFi Connect command-injection risk

Ubiquiti released security updates to fix seven critical UniFi OS vulnerabilities, including CVE-2026-50746 in the UniFi Connect App that could allow command injection; users should upgrade the UniFi Connect app to version 3.4.20+ and apply patches across UniFi Talk, UniFi Access, UniFi Protect, and the UniFi OS Server. The company notes several flaws can be exploited in low-complexity attacks with no user interaction. Threats note that more than 100,000 UniFi OS instances are exposed online (per Censys), though it isn’t clear how many are patched, honeypots, or otherwise secured. The report also references past CISA/FBI warnings and demonstrations of exploitation techniques in related Ubiquiti products.

Early Probes Emerge Against Patched Gitea Docker Flaw CVE-2026-20896
security3 days ago

Early Probes Emerge Against Patched Gitea Docker Flaw CVE-2026-20896

Threat actors are probing a critical Gitea Docker vulnerability (CVE-2026-20896) that allowed unauthenticated users to impersonate others via the X-WEBAUTH-USER header when reverse-proxy trust was misconfigured; the weakness affected Gitea 1.26.2 and was fixed in 1.26.3 by removing the wildcard and requiring opt-in reverse-proxy authentication. Sysdig detected the first in-the-wild activity 13 days after disclosure across roughly 6,200 internet-facing instances; admins should patch promptly and review proxy settings.

Zero-Day Bad Epoll Flaw Lets Attackers Root Linux and Android
technology6 days ago

Zero-Day Bad Epoll Flaw Lets Attackers Root Linux and Android

A newly disclosed Linux kernel zero-day, Bad Epoll (CVE-2026-46242), enables unprivileged users to escalate to root on Linux servers, desktops, and Android by exploiting a race condition and a use-after-free in epoll’s ep_remove(). The attack can corrupt kernel memory via a freed eventpoll structure, gain memory access through /proc/self/fdinfo, and execute a return-oriented programming chain to spawn a root shell. Because epoll cannot be disabled without breaking core OS/browser functions, the workaround is to apply the upstream patch or a distribution backport; patch timing and deployment are critical as this is easy to chain with existing browser sandboxes.

Apple Hide My Email Bug Could Reveal Real Addresses, Researchers Warn
technology9 days ago

Apple Hide My Email Bug Could Reveal Real Addresses, Researchers Warn

A security researcher claims Apple's Hide My Email feature can expose real email addresses; tests reportedly showed 100% of generated addresses could reveal the linked account. The researcher says he reported the flaw to Apple over a year ago and, despite Apple saying it was fixed in March, the issue persists, according to 404 Media verification. Apple has discussed moving Hide My Email to a private.icloud.com domain to mitigate the issue.

Public PoC Reveals Critical libssh2 Pre-Auth Bug (CVE-2026-55200)
security11 days ago

Public PoC Reveals Critical libssh2 Pre-Auth Bug (CVE-2026-55200)

A public proof-of-concept exposes a critical pre-auth memory-corruption flaw in libssh2 (CVE-2026-55200) that can trigger code execution when a client connects to a malicious SSH server; affects all releases up to 1.11.1 with a CVSS of 9.2. No fixed release exists yet; the patch is in mainline and backports are underway (e.g., Debian testing). Inventory every usage of libssh2, including static or bundled copies, and apply a build containing commit 97acf3d. Until patched, restrict outbound SSH, verify host keys, and monitor for oversized-packet anomalies. Related issues CVE-2026-55199 and CVE-2025-15661 are also noted; exploitation in the wild has not been observed.

AMD's bounty controversy: researcher denied reward as updater flaw patched after 124 days
technology28 days ago

AMD's bounty controversy: researcher denied reward as updater flaw patched after 124 days

Security researcher MrBruh disclosed a remote-code-execution flaw in AMD's auto-updater; AMD initially dismissed it as out of scope, delayed a bounty for 124 days, and then changed rules about disclosure. The vulnerability could enable MITM via plain HTTP links; AMD patched Ryzen Master, µProf, and Management Console (CVE-2026-40677). AMD now says updates use HTTPS and have signature verification, but the researcher notes the check is weak (CRC32) and a redirection bug could affect self-updating; users should manually install the latest versions from AMD’s site.

Microsoft Deploys Record Patch Tuesday: 206 Flaws, Three Zero-Days, and High-Impact RCEs
security1 month ago

Microsoft Deploys Record Patch Tuesday: 206 Flaws, Three Zero-Days, and High-Impact RCEs

Microsoft released its largest patch batch to date, fixing 206 vulnerabilities across its software, including three publicly disclosed zero-days and multiple critical remote-code-execution flaws in Windows kernel, HTTP.sys, DHCP Client, and BitLocker. The update also addresses two non-Microsoft CVEs and introduces mitigations such as MaxHeadersCount to curb HTTP/2/3 abuse. The release follows AI-driven vulnerability discovery and recent PoCs like RoguePlanet and MiniPlasma, underscoring increasing exploitation risk and the ongoing need to apply patches promptly.

Critical Starlette flaw threatens Python AI tooling ecosystem
security1 month ago

Critical Starlette flaw threatens Python AI tooling ecosystem

A critical vulnerability named BadHost (CVE-2026-48710) in Starlette (versions before 1.0.1) can bypass host-header authentication, enabling SSRF and potential remote code execution; it endangers millions of servers and AI tooling that rely on Starlette via FastAPI, including vLLM, LiteLLM, and Text Generation Inference, given Starlette’s ~325 million weekly downloads. Security researchers from X41 D-Sec and Nemesis warn the flaw is widespread, with a scanner available to detect exposed systems. Users should upgrade Starlette and apply recommended mitigations.

Nvidia pushes urgent GPU driver updates to fix high-severity flaws
technology1 month ago

Nvidia pushes urgent GPU driver updates to fix high-severity flaws

Nvidia disclosed 15 security vulnerabilities across Windows and Linux graphics drivers, with nine rated high-severity that could enable system compromise, data exfiltration, or arbitrary code execution. To mitigate, modern GeForce GPUs should update to driver 596.36 (Windows users may already have 596.49 if prompted), while GTX 10‑series and older GPUs should use 482.53; Linux users should target 590.48 and verify with nvidia-smi or nvidia-settings, updating via the OS package manager. The bulletin also covers non-gaming GPUs like Quadro, NVS, and Tesla.

Leak of unfixed Chromium bug enables JavaScript after browser close
technology1 month ago

Leak of unfixed Chromium bug enables JavaScript after browser close

Google unintentionally exposed details of an unfixed Chromium vulnerability that can let a Service Worker keep executing JavaScript after the browser is closed, enabling remote code execution and potential botnet-like abuse across all Chromium-based browsers. Despite reports of a fix, researchers found the issue still exploitable in some builds, prompting urgent patching efforts and highlighting that attackers could exploit it with minimal user interaction; Google awarded a bug bounty, and the disclosure raised broad risk though it doesn’t grant access to emails or the host OS.

Exposed ChromaDB servers hit by high-severity RCE via post-load authentication bypass
security1 month ago

Exposed ChromaDB servers hit by high-severity RCE via post-load authentication bypass

A max-severity vulnerability in ChromaDB’s Python FastAPI server (CVE-2026-45829) lets unauthenticated attackers load a malicious model and run code before authentication, enabling remote code execution on exposed servers. The flaw affects the PyPI package (nearly 14 million monthly downloads); mitigations include using the Rust frontend or restricting network access, and validating models before runtime. Patch status is unclear after version 1.5.9, and Shodan shows about 73% of internet-exposed instances are still vulnerable.

Public exploit for long-unpatched Chromium flaw threatens millions
technology1 month ago

Public exploit for long-unpatched Chromium flaw threatens millions

Google published exploit code for a long-unpatched Chromium vulnerability that uses the Browser Fetch API to trigger a persistent backdoor via malicious sites, potentially turning millions of Chromium-based browsers into a botnet; disclosed in 2022 and rated S1, the flaw remained unfixed for 29 months, affecting Chrome, Edge and other Chromium-based browsers while Firefox and Safari are unaffected.

Drupal unveils urgent core patch to curb high-risk exploit
technology1 month ago

Drupal unveils urgent core patch to curb high-risk exploit

Drupal has issued a critical core security release to fix a high-exploitation vulnerability affecting Drupal 8 and newer. Administrators should plan to apply the update on May 20 UTC, upgrading to at least Drupal 10.6 or using hotfixes for older 9.x/8.x where available. Patches are released for 11.3.x, 11.2.x, 11.1.x, 10.6.x, 10.5.x, and 10.4.x; Drupal 8/9 are end-of-life and won’t receive patches, though hotfixes will be published for 9.5 and 8.9. Drupal Steward customers are protected but should still update. No technical vulnerability details are disclosed yet; admins should monitor Drupal’s security portal for official guidance.

Admin Access Wipeout: Burst Statistics Plugin Flaw Exposes WordPress to Takeover
cybersecurity1 month ago

Admin Access Wipeout: Burst Statistics Plugin Flaw Exposes WordPress to Takeover

A critical vulnerability in the Burst Statistics WordPress plugin (versions 3.4.0–3.4.1.1, CVE-2026-8181) allows unauthenticated attackers to bypass authentication and impersonate an administrator via crafted REST API requests, potentially creating a new admin account and taking over a site. Discovered May 8, 2026 by Wordfence’s PRISM, it was patched in version 3.4.2 on May 12, 2026. The flaw stems from improper handling of authentication in the MainWP integration, enabling exploitation across REST endpoints. admins should immediate patch to 3.4.2+, audit user accounts, and monitor logs to prevent compromise.