Overview
Description
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
Statistics
- 1 Post
Last activity: 2 hours ago
Overview
- @fastify/http-proxy
- @fastify/http-proxy
18 Jul 2026
Published
18 Jul 2026
Updated
CVSS v3.1
HIGH (8.7)
EPSS
Pending
KEV
Description
Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which collapses dot segments, so a crafted upgrade request with path traversal sequences can escape the rewrite prefix and reach upstream endpoints that were not meant to be exposed by the proxy. This is a variant of CVE-2021-21322 in a code path that never went through the HTTP fix in fastify/reply-from. Exploitation requires a non-normalizing WebSocket client, since browsers and the ws package normalize the request path before sending, but raw HTTP clients or downstream proxies that forward the request target unchanged make the attack reachable in production topologies.
Patches: upgrade to @fastify/http-proxy 11.6.0.
Workarounds: none.
Statistics
- 2 Posts
Last activity: 5 hours ago
Fediverse
🚨 High-severity security fix in @fastify/http-proxy@11.6.0 just released!
Patches CVE-2026-15631, prefix escape via WebSocket path traversal.
https://github.com/fastify/fastify-http-proxy/security/advisories/GHSA-7hrw-592w-9wh2
Overview
- IBM
- Langflow OSS
17 Jul 2026
Published
17 Jul 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.21%
KEV
Description
IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Statistics
- 1 Post
Last activity: 8 hours ago
Fediverse
CVE-2026-13446: IBM Langflow OSS 1.0.0 – 1.10.1 contains hard-coded credentials (CRITICAL, CVSS 9.8). Total system compromise possible. No patch yet — restrict access, monitor activity. More: https://radar.offseq.com/threat/cve-2026-13446-cwe-798-use-of-hard-coded-credentia-e33f708cc1420dc3 #OffSeq #Vuln #Cybersecurity #IBM
Overview
Description
ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue.
Statistics
- 1 Post
Last activity: 5 hours ago
Overview
- Zoom Communications
- Zoom Workplace for Windows
16 Jul 2026
Published
17 Jul 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.51%
KEV
Description
Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.
Statistics
- 1 Post
Last activity: 19 hours ago
Bluesky
📢 Zoom : vulnérabilité critique CVE-2026-53412 permettant la prise de contrôle de comptes
📝 ## 🔍 Contexte
Source : BleepingComputer — publié l…
https://cyberveille.ch/posts/2026-07-18-zoom-vulnerabilite-critique-cve-2026-53412-permettant-la-prise-de-controle-de-comptes/ #CVE_2026_53409 #Cyberveille
Overview
- Zoom Communications
- Zoom Rooms
16 Jul 2026
Published
17 Jul 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.15%
KEV
Description
Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access.
Statistics
- 1 Post
Last activity: 19 hours ago
Bluesky
📢 Zoom : vulnérabilité critique CVE-2026-53412 permettant la prise de contrôle de comptes
📝 ## 🔍 Contexte
Source : BleepingComputer — publié l…
https://cyberveille.ch/posts/2026-07-18-zoom-vulnerabilite-critique-cve-2026-53412-permettant-la-prise-de-controle-de-comptes/ #CVE_2026_53409 #Cyberveille