Overview
- ServiceNow
- ServiceNow AI Platform
Description
Statistics
- 4 Posts
- 5 Interactions
Fediverse
I fucking hate delayed advisories like this. Do better, ServiceNow.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB3137947
ServiceNow has addressed a critical remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability, tracked as CVE-2026-6875, could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform.
https://www.cve.org/CVERecord?id=CVE-2026-6875
sev:CRIT 9.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVE-2026-6875 (CVSS 9.5) is a ServiceNow sandbox escape in the AI Platform that allows unauthenticated remote code execution. Patch now.
#ServiceNow #CVE20266875 #RemoteCodeExecution #SandboxEscape #CyberSecurity
ServiceNow security advisory AV26-693 addresses a critical sandbox escape vulnerability affecting multiple versions of their AI platform products. Users and administrators are urged to apply the necessary security updates to mitigate risks identified in CVE-2026-6875.
https://www.cyber.gc.ca/en/alerts-advisories/servicenow-security-advisory-av26-693
Overview
- Gitea
- Gitea Open Source Git Server
Description
Statistics
- 3 Posts
- 7 Interactions
Fediverse
Ein Header genügt: Wie Gitea und Forgejo jedem Fremden die Admin-Rechte schenkten
Ein gefälschter HTTP-Header genügte monatelang, um sich in Gitea und Forgejo zum Admin zu machen, ganz ohne Passwort. CVE-2026-20896 hat einen CVSS-Wert von 9.8. Gitea ist seit dem 21. Juni gepatcht, Forgejo hängt weiter in der Luft. Was du an deiner Konfiguration sofort prüfen musst.
#chrislo #ITSicherheit #ServerInfrastruktur #Gitea #Forgejo #Docker #SelfHosting #CVE #ReverseProxy #OpenSource #Codeberg
Ein Header genügt: Wie Gitea und Forgejo jedem Fremden die Admin-Rechte schenkten
Ein gefälschter HTTP-Header genügte monatelang, um sich in Gitea und Forgejo zum Admin zu machen, ganz ohne Passwort. CVE-2026-20896 hat einen CVSS-Wert von 9.8. Gitea ist seit dem 21. Juni gepatcht, Forgejo hängt weiter in der Luft. Was du an deiner Konfiguration sofort prüfen musst.
chrislo.de/blog/2026-07-14-20-…
#chrislo #ITSicherheit #ServerInfrastruktur #Gitea #Forgejo #Docker #SelfHosting #CVE #ReverseProxy #OpenSource #Codeberg
Overview
- SAP_SE
- SAP NetWeaver Application Server ABAP
Description
Statistics
- 3 Posts
- 3 Interactions
Fediverse
CVE-2026-44747: CRITICAL out-of-bounds write in SAP NetWeaver AS ABAP (CVSS 9.9). Authenticated attackers can cause memory corruption — risking data & system availability. No patch. Restrict access, monitor activity. https://radar.offseq.com/threat/cve-2026-44747-cwe-787-out-of-bounds-write-in-saps-416e906d69e7435c #OffSeq #SAP #Vulnerability #InfoSec
SAP Security Patch Day July 2026 fixes CVE-2026-44747 (CVSS 9.9), a memory corruption flaw in NetWeaver AS ABAP, plus two more critical bugs.
#SAP #CVE202644747 #MemoryCorruption #NetWeaver #CyberSecurity
https://securityonline.info/sap-patch-day-july-2026/?utm_source=mastodon&utm_medium=jetpack_social
SAP July 2026 patch day delivers CRITICAL fixes: NetWeaver (CVE-2026-44747, memory corruption), Approuter (CVE-2026-27690, HTTP smuggling), Commerce Cloud (CVE-2026-44761, hardcoded creds). Patch ASAP. https://radar.offseq.com/threat/sap-patches-critical-vulnerabilities-in-netweaver--aa75f703df9065e4 #OffSeq #SAP #Vuln #PatchTuesday
Overview
- SAP_SE
- SAP Commerce Cloud
Description
Statistics
- 3 Posts
- 2 Interactions
Fediverse
SAP Commerce Cloud impacted by CRITICAL CVE-2026-44761 (CVSS 9.1): Default OAuth2 credentials can let unauthenticated attackers access APIs & modify data. Change/remove sample creds now. No patch yet. https://radar.offseq.com/threat/cve-2026-44761-cwe-1392-use-of-default-credentials-009b0a23096bbf37 #OffSeq #SAP #OAuth2 #Vuln
SAP July 2026 patch day delivers CRITICAL fixes: NetWeaver (CVE-2026-44747, memory corruption), Approuter (CVE-2026-27690, HTTP smuggling), Commerce Cloud (CVE-2026-44761, hardcoded creds). Patch ASAP. https://radar.offseq.com/threat/sap-patches-critical-vulnerabilities-in-netweaver--aa75f703df9065e4 #OffSeq #SAP #Vuln #PatchTuesday
Overview
- tenable
- tenable_agent
Description
Statistics
- 1 Post
- 17 Interactions
Fediverse
https://nvd.nist.gov/vuln/detail/CVE-2026-15265
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
A path traversal vulnerability in Tenable Agent 11.2.0 and 11.1.3 and lower allows a privileged attacker to write arbitrary files outside the intended plugin directory, potentially leading to remote code execution.
Overview
Description
Statistics
- 2 Posts
- 6 Interactions
Fediverse
A normal Thursday, 8:29 AM: a Slack message about CVE-2026-31431, "Copy Fail", a Linux kernel 0-day. A few lines of Python turn an unprivileged user into root – being a 0-day, no patch existed yet.
One engineer verified the exploit, one researched the fix, one rolled it out, one checked the fleet and one tested it, all within about an hour. No escalation, no drama. NKE and Deploio ran on Flatcar Container Linux, unaffected.
nine.ch/en/blog/linux-kernel-0day-copy-fail/
Overview
- Monsta Limited of New Zealand
- Monsta FTP
Description
Statistics
- 1 Post
- 4 Interactions
Fediverse
New vuln disclosure out from
@chocapikk_: Unauth SSRF in Monsta FTP (CVE-2026-60105), makes for a nice primitive. Silently fixed a couple weeks ago, go figure. Full details + PoC out on the @vulncheck blog: https://www.vulncheck.com/blog/monsta-ftp-ssrf-ipv6-blocklist-bypass
Overview
- decolua
- 9Router
Description
Statistics
- 1 Post
- 2 Interactions
Fediverse
decolua 9Router <=0.4.41 hit by CVE-2026-59801 (CRITICAL): Missing authentication on provider APIs lets remote attackers control connections, steal creds, or disrupt service. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-59801-missing-authentication-for-critical-0c4298ad3568d21f #OffSeq #infosec #CVE #routersecurity
Overview
- Eclipse Foundation
- Eclipse BaSyx - Java Server SDK
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
Eclipse BaSyx Java Server SDK (MongoDB backend) CRITICAL vuln: CVE-2026-57898 (CVSS 9.0) allows unauthenticated path traversal & arbitrary file writes — potential RCE. Upgrade to 2.0.0-milestone-13. Details: https://radar.offseq.com/threat/cve-2026-57898-cwe-22-improper-limitation-of-a-pat-230a166ac74035f0 #OffSeq #Vuln #Java #Eclipse
Overview
- MariaDB
- server
Description
Statistics
- 1 Post
- 1 Interaction