Max severity Cisco Secure Workload flaw gives Site Admin privileges
Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges. [.
Vulnerability Disclosure
20 articles
Cisco Patches Critical Vulnerability in Secure Workload
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Cri...
Apache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication Bypass
A critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE...
ABB B&R Automation Studio
View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outda...
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveri...
ASAPP expands adversarial testing for enterprise AI systems
ASAPP has launches Continuous Red Teaming, a new capability that integrates adversarial AI testing directly into ASAPP’s model evaluation framework. The new ...
Critical Drupal Vulnerability Could Leave Sites Open to Cyberattack
The Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026...
PoC Released for PinTheft Linux Flaw Enabling Root Privilege Escalation
A public proof-of-concept (PoC) exploit called “PinTheft” has been released for a newly disclosed Linux kernel flaw that allows local attackers to escalate p...
[webapps] Cockpit 359 - RCE
Cockpit 359 - RCE
[webapps] FUXA 1.2.9 - RCE
FUXA 1.2.
The Vulnerability Flood Is Now a Board Conversation. Here's How to Lead It.
Learn how intelligence-led programs address the "vulnerability flood" and win the board conversation by prioritizing and fixing what actually matters.
The Vulnerability Flood Is Now a Board Conversation. Here's How to Lead It.
Boards are asking about AI-driven vulnerability discovery. The leaders who answer that question well will come out with more credibility and more resources.
Drupal admins rushing to patch maximum severity SQL injection vulnerability
Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today to fix a “highly critical” SQL in...
PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately.
Cisco Nexus 3000 and 9000 Series Switches Border Gateway Protocol Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in sta...
Cisco Secure Workload Unauthorized API Access Vulnerability
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resour...
Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on ...
Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection Vulnerability
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary ...
Max-severity vulnerability in ChromaDB allows unauthenticated remote code execution
The vulnerability affects the Python API server logic within the PyPI package, which sees nearly 14 million monthly downloads.
Drupal releases emergency security update amid exploit concerns
While the specific type of vulnerability has not been disclosed, the urgency of the advisory suggests a serious flaw with a potentially short window between ...