The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Possible ACR Stealer From Page Impersonating Claude

Published: 2026-05-26

Last Updated: 2026-05-26 00:01:48 UTC

by Brad Duncan (Version: 1)

Introduction

In recent weeks, I've searched for pages impersonating Claude that distribute malware. In recent weeks, I've reliably found these sites through malicious ads in Google searches that lead to these pages, often concealed in URLs for sites.google[.]com, such as this example from 2026-05-11.

These fake Claude pages generally show instructions for macOS malware when viewed through a macOS system, and they will show instructions for Windows malware when viewed through a Windows system. Today's dairy shows an example of Windows malware from one of these pages seen on Monday, 2026-05-25. Based on the C2 domain for post-infection traffic, this appears to be an infection for ACR Stealer.

Images ...

Read the full entry: https://isc.sans.edu/diary/Possible+ACR+Stealer+From+Page+Impersonating+Claude/33018/

TeamPCP Supply Chain Campaign: Activity Through 2026-05-24

Published: 2026-05-25

Last Updated: 2026-05-25 13:26:06 UTC

by Kenneth Hartman (Version: 1)

TeamPCP now operates across three package ecosystems in parallel, it reached GitHub's own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub.

Bottom line up front

Three escalations stacked inside a single week. First, GitHub's CISO Alexis Wales publicly named a malicious Nx Console VS Code extension build (v18.95.0, publisher nrwl[.]angular-console, verified-publisher badge, roughly 2.2 million installs) as the root of an intrusion that exfiltrated approximately 3,800 GitHub-internal repositories; OpenAI, Grafana Labs, and Mistral AI were named as downstream victims. The poisoned extension was live on the Visual Studio Marketplace for roughly 18 minutes. Second, an officially Microsoft-published Python SDK on PyPI (durabletask, the Azure Durable Functions client, roughly 417,000 monthly downloads) was trojanized across three versions (1.4.1 through 1.4.3) inside an approximately 35-minute window, and independent reporting characterizes the second-stage payload as carrying a Linux disk wiper. Third, the same operator pushed a third Mini Shai-Hulud wave through the @antv npm ecosystem: 639 malicious package versions across 323 packages, including echarts-for-react (roughly 1.1 million weekly downloads) and size-sensor (roughly 4.2 million weekly downloads). Action: rotate any developer or CI/CD credentials exposed during the windows below, stop treating publisher-verified or attestation badges as install-time safety signals, and inspect AI coding agent configuration files for persistence.

How this developed

The week opened with a credentials-to-publish chain that nobody had previously walked end-to-end in public. Reporting from BleepingComputer and Help Net Security ties OIDC credentials harvested in the May 11 TanStack wave to the Nx Console publish on May 18, which means the same operator that built the worm two weeks earlier used its loot to push a trojanized VS Code extension through a verified-publisher account. In parallel, the same operator poisoned the @antv npm ecosystem through a compromised maintainer account ("atool") and dropped a trojanized build of Microsoft's own durabletask SDK on PyPI. Within 72 hours, GitHub itself, Microsoft, and several named AI-lab developer endpoints were affected. By Friday, multiple vendors reported the Shai-Hulud framework source had been published to GitHub, and copycat forks were already running.

What changed, by theme ...

Read the full entry: https://isc.sans.edu/diary/TeamPCP+Supply+Chain+Campaign+Activity+Through+20260524/33016/

An Example of Stack String in High Level Language

Published: 2026-05-23

Last Updated: 2026-05-23 05:49:17 UTC

by Xavier Mertens (Version: 1)

This week, I’m attending the SEC670 training (“Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control”). From my point of view, this training fits perfectly with FOR610 or FOR710 (malware analysis) because it addresses malware from the opposite: Instead of performing reverse engineering, you write malicious code! Always interesting to have another point of view.

Many techniques used by threat actors are often discovered while reversing the malware code and are read in assembly. A perfect example are stack strings. This is a malware obfuscation technique where strings are constructed dynamically at runtime by assigning individual characters or bytes directly onto the stack, rather than storing them as contiguous string literals in the binary's static data sections. Read: they won’t be detected by simple tools like “strings” or “pestr”.

From an assembly code point of view, a stack string looks like this ...

Read the full entry: https://isc.sans.edu/diary/An+Example+of+Stack+String+in+High+Level+Language/33008/

Microsoft Access VBA (2026.05.25)

https://isc.sans.edu/diary/Microsoft+Access+VBA/33012/

Wireshark 4.6.6 Released (2026.05.24)

https://isc.sans.edu/diary/Wireshark+466+Released/33010/

Cross-Platform NPM Stealer (2026.05.22)

https://isc.sans.edu/diary/CrossPlatform+NPM+Stealer/33006/

Selective HTTP Proxying in Linux (2026.05.21)

https://isc.sans.edu/diary/Selective+HTTP+Proxying+in+Linux/33002/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2026-41091 - Microsoft Defender Elevation of Privilege Vulnerability

Product: Microsoft Malware Protection Engine

CVSS Score: 7.8

** KEV since 2026-05-20 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41091

ISC Podcast: https://isc.sans.edu/podcastdetail/9942

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091

NVD References: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41091

CVE-2026-45498 - Microsoft Defender Denial of Service Vulnerability

Product: Microsoft Defender Antimalware Platform

CVSS Score: 4.0

** KEV since 2026-05-20 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45498

ISC Podcast: https://isc.sans.edu/podcastdetail/9942

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498

NVD References: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45498

CVE-2026-9082 - Drupal core is vulnerable to SQL Injection from version 8.9.0 to 11.3.10.

Product: Drupal

CVSS Score: 9.8

** KEV since 2026-05-22 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-9082

NVD References:

- https://www.drupal.org/sa-core-2026-004

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-9082

CVE-2026-8495 - Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.

Product: Drupal Date iCal

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8495

NVD References: https://www.drupal.org/sa-contrib-2026-037

CVE-2026-48172 - LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root) and was exploited in the wild in May 2026, with detection best done via a Bash command line using grep to search for specific strings in system logs.

Product: LiteSpeed cPanel Plugin

CVSS Score: 9.8

** KEV since 2026-05-26 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48172

NVD References:

- https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48172

CVE-2026-34926 - Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

Product: Trend Micro Apex One

CVSS Score: 6.7

** KEV since 2026-05-21 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34926

NVD References:

- https://success.trendmicro.com/en-US/solution/KA-0023430

- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34926

CVE-2026-45659 - Microsoft SharePoint Remote Code Execution Vulnerability

Product: Microsoft Office SharePoint

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45659

ISC Podcast: https://isc.sans.edu/podcastdetail/9946

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659

CVE-2026-45585 - Windows BitLocker Security Feature Bypass Vulnerability

Product: Microsoft Windows 11 24H2

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45585

ISC Podcast: https://isc.sans.edu/podcastdetail/9940

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585

CVE-2026-20223 - Cisco Secure Workload's internal REST APIs have an access validation vulnerability that could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.

Product: Cisco Secure Workload

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20223

ISC Podcast: https://isc.sans.edu/podcastdetail/9942

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy

CVE-2026-33278 - NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer.

Product: NLnet Labs Unbound

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33278

MSFT Details:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33278

- https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-33278.txt

CVE-2026-42960 - NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section.

Product: NLnet Labs Unbound

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42960

MSFT Details:

- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42960

- https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42960.txt

CVE-2026-41292 - NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options.

Product: NLnet Labs Unbound

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41292

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41292

NVD References: https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-41292.txt

CVE-2026-42944 - NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet.

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42944

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42944

NVD References: https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42944.txt

CVE-2026-42959 - NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies.

Product: NLnet Labs Unbound

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42959

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42959

NVD References: https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42959.txt

CVE-2026-45584 - Microsoft Defender Remote Code Execution Vulnerability

Product: Microsoft Defender

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45584

ISC Podcast: https://isc.sans.edu/podcastdetail/9942

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584

CVE-2026-33117 - Azure SDK for Java Security Feature Bypass Vulnerability

Product: Microsoft Azure SDK for Java

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33117

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33117

CVE-2026-31986 - Apache OFBiz is vulnerable to a hard-coded cryptographic key issue before version 24.09.06, requiring users to upgrade to resolve the vulnerability.

Product: Apache OFBiz

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-31986

NVD References: https://lists.apache.org/thread/2hl9xoqm8tq8b22x6vnmtp7tg3opcqgc

CVE-2026-41919 - Apache OFBiz is vulnerable to LDAP Injection before version 24.09.06, users should upgrade to fix the issue.

Product: Apache OFBiz

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41919

NVD References: https://lists.apache.org/thread/592czh9o69n74c036vy30fnqknocw74p

CVE-2026-45434 - Apache OFBiz is vulnerable to improper authentication, allowing remote attackers to execute code via a password-change logic flaw before version 24.09.06.

Product: Apache OFBiz

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45434

NVD References: https://lists.apache.org/thread/yw4owrzl0yho1yx7oqxvr6xjkmln9tq8

CVE-2026-47323 - Camel-CXF and Camel-Knative are vulnerable to message header injection via missing inbound filtering, allowing unauthenticated attackers to inject headers and potentially execute remote code or write arbitrary files.

Product: Apache Camel-CXF and Camel-Knative

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47323

NVD References: https://camel.apache.org/security/CVE-2026-47323.html

CVE-2026-48207 - Apache Fory is vulnerable to untrusted data deserialization in ReduceSerializer before version 1.0.0, which could allow bypassing of DeserializationPolicy validation hooks and exposing the application to attacker-controlled data.

Product: Apache Fory

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48207

NVD References: https://fory.apache.org/security/#cve-2026-48207-pyfory-reduceserializer-deserializationpolicy-bypass

CVE-2026-44930 - Apache CXF is vulnerable to an LDAP injection flaw that allows attackers to access arbitrary certificates from the repository.

Product: Apache CXF 4.2.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-44930

NVD References: https://lists.apache.org/thread/c1zqxppo1m5z3kbdhjn5p991zk09ynkh

CVE-2026-8948, CVE-2026-8950, CVE-2026-8953, CVE-2026-8956, CVE-2026-8959 - Multiple vulnerabilities in Mozilla Firefox and Thunderbird

Product: Mozilla Firefox and Thunderbird

CVSS Scores: 9.1 - 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8948 (same-origin policy bypass)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8950 (same-origin policy bypass)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8953 (use after free)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8956 (integer overflow)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8959 (incorrect boundary conditions)

NVD References:

- https://www.mozilla.org/security/advisories/mfsa2026-46/

- https://www.mozilla.org/security/advisories/mfsa2026-47/

- https://www.mozilla.org/security/advisories/mfsa2026-48/

- https://www.mozilla.org/security/advisories/mfsa2026-50/

- https://www.mozilla.org/security/advisories/mfsa2026-51/

CVE-2026-2586 - GlassFish Administration Console has an authenticated RCE vulnerability that lets users execute arbitrary commands with application service user privileges.

Product: Eclipse Glassfish

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2586

NVD References: https://gitlab.eclipse.org/security/cve-assignment/-/issues/87

CVE-2026-2587 - Glassfish gadget handler is susceptible to a critical Remote Code Execution (RCE) vulnerability through unsanitized user-supplied values in .xml files, allowing attackers to fully compromise the host.

Product: Eclipse Glassfish

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2587

NVD References: https://gitlab.eclipse.org/security/cve-assignment/-/issues/86

CVE-2026-44159 - Tyler Identity Local (TID-L) utilizes default administrative credentials that have not been changed, leaving it vulnerable to unauthorized access.

Product: Tyler Identity Local (TID-L)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-44159

CVE-2026-8602, CVE-2026-8603, CVE-2026-8605 - Vulnerabilities in ScadaBR version 1.2.0.

Product: ScadaBR

CVSS Scores: 9.1 - 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8602 (missing authentication for critical function)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8603 (OS command injection)

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8605 (hard-coded credentials)

NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03

CVE-2026-33642 - Kitty, a cross-platform GPU based terminal, is vulnerable to Heap Buffer Over-Read/Write due to integer wrapping in the handle_compose_command() function in versions 0.46.2 and below, allowing an attacker to exploit this flaw without user interaction or non-default configurations.

Product: Kitty

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33642

NVD References: https://github.com/kovidgoyal/kitty/security/advisories/GHSA-qfgm-2c64-6x3x

CVE-2026-24207 - NVIDIA Triton Inference Server is vulnerable to authentication bypass, allowing attackers to potentially execute code, escalate privileges, manipulate data, disrupt service, or leak information.

Product: NVIDIA Triton Inference Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24207

CVE-2026-8598 - ZKTeco CCTV cameras have an undocumented configuration export port that does not require authentication, exposing critical information such as camera account credentials.

Product: ZKTeco CCTV cameras

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8598

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-04

- https://www.zkteco.com/en/announcement/23

CVE-2026-8631 - HP Linux Imaging and Printing Software is susceptible to an integer overflow vulnerability which can lead to privilege escalation and arbitrary code execution in the hpcups processing path.

Product: HP Linux Imaging and Printing Software

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8631

NVD References: https://support.hp.com/us-en/document/ish_14942099-14942126-16/hpsbpi04118

CVE-2026-5433 - Honeywell Control Network Module (CNM) is vulnerable to command injection in the web interface, allowing attackers to potentially execute remote code.

Product: Honeywell Control Network Module

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5433

CVE-2025-71210, CVE-2025-71211 - The Trend Micro Apex One management console is vulnerable to remote attackers uploading malicious code and executing commands on affected installations.

Product: Trend Micro Apex One

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-71210

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-71211

NVD References:

- https://success.trendmicro.com/en-US/solution/KA-0022458

- https://www.zerodayinitiative.com/advisories/ZDI-26-136/

- https://www.zerodayinitiative.com/advisories/ZDI-26-137/

CVE-2026-8670 - Avantra software AG on Linux and Windows allows Reusing Session IDs, leading to Insufficient session expiration vulnerability (aka Session Replay) before 25.3.1.

Product: Avantra

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8670

NVD References: https://support.avantra.com/hc/en-us/articles/5533929912351

CVE-2026-32253 - Sunshine, a self-hosted game stream host for Moonlight, allows bypassing of client-certificate authentication in versions prior to 2026.516.143833 due to mishandling of OpenSSL verification results, permitting access to protected HTTPS endpoints with an untrusted certificate.

Product: Sunshine

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32253

NVD References: https://github.com/LizardByte/Sunshine/security/advisories/GHSA-ph75-mgxh-mv57

CVE-2018-25357 - Dolibarr ERP CRM 7.0.3 is vulnerable to remote code execution through injection of PHP code in the db_name parameter, allowing unauthenticated attackers to execute arbitrary commands.

Product: Dolibarr ERP CRM 7.0.3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2018-25357

NVD References: https://www.vulncheck.com/advisories/dolibarr-erp-crm-remote-code-evaluation-via-install-step1-php

CVE-2026-9384 through CVE-2026-9388, CVE-2026-9404 through CVE-2026-9408, CVE-2026-9432 through CVE-2026-9436, CVE-2026-9454 through CVE-2026-9458, CVE-2026-9475 through CVE-2026-9478 - Multiple vulnerabilities in Totolink A8000RU 7.1cu.643_b20200521.

Product: Totolink A8000RU

CVSS Score: 9.8

References: https://github.com/Litengzheng/vuldb_new2/tree/main/A8000RU

CVE-2026-9543 - Totolink N300RH 6.1c.1353_B20190305 is vulnerable to os command injection via remote execution due to a flaw in the setPasswordCfg function of the Web Management Interface.

Product: Totolink N300RH

CVSS Score: 9.8

References: https://github.com/A1ester/TOTOLINK-N300RH-Command-Injection

CVE-2026-7374 - KubeVirt's virt-handler component allows an authenticated OpenShift user to hijack privileges by exploiting improper symlink validation, potentially leading to full control of the cluster.

Product: KubeVirt virt-handler

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7374

NVD References: https://access.redhat.com/security/cve/CVE-2026-7374

CVE-2026-48686 - FastNetMon Community Edition through 1.2.9 is vulnerable to a stack-based buffer overflow in the BGP NLRI decoder, allowing for arbitrary code execution.

Product: FastNetMon Community Edition

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48686

NVD References: https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48686-bgp-nlri-stack-overflow

CVE-2026-48689 - FastNetMon Community Edition through 1.2.9 includes an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class.

Product: FastNetMon Community Edition

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48689

NVD References: https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48689-dynamic-buffer-off-by-one

CVE-2026-48898, CVE-2026-48899, CVE-2026-48904 - Improper access check allows privilege escalation in Joomla! CMS versions 4.0.0-5.4.5,6.0.0-6.1.0

Product: Joomla!

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48898

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48899

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48904

NVD References:

- https://developer.joomla.org/security-centre/1045-20260513-core-privilege-escalation-through-com-users-batch-task.html

- https://developer.joomla.org/security-centre/1047-20260515-core-incorrect-access-control-in-sample-data-plugins.html

- https://developer.joomla.org/security-centre/1046-20260514-core-privilege-escalation-through-com-users-webservice-endpoints.html

CVE-2026-46624 - Twenty CRM is vulnerable to a critical RCE flaw via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack, allowing authenticated users to execute arbitrary OS commands on the database server through the unsanitized timeZone parameter in the REST API groupBy endpoint.

Product: Twenty CRM

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46624

NVD References: https://github.com/twentyhq/twenty/security/advisories/GHSA-jgx4-6mr9-9573

CVE-2026-7251 - The Eppendorf BioFlo 320 is vulnerable to remote attacks due to a hard-coded password in the VNC server, allowing attackers full control over the user interface and control panel features without encryption.

Product: Eppendorf BioFlo 320

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7251

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-146-01

CVE-2026-8633 - IBM WebSphere Application Server and WebSphere Liberty are vulnerable to remote code execution through a specially crafted request in the Web Server Plug-ins.

Product: IBM WebSphere Application Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8633

NVD References: https://www.ibm.com/support/pages/node/7274072

CVE-2026-3660 - IBM Engineering Lifecycle Management versions 7.0.3, 7.1.0, and 7.2.0 have a vulnerability that could enable an unauthenticated remote attacker to gain unauthorized access by modifying server property files.

Product: IBM Engineering Lifecycle Management

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3660

NVD References: https://www.ibm.com/support/pages/node/7274079

CVE-2026-9642 - DIAView allows unauthenticated remote attackers to access configured databases in a project.

Product: Delta Electronics DIAView

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-9642

NVD References: https://www.tenable.com/security/research/tra-2026-44

CVE-2026-40367 - Microsoft Word Remote Code Execution Vulnerability

Product: Microsoft Word

CVSS Score: 8.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-40367

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40367

CVE-2026-34336 - Windows DWM Core Library Elevation of Privilege Vulnerability

Product: Microsoft Windows DWM Core Library

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34336

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34336

CVE-2026-45495 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Product: Microsoft Edge

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45495

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45495

CVE-2024-12802 - SonicWALL SSL-VPN may be vulnerable to MFA bypass due to separate handling of UPN and SAM account names, allowing attackers to potentially exploit alternative account names.

Product: SonicWALL SSL-VPN

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12802

ISC Podcast: https://isc.sans.edu/podcastdetail/9940

CVE-2026-8711 - NGINX JavaScript vulnerability

Product: NGINX JavaScript

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-8711

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8711

NVD References: https://my.f5.com/manage/s/article/K000161307

CVE-2026-47783 - memcached before 1.6.42 username data for SASL password database authentication has a timing side channel.

Product: memcached

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47783

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47783

CVE-2026-47784 - memcached before 1.6.42 is vulnerable to a timing side channel in password data authentication for SASL password database.

Product: memcached

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47784

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47784

CVE-2026-41054 - Missing exit out of permission check in haveged could lead to root exploit in haveged 1.9.17-1

Product: haveged 1.9.17-1

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41054

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41054

CVE-2026-43618 - Rsync < 3.4.3 Integer Overflow Information Disclosure

Product: Samba Rsync

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-43618

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43618

NVD References:

- https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq

- https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure

CVE-2026-29518 - Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

Product: Samba Rsync

CVSS Score: 7.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29518

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-29518

NVD References: https://www.vulncheck.com/advisories/rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write

CVE-2026-3039 - BIND 9 server memory exhaustion during GSS-API TKEY negotiation

Product: ISC BIND

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3039

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3039

NVD References: https://kb.isc.org/docs/cve-2026-3039

CVE-2026-3593 - Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

Product: BIND 9

CVSS Score: 7.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-3593

NVD References: https://kb.isc.org/docs/cve-2026-3593

CVE-2026-5946 - Invalid handling of CLASS!= IN in BIND 9

Product: BIND 9

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5946

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5946

NVD References: https://kb.isc.org/docs/cve-2026-5946

CVE-2026-5947 - SIG(0) validation during query flood may lead to undefined behavior in BIND

Product: BIND 9

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5947

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5947

NVD References: https://kb.isc.org/docs/cve-2026-5947

CVE-2026-42834 - Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability

Product: Microsoft Windows Admin Center

CVSS Score: 7.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42834

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42834

CVE-2026-39830 - Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh.

Product: golang-go.crypto

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39830

References: https://security-tracker.debian.org/tracker/CVE-2026-39830

CVE-2026-39831 - Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh.

Product: golang-go.crypto

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39831

References: https://security-tracker.debian.org/tracker/CVE-2026-39831

CVE-2026-39832 - Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent.

Product: golang-go.crypto

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39832

References: https://security-tracker.debian.org/tracker/CVE-2026-39832

CVE-2026-39833 - Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

Product: golang-go.crypto

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39833

References: https://security-tracker.debian.org/tracker/CVE-2026-39833

CVE-2026-39834 - Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh

Product: golang-go.crypto

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39834

References: https://security-tracker.debian.org/tracker/CVE-2026-39834

CVE-2026-42508 - Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Product: golang-go.crypto

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42508

References: https://security-tracker.debian.org/tracker/CVE-2026-42508

CVE-2026-46595 - Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Product: golang-go.crypto

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46595

References: https://security-tracker.debian.org/tracker/CVE-2026-46595

CVE-2026-39821 - Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

Product: golang-golang-x-net-dev

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39821

References: https://security-tracker.debian.org/tracker/CVE-2026-39821

CVE-2026-39824 - Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

Product: golang-golang-x-sys

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39824

References: https://security-tracker.debian.org/tracker/CVE-2026-39824

CVE-2026-46333 - ptrace: slightly saner 'get_dumpable()' logic

Product: Linux Kernel

CVSS Score: 5.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46333

ISC Podcast: https://isc.sans.edu/podcastdetail/9936

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46333

The Following CVEs do not require customer action:

CVE-2026-33843 - Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability

Product: Microsoft Azure Active Directory B2C

CVSS Score: 9.1

NO CUSTOMER ACTION REQUIRED

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33843

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33843

CVE-2026-40411 - Azure Virtual Network Gateway Remote Code Execution Vulnerability

Product: Microsoft Azure Virtual Network Gateway

CVSS Score: 9.9

NO CUSTOMER ACTION REQUIRED

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-40411

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40411

CVE-2026-40412 - Azure Orbital Spatio Remote Code Execution Vulnerability

Product: Azure Orbital Spatio

CVSS Score: 10.0

NO CUSTOMER ACTION REQUIRED

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-40412

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40412

CVE-2026-41090 - Microsoft Copilot Tampering Vulnerability

Product: Microsoft Copilot

CVSS Score: 9.3

NO CUSTOMER ACTION REQUIRED

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41090

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41090

CVE-2026-41104 - Microsoft Planetary Computer Pro Information Disclosure Vulnerability

Product: Microsoft Planetary Computer Pro

CVSS Score: 10.0

NO CUSTOMER ACTION REQUIRED

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41104

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41104

CVE-2026-42901 - Microsoft Entra ID Elevation of Privilege Vulnerability

Product: Microsoft Entra ID

CVSS Score: 10.0

NO CUSTOMER ACTION REQUIRED

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42901

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42901

CVE-2026-47280 - Azure Resource Manager Elevation of Privilege Vulnerability

Product: Microsoft Azure Resource Manager (ARM)

CVSS Score: 10.0

NO CUSTOMER ACTION REQUIRED

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47280

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47280

CVE-2026-23663 - Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability

Product: Azure Entra ID

CVSS Score: 7.5

NO CUSTOMER ACTION REQUIRED

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23663

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23663

CVE-2026-26147 - Azure Stack HCI Information Disclosure Vulnerability

Product: Microsoft Azure Compute Gallery

CVSS Score: 7.7

NO CUSTOMER ACTION REQUIRED

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26147

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26147

CVE-2026-35430 - Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability

Product: Microsoft Azure Privileged Identity Management (PIM)

CVSS Score: 8.8

NO CUSTOMER ACTION REQUIRED

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-35430

MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35430