24h | 7d | 30d

Overview

  • Pending

05 Aug 2024
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
83.39%

Description

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

China-aligned group UNK_MassTraction is actively exploiting critical Roundcube vulnerabilities (CVE-2024-42009, CVE-2025-49113) to target physics and engineering departments at U.S. and Canadian universities. Attackers are stealing credentials and deploying web shells for persistent access. If your…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • BeyondTrust
  • Remote Support

06 Jul 2026
Published
07 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.42%

KEV

Description

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

📰 BeyondTrust Patches Critical Flaws in Remote Support and Privileged Access Tools

🚨 URGENT: BeyondTrust patches two CRITICAL auth bypass flaws (CVE-2026-40138, CVE-2026-40139) in its Remote Support & Privileged Remote Access tools. Unauthenticated remote access is possible. Patch NOW. #Vulnerability #PAM #CyberSecurity

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/be

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • joomshaper.net
  • SP Page Builder extension for Joomla

20 Jun 2026
Published
08 Jul 2026
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
0.80%

Description

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture fallback

CRITICAL vulnerabilities in Adobe ColdFusion (CVE-2026-48282), Langflow (CVE-2026-55255), Joomla SP Page Builder (CVE-2026-48908), & Page Builder CK (CVE-2026-56290) are being actively exploited for remote code execution & backdoors. Patch ASAP! radar.offseq.com/threat/cisa-u

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • joomlack.fr
  • JoomlaCK.fr Page Builder CK extension for Joomla

29 Jun 2026
Published
08 Jul 2026
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
0.36%

Description

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture fallback

CRITICAL vulnerabilities in Adobe ColdFusion (CVE-2026-48282), Langflow (CVE-2026-55255), Joomla SP Page Builder (CVE-2026-48908), & Page Builder CK (CVE-2026-56290) are being actively exploited for remote code execution & backdoors. Patch ASAP! radar.offseq.com/threat/cisa-u

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
02 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
Pending

KEV

Description

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials, leading to cross-tenant billing and accountability misattribution.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.31%

KEV

Description

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
Pending

KEV

Description

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
Pending

KEV

Description

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • IBM
  • Langflow OSS

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
Langflowに重大な脆弱性6件、IBMが発見-未認証RCEからAPIキーの越境流用まで広範囲に影響(CVE-2026-10134、CVE-2026-7803、CVE-2026-7871、CVE-2026-7873、CVE-2026-10140、CVE-2026-7663) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 8h ago
Showing 41 to 50 of 50 CVEs