24h | 7d | 30d

Overview

  • SonicWall
  • SMA1000

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS
Pending
EPSS
1.40%

Description

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

Statistics

  • 12 Posts
  • 9 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

SonicWall SMA1000 SSRF flaw CVE-2026-15409 (CVSS 10.0) is exploited in the wild. Upgrade to hotfix 12.4.3-03453 or 12.5.0-02835 now.

securityonline.info/sonicwall-

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback

🚨 Two actively exploited zero-days affecting SonicWall SMA1000 appliances: CVE-2026-15409 (CVSS 10.0) and CVE-2026-15410 (CVSS 7.2)

I’ve created vulnerability detection templates here (with confidence levels):
CVE-2026-15409: github.com/rxerium/rxerium-tem
CVE-2026-15410: github.com/rxerium/rxerium-tem

CVE-2026-15409 is remotely exploitable without authentication, while CVE-2026-15410 requires an authenticated administrator.

  • 0
  • 1
  • 0
  • 12h ago
Profile picture fallback

En las últimas 24 horas, vulnerabilidades críticas en Microsoft SharePoint y SonicWall SMA1000 han sido explotadas, poniendo en riesgo sistemas empresariales; GitHub enfrenta una ola de repositorios maliciosos que roban credenciales, mientras un ciberataque impactó la infraestructura de la mayor empresa de taxis en Japón; además, el debate ético sobre algoritmos en operativos policiales gana fuerza. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 15/07/26 📆 |====

🔓 VULNERABILIDAD CRÍTICA EN MICROSOFT SHAREPOINT: BYPASS DE AUTENTICACIÓN JWT

Rapid7 Labs ha identificado una grave vulnerabilidad en Microsoft SharePoint que permite la ejecución remota de código sin necesidad de autenticación, explotando dos fallos en la gestión de tokens JWT. La amenaza podría comprometer la integridad de sistemas empresariales que dependen de esta plataforma, por lo que se recomienda aplicar los parches oficiales de inmediato para evitar posibles intrusiones. Protege tus entornos críticos actualizando cuanto antes. Descubre todos los detalles y cómo proteger tu sistema aquí 👉 djar.co/AneU

🐙 GITHUB INFESTADO: CIENTOS DE REPOSITORIOS MALICIOSOS SIMULAN SOFTWARE LEGÍTIMO

Una campaña masiva ha sido detectada en GitHub, donde cerca de 300 repositorios falsos suplantan proyectos legítimos y herramientas de seguridad, distribuyendo malware tipo infostealer capaz de robar credenciales y datos sensibles. Esta estrategia busca engañar a desarrolladores y usuarios confiados para infectar sus dispositivos. Aprende a identificar estos riesgos y a proteger tus entornos de desarrollo leyendo el análisis completo aquí 👉 djar.co/6wOunr

⚠️ ALERTA DE SEGURIDAD: VULNERABILIDADES EN DISPOSITIVOS SONICWALL SMA1000 EXPLOTADAS EN ATAQUES ZERO-DAY

SonicWall ha alertado sobre dos vulnerabilidades críticas, CVE-2026-15409 y CVE-2026-15410, siendo activamente explotadas en ataques de día cero contra dispositivos SMA1000. Estos fallos permiten a atacantes comprometer redes empresariales con potencial acceso remoto no autorizado. La empresa recomienda encarecidamente aplicar los parches de seguridad disponibles sin demora para evitar brechas que pueden derivar en pérdidas de datos sensibles. Protege tus firewalls y sistemas consultando la guía de actualización aquí 👉 djar.co/NRw1b

🔐 ACTUALIZACIÓN SOBRE ATAQUES DE RANSOMWARE HASTA EL 14 DE JULIO DE 2026

Se presenta un resumen detallado de las técnicas y vectores utilizados en ataques de ransomware recientes, con especial énfasis en las tendencias observadas en las últimas semanas. Además, se ofrecen recomendaciones prácticas y estratégicas para fortalecer las defensas contra estas amenazas que continúan afectando organizaciones a nivel global. Mantente informado y aprende cómo blindar tu sistema contra estas amenazas leyendo la actualización completa aquí 👉 djar.co/ScDr52

🚖 CIBERATAQUE EN JAPÓN OBLIGA A CERRAR SISTEMAS DE LA MAYOR EMPRESA DE TAXIS

Nihon Kotsu, el principal operador de taxis en Japón, ha sufrido un ciberataque que comprometió sus sistemas operativos, forzando a la compañía a desconectar partes esenciales de su infraestructura para contener el impacto. Este incidente pone en evidencia la creciente necesidad de robustecer la ciberseguridad en empresas de servicios críticos para evitar interrupciones masivas. Conoce qué sucedió y cuáles son las lecciones para proteger servicios urbanos vitales aquí 👉 djar.co/FOvs

⚖️ DEBATE SOBRE TECNOLOGÍA Y ÉTICA: EL CASO DE JOHAN SEBASTIAN GUERRERO Y EL IMPACTO DE LOS ALGORITMOS EN OPERATIVOS POLICIALES

La trágica muerte de Johan Sebastian Guerrero durante una operación del ICE ha reavivado el debate sobre el uso de Big Data, algoritmos y vigilancia tecnológica en actividades policiales y de control migratorio. Este caso cuestiona la fiabilidad y la ética detrás de las decisiones automatizadas que pueden afectar vidas humanas, instando a revisar y ajustar estas tecnologías para evitar consecuencias fatales. Profundiza en este análisis crítico y sus implicaciones aquí 👉 djar.co/Q6SIpC

  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback

SonicWall Warns of Actively Exploited SMA 1000 Zero-Days as CISA Adds Flaws to KEV Catalog

SonicWall has patched two actively exploited SMA 1000 zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410. CISA added both to KEV

thecybersecguru.com/news/sonic

  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture fallback
📢⚠️ Sicherheitshinweis: #SonicWall veröffentlichte am 14.07.2026 ein Advisory zu seiner SMA1000-Produktserie & führt darin auf, dass die Modelle 6210, 7210 & 8200v durch zwei neu entdeckte Zero-Day #Schwachstellen (CVE-2026-15409, CVE-2026-1541) verwundbar sind. 👉️ www.bsi.bund.de/dok/1203248
  • 1
  • 5
  • 2
  • 9h ago
Profile picture fallback
SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates.
  • 0
  • 2
  • 0
  • 22h ago
Profile picture fallback
SonicWall reports active zero-day exploitation of SMA1000 flaws CVE-2026-15409 and CVE-2026-15410. CISA has added both to KEV, and affected devices may need re-imaging if compromised. #SonicWall #SMA1000 #CISA
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
SonicWall SMAのゼロデイが悪用される(CVE-2026-15409、CVE-2026-15410) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/46662/
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
SonicWall SMAアプライアンスがゼロデイ攻撃の標的に(CVE-2026-15409、CVE-2026-15410) SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410) #HelpNetSecurity (Jul 14) www.helpnetsecurity.com/2026/07/14/s...
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
SonicWall confirms active exploitation of CVE-2026-15409 (CVSS 10 SSRF) and CVE-2026-15410 (code injection) in SMA 1000. Identify every exposed appliance, hotfix it, preserve logs, and investigate unexpected appliance-to-internal traffic.
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
7.05%

Description

Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.

Statistics

  • 9 Posts
  • 1 Interaction

Last activity: 1 hour ago

Fediverse

Profile picture fallback

CISA has added the critical CVE-2026-56164 vulnerability in Microsoft SharePoint Server to its Known Exploited Vulnerabilities catalog due to active, unauthenticated remote privilege escalation attacks. Organizations must implement necessary patches or mitigations by the July 17, 2026, deadline to secure their internet-facing infrastructure.
cybersecuritynews.com/sharepoi

  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback

Microsoft's July 2026 Patch Tuesday fixes 570 flaws. Zero-days CVE-2026-56155 and CVE-2026-56164 are exploited in the wild. Patch now.

securityonline.info/july-2026-

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback

📰 Microsoft's July 2026 Patch Tuesday Fixes 570+ Flaws, Two Zero-Days

Microsoft's record-breaking July 2026 Patch Tuesday addresses 570+ vulnerabilities. Two zero-days are actively exploited: CVE-2026-56155 (AD FS) and CVE-2026-56164 (SharePoint). Both are in CISA's KEV catalog. Patch now. #PatchTuesday #ZeroDay

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/mi

  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback

CISA warns SharePoint vulnerabilities CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164 are exploited in the wild. Patch and harden servers now.

securityonline.info/cisa-share

  • 0
  • 1
  • 0
  • 18h ago
Profile picture fallback

These security flaws (tracked as CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164) affect all supported self-hosted SharePoint Server versions. bleepingcomputer.com/news/secu

  • 0
  • 0
  • 1
  • 6h ago

Bluesky

Profile picture fallback
CISA urges immediate patching of exploited Microsoft SharePoint zero-days, including CVE-2026-56164, and recommends monitoring, intrusion hunting, and IIS machine key rotation.
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
CVE-2026-56164 (CISA KEV): unauthenticated privilege escalation in on-prem Microsoft SharePoint, chained in the wild to RCE, IIS key theft & persistence. Exploited a zero-day in Microsoft's record July Patch Tuesday. Patch now & enable AMSI Full Mode. Query: technology="Microsoft SharePoint"
  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
「この内 CVE-2026-56155、CVE-2026-56164 の脆弱性について、Microsoft 社では悪用の事実を確認済みと公表しており、今後被害が拡大するおそれがあるため、至急、セキュリティ更新プログラムを適用してください。」
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • SonicWall
  • SMA1000

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS
Pending
EPSS
1.65%

Description

Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.

Statistics

  • 8 Posts
  • 3 Interactions

Last activity: 1 hour ago

Fediverse

Profile picture fallback

🚨 Two actively exploited zero-days affecting SonicWall SMA1000 appliances: CVE-2026-15409 (CVSS 10.0) and CVE-2026-15410 (CVSS 7.2)

I’ve created vulnerability detection templates here (with confidence levels):
CVE-2026-15409: github.com/rxerium/rxerium-tem
CVE-2026-15410: github.com/rxerium/rxerium-tem

CVE-2026-15409 is remotely exploitable without authentication, while CVE-2026-15410 requires an authenticated administrator.

  • 0
  • 1
  • 0
  • 12h ago
Profile picture fallback

En las últimas 24 horas, vulnerabilidades críticas en Microsoft SharePoint y SonicWall SMA1000 han sido explotadas, poniendo en riesgo sistemas empresariales; GitHub enfrenta una ola de repositorios maliciosos que roban credenciales, mientras un ciberataque impactó la infraestructura de la mayor empresa de taxis en Japón; además, el debate ético sobre algoritmos en operativos policiales gana fuerza. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 15/07/26 📆 |====

🔓 VULNERABILIDAD CRÍTICA EN MICROSOFT SHAREPOINT: BYPASS DE AUTENTICACIÓN JWT

Rapid7 Labs ha identificado una grave vulnerabilidad en Microsoft SharePoint que permite la ejecución remota de código sin necesidad de autenticación, explotando dos fallos en la gestión de tokens JWT. La amenaza podría comprometer la integridad de sistemas empresariales que dependen de esta plataforma, por lo que se recomienda aplicar los parches oficiales de inmediato para evitar posibles intrusiones. Protege tus entornos críticos actualizando cuanto antes. Descubre todos los detalles y cómo proteger tu sistema aquí 👉 djar.co/AneU

🐙 GITHUB INFESTADO: CIENTOS DE REPOSITORIOS MALICIOSOS SIMULAN SOFTWARE LEGÍTIMO

Una campaña masiva ha sido detectada en GitHub, donde cerca de 300 repositorios falsos suplantan proyectos legítimos y herramientas de seguridad, distribuyendo malware tipo infostealer capaz de robar credenciales y datos sensibles. Esta estrategia busca engañar a desarrolladores y usuarios confiados para infectar sus dispositivos. Aprende a identificar estos riesgos y a proteger tus entornos de desarrollo leyendo el análisis completo aquí 👉 djar.co/6wOunr

⚠️ ALERTA DE SEGURIDAD: VULNERABILIDADES EN DISPOSITIVOS SONICWALL SMA1000 EXPLOTADAS EN ATAQUES ZERO-DAY

SonicWall ha alertado sobre dos vulnerabilidades críticas, CVE-2026-15409 y CVE-2026-15410, siendo activamente explotadas en ataques de día cero contra dispositivos SMA1000. Estos fallos permiten a atacantes comprometer redes empresariales con potencial acceso remoto no autorizado. La empresa recomienda encarecidamente aplicar los parches de seguridad disponibles sin demora para evitar brechas que pueden derivar en pérdidas de datos sensibles. Protege tus firewalls y sistemas consultando la guía de actualización aquí 👉 djar.co/NRw1b

🔐 ACTUALIZACIÓN SOBRE ATAQUES DE RANSOMWARE HASTA EL 14 DE JULIO DE 2026

Se presenta un resumen detallado de las técnicas y vectores utilizados en ataques de ransomware recientes, con especial énfasis en las tendencias observadas en las últimas semanas. Además, se ofrecen recomendaciones prácticas y estratégicas para fortalecer las defensas contra estas amenazas que continúan afectando organizaciones a nivel global. Mantente informado y aprende cómo blindar tu sistema contra estas amenazas leyendo la actualización completa aquí 👉 djar.co/ScDr52

🚖 CIBERATAQUE EN JAPÓN OBLIGA A CERRAR SISTEMAS DE LA MAYOR EMPRESA DE TAXIS

Nihon Kotsu, el principal operador de taxis en Japón, ha sufrido un ciberataque que comprometió sus sistemas operativos, forzando a la compañía a desconectar partes esenciales de su infraestructura para contener el impacto. Este incidente pone en evidencia la creciente necesidad de robustecer la ciberseguridad en empresas de servicios críticos para evitar interrupciones masivas. Conoce qué sucedió y cuáles son las lecciones para proteger servicios urbanos vitales aquí 👉 djar.co/FOvs

⚖️ DEBATE SOBRE TECNOLOGÍA Y ÉTICA: EL CASO DE JOHAN SEBASTIAN GUERRERO Y EL IMPACTO DE LOS ALGORITMOS EN OPERATIVOS POLICIALES

La trágica muerte de Johan Sebastian Guerrero durante una operación del ICE ha reavivado el debate sobre el uso de Big Data, algoritmos y vigilancia tecnológica en actividades policiales y de control migratorio. Este caso cuestiona la fiabilidad y la ética detrás de las decisiones automatizadas que pueden afectar vidas humanas, instando a revisar y ajustar estas tecnologías para evitar consecuencias fatales. Profundiza en este análisis crítico y sus implicaciones aquí 👉 djar.co/Q6SIpC

  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback

SonicWall Warns of Actively Exploited SMA 1000 Zero-Days as CISA Adds Flaws to KEV Catalog

SonicWall has patched two actively exploited SMA 1000 zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410. CISA added both to KEV

thecybersecguru.com/news/sonic

  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture fallback
SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates.
  • 0
  • 2
  • 0
  • 22h ago
Profile picture fallback
SonicWall reports active zero-day exploitation of SMA1000 flaws CVE-2026-15409 and CVE-2026-15410. CISA has added both to KEV, and affected devices may need re-imaging if compromised. #SonicWall #SMA1000 #CISA
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
SonicWall SMAのゼロデイが悪用される(CVE-2026-15409、CVE-2026-15410) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/46662/
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
SonicWall SMAアプライアンスがゼロデイ攻撃の標的に(CVE-2026-15409、CVE-2026-15410) SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410) #HelpNetSecurity (Jul 14) www.helpnetsecurity.com/2026/07/14/s...
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
SonicWall confirms active exploitation of CVE-2026-15409 (CVSS 10 SSRF) and CVE-2026-15410 (code injection) in SMA 1000. Identify every exposed appliance, hotfix it, preserve logs, and investigate unexpected appliance-to-internal traffic.
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • ServiceNow
  • ServiceNow AI Platform

13 Jul 2026
Published
14 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.5)
EPSS
0.51%

KEV

Description

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform. ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners. We are not currently aware of exploitation against ServiceNow instances. We recommend customers promptly apply appropriate updates or upgrade to a patched release if they have not already done so.

Statistics

  • 2 Posts

Last activity: 1 hour ago

Fediverse

Profile picture fallback

CRITICAL RCE in ServiceNow AI platform (CVE-2026-6875) allows unauthenticated code execution. Patched — no active exploitation. Ivanti & Fortinet also released key updates. Patch all affected systems promptly. radar.offseq.com/threat/vulner

  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback

ServiceNow Patches Critical AI Platform RCE (CVE-2026-6875), Says No Active Exploitation Observed

ServiceNow has patched CVE-2026-6875, a critical AI platform sandbox escape vulnerability that could allow unauthenticated RCE

thecybersecguru.com/news/servi

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
MEDIUM (6.1)
EPSS
0.38%

KEV

Description

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Statistics

  • 2 Posts

Last activity: 12 hours ago

Fediverse

Profile picture fallback

Windows BitLocker Zero-Day Allows Physical Bypass of Disk Encryption (CVE-2026-50661)

Microsoft fixes CVE-2026-50661, a publicly disclosed BitLocker zero-day that allows attackers with physical access to bypass Windows disk encryption

thecybersecguru.com/news/bitlo

  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback

"Windows BitLocker 0‑Day Vulnerability Allows Hackers to Bypass Security Feature"

A newly disclosed Windows BitLocker 0‑day vulnerability, tracked as CVE-2026-50661, exposes encrypted devices to physical attacks that can completely undermine Microsoft’s… ift.tt/0Wkjtal

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Adobe
  • Illustrator Desktop 2026

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
0.39%

KEV

Description

Illustrator is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Statistics

  • 2 Posts

Last activity: 5 hours ago

Fediverse

Profile picture fallback

CRITICAL: CVE-2026-48334 impacts Adobe Illustrator Desktop 2026 (CVSS 9.3). Improper input validation lets attackers run code if a user opens a malicious file. No patch — open only trusted files. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback

CVE-2026-48334 - Critical RCE in Illustrator due to improper input validation. CVSS 9.3. User interaction required. No patch available yet. Do not open untrusted files. #CVE #Illustrator #infosec

valtersit.com/cve/CVE-2026-483

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.38%

Description

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

Statistics

  • 3 Posts

Last activity: 4 hours ago

Fediverse

Profile picture fallback

Microsoft's July 2026 Patch Tuesday fixes 570 flaws. Zero-days CVE-2026-56155 and CVE-2026-56164 are exploited in the wild. Patch now.

securityonline.info/july-2026-

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback

📰 Microsoft's July 2026 Patch Tuesday Fixes 570+ Flaws, Two Zero-Days

Microsoft's record-breaking July 2026 Patch Tuesday addresses 570+ vulnerabilities. Two zero-days are actively exploited: CVE-2026-56155 (AD FS) and CVE-2026-56164 (SharePoint). Both are in CISA's KEV catalog. Patch now. #PatchTuesday #ZeroDay

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/mi

  • 0
  • 0
  • 0
  • 4h ago

Bluesky

Profile picture fallback
「この内 CVE-2026-56155、CVE-2026-56164 の脆弱性について、Microsoft 社では悪用の事実を確認済みと公表しており、今後被害が拡大するおそれがあるため、至急、セキュリティ更新プログラムを適用してください。」
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Adobe
  • Illustrator Desktop 2026

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.14%

KEV

Description

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

CVE-2026-48336 - High severity out-of-bounds write in Illustrator. Could lead to arbitrary code execution. CVSS 7.8. Update immediately. #CVE #Adobe #infosec

valtersit.com/cve/CVE-2026-483

  • 2
  • 0
  • 0
  • 2h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 8 hours ago

Fediverse

Profile picture fallback

🚨 Weekly Security Update: July 13, 2026. This week, we dive deep into the fallout from Patch Tuesday, specifically looking at AI-integrated kernel vulnerabilities and a critical RCE in the Gin Gonic framework (CVE-2026-44021). Keep your systems secure and stay informed. Read the full report on CVEDatabase: cvedatabase.com/blog/cybersecu #Cybersecurity #InfoSec #RCE #PatchTuesday #AI ...

  • 2
  • 0
  • 0
  • 8h ago

Overview

  • F5
  • NGINX Plus

15 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
Pending

KEV

Description

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Impact: This vulnerability may allow remote attackers to cause a denial-of-service (DoS) on the NGINX system or to possibly trigger a code execution. There is no control plane exposure; this is a data plane issue only.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

That's a lot of Fixes introduced in: NONE.

my.f5.com/manage/s/article/K00

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. (CVE-2026-42533)

my.f5.com/manage/s/article/K00

  • 1
  • 2
  • 0
  • 2h ago
Showing 1 to 10 of 66 CVEs