SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Linux Process Name Masquerading
Published: 2026-06-24
Last Updated: 2026-06-24 06:29:03 UTC
by Xavier Mertens (Version: 1)
In a previous diary, I talked about stack strings (https://isc.sans.edu/diary/An+Example+of+Stack+String+in+High+Level+Language/33008) with a practical example of them. Since my SEC670 class, I’m even more interested in malware obfuscation techniques. I had a look at process names. When you list running processes on a computer, can you trust what you see? If you're facing a rootkit, malicious processes can be simply hidden (the API calls or commands to list processed have been tampered). But a malicious process can also mimic a non-suspicious name by masquerading their name. This technique (T1036 in the MITRE ATT&CK framework) has been used by attackers in many campaigns. A good example of the Velvet Ant Chinese group. The goal is to hide the “malware” process name by replacing it with something that won’t attract the Security Analyst’s eyes or defeat security controls.
First of all, you need to remember that the process name can be stored in different locations:
In /proc/<pid>/comm: This file contains the process name (max 15 characters). This is what the default ‘ps’ and ‘top’ commands show ...
Read the full entry: https://isc.sans.edu/diary/Linux+Process+Name+Masquerading/33102/
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.
Published: 2026-06-23
Last Updated: 2026-06-23 03:02:34 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
The vulnerability
In August 2024 SonicWall published advisory SNWLID-2024-0015 for CVE-2024-40766. It is an improper access control vulnerability in SonicOS. CVSS 9.3. It affects the management interface and the SSLVPN service on Gen 5, Gen 6 and Gen 7 firewalls. Each generation has its own affected firmware range: Gen 5 running SonicOS 5.9.2.14-12o and older, Gen 6 running 6.5.4.14-109n and older, and Gen 7 running SonicOS 7.0.1-5035 and older. Successful exploitation lets an attacker gain unauthorized access to the firewall. Under certain conditions it crashes the device entirely.
The scope of the affected install base is large. SonicWall reports serving approximately 500,000 businesses across 215 countries and territories. Many of them run SSLVPN as their sole remote access method. Many of them do not have a dedicated security team. That combination is exactly what ransomware operators look for.
Who is exploiting and how
Akira and Fog ransomware groups have been exploiting CVE-2024-40766 since at least September 2024 when Arctic Wolf first reported Akira affiliates compromising SSLVPN accounts on vulnerable devices. By December 2024 Macnica research confirmed that roughly half of organizations listed on Akira and Fog leak sites were running SonicWall and at least 48,933 devices were still publicly exposed and unpatched.
The exploitation has not slowed down. It has escalated in waves. In July-August 2025 Arctic Wolf, Huntress and Bitdefender reported a surge of Akira intrusions targeting Gen 7 firewalls. Rapid7 and Darktrace published corroborating analyses in September and October 2025 respectively. Fog ransomware operators were also observed exploiting the same vulnerability during this period accounting for roughly 25 percent of intrusions while Akira accounted for 75 percent. Researchers initially suspected a zero-day. SonicWall investigated and confirmed with high confidence that the activity still correlated with CVE-2024-40766. Many compromised organizations had migrated from Gen 6 to Gen 7 without resetting local user passwords. Dwell times across both groups were alarmingly short. Arctic Wolf documented encryption occurring in under four hours from initial access with some cases as fast as 55 minutes ...
Read the full entry: https://isc.sans.edu/diary/CVE202440766+The+Patch+Fixed+the+Bug+Nobody+Fixed+the+Configuration/33094/
Webshells Remain Popular
Published: 2026-06-22
Last Updated: 2026-06-22 14:10:27 UTC
by Xavier Mertens (Version: 1)
Webshells have been popular for a long time. We already covered this topic across multiple diaries. I spent some time to track them and slightly paid less attention to them but today I found another one. It seems to be a new player (pushed on Github two months ago).
The webshell is called ZypeerShell and pretend to be "The most powerful, undetectable, and feature-rich PHP webshell available on GitHub." The shell is classic and provides most of the expected features for such tool ...
Read the full entry: https://isc.sans.edu/diary/Webshells+Remain+Popular/33096/
eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address (2026.06.19)
https://isc.sans.edu/diary/eBanking+Phishing+Delivered+Through+IPv4Mapped+IPv6+Address/33090/
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary] (2026.06.17)
The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary] (2026.06.17)
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-40766 - SonicWall SonicOS management access is vulnerable to improper access control, allowing for unauthorized resource access and potentially crashing the firewall.
Product: SonicWall SonicOS
CVSS Score: 0
** KEV since 2024-09-09 **
CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-40766
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40766
ISC Diary: https://isc.sans.edu/diary/33094
ISC Podcast: https://isc.sans.edu/podcastdetail/9984
CVE-2026-55200 - libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution. Product: libssh2 CVSS Score: 9.2 NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-55200 ISC Podcast: https://isc.sans.edu/podcastdetail/9984 NVD References: https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c
CVE-2026-12087 - Socket versions before 2.041 for Perl have an out-of-bounds heap read
Product: Perl Socket
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-12087
NVD References: https://www.openwall.com/lists/oss-security/2026/06/15/10
CVE-2026-34182 - CMS AuthEnvelopedData Processing May Accept Forged Messages
Product: OpenSSL AuthEnvelopedData
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34182
CVE-2026-56274 - Flowise before 3.1.2 is vulnerable to multiple OS command injections in the Custom MCP Server feature, allowing attackers with account access to execute arbitrary commands on the host.
Product: Flowise
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-56274
NVD References: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-m99r-2hxc-cp3q
CVE-2024-58351 - Flowise before 2.1.4 allows for configuration injection into the Chainflow during execution, leading to multiple security threats such as remote code execution, denial of service, and data exfiltration.
Product: Flowise
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-58351
NVD References: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5cph-wvm9-45gj
CVE-2026-54157 - LobeHub's /webapi/proxy endpoint prior to 2.1.57 allows attackers to make arbitrary requests and exploit reflected Set-Cookie headers.
Product: LobeHub
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-54157
NVD References: https://github.com/lobehub/lobehub/security/advisories/GHSA-xmwj-c75x-6346
CVE-2026-22313 - The Radiflow iSAP Smart Collector webserver API allows authenticated attackers to execute arbitrary commands with administrative permissions through an OS command injection vulnerability.
Product: Radiflow iSAP Smart Collector
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22313
NVD References: https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22313
Oracle Critical Security Patch Update Advisory - June 2026 includes 245 new security patches for Oracle Enterprise Manager, Fusion Middleware, JD Edwards, MySQL, Oracle Supply Chain Products, Oracle Communications Convergent Charging Controller, Oracle Communications Network Charging and Control, Oracle Communications Network Integrity, Oracle E-Business Suite, Oracle Enterprise Manager, Virtualization, PeopleSoft, and Siebel.
- https://www.oracle.com/security-alerts/cspujun2026.html
CVE-2026-10094 - SOLIDWORKS Visualize is vulnerable to a Path Traversal flaw, allowing attackers to write arbitrary files on the server.
Product: SOLIDWORKS Visualize
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-10094
NVD References: https://www.3ds.com/trust-center/security/security-advisories/cve-2026-10094
CVE-2026-32966 - Apache DolphinScheduler allows arbitrary data source metadata disclosure due to missing authorization check in its DataSource API, impacting versions before 3.4.2.
Product: Apache DolphinScheduler
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32966
NVD References: https://lists.apache.org/thread/4f1fojpj26z9y5nd1ko845gcknpn75g2
CVE-2026-32967 - Apache DolphinScheduler is vulnerable to Incorrect Authorization in its `/v2` experimental interface before version 3.4.2, users should upgrade to fix this issue.
Product: Apache DolphinScheduler
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32967
NVD References: https://lists.apache.org/thread/5o5jrg1snkmrto96wg015wgbh7hyckzc
CVE-2026-50203 - apache-airflow-providers-sftp is vulnerable to a path traversal attack that allows a remote SFTP server to write files outside the designated local destination directory without requiring an Airflow account.
Product: Apache-Airflow-Providers-Sftp
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-50203
NVD References: https://lists.apache.org/thread/7f4b284oh44c1n95oq8mh1qc7y1lr9dx
CVE-2026-49268 - Apache Shiro is vulnerable to LDAP injection, allowing remote attackers to manipulate the DN structure and potentially bypass authentication or impersonate users.
Product: Apache Shiro 3.0.0
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-49268
NVD References: https://lists.apache.org/thread/svszql3od8td7hn6conyj2oq70v53b5s
CVE-2026-39999 - Apache APISIX is vulnerable to authentication bypass through spoofing, impacting versions v2.2 through v3.16.0.
Product: Apache APISIX
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-39999
NVD References: https://lists.apache.org/thread/nfopt8cnxd3k0rs1oxtr7lzxrdw4mojq
CVE-2026-44087 - Apache APISIX is vulnerable to insufficient verification of data authenticity, allowing attackers to spoof identity headers and gain unauthorized access to protected resources.
Product: Apache APISIX
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-44087
NVD References: https://lists.apache.org/thread/72ryrgdssk6s2x9d6xn14bxyyl878xfm
CVE-2026-49230 - Apache APISIX is vulnerable to an improper validation of integrity check value issue in its jwe-decrypt plugin, allowing for authentication bypass from version 3.8.0 to 3.16.0.
Product: Apache APISIX
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-49230
NVD References: https://lists.apache.org/thread/n0blgkpvz38ghh5rrh6wtl476919xj1b
CVE-2026-49871 - Apache APISIX is vulnerable to a CSRF flaw in cas-auth plugin, allowing remote attackers to hijack victim's authentication and perform actions on their behalf.
Product: Apache APISIX
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-49871
NVD References: https://lists.apache.org/thread/1ozsnss0lof4gpwq763d66oxwxt3sycp
CVE-2026-29167, CVE-2026-34355, CVE-2026-34356, CVE-2026-42535, CVE-2026-42536, CVE-2026-44185, CVE-2026-44631, CVE-2026-48913 - Multiple vulnerabilities in Apache HTTP Server
Product: Apache HTTP Server
CVSS Scores: 7.3 - 8.6
Reference: https://httpd.apache.org/security/vulnerabilities_24.html
CVE-2026-48055 - Streambert's subtitle extraction logic in versions 2.4.0 and prior allows for a high-severity Zip Slip vulnerability, allowing malicious archives to write arbitrary files to the host filesystem.
Product: Streambert Electron Desktop App
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48055
NVD References: https://github.com/truelockmc/streambert/security/advisories/GHSA-3q2x-3q9p-qwfc
CVE-2026-42530 - NGINX Open Source is vulnerable to a remote unauthenticated attacker exploiting the ngx_http_v3_module to cause a Use-after-Free in the worker process leading to a restart when configured to use the HTTP/3 QUIC module.
Product: NGINX Open Source
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42530
ISC Podcast: https://isc.sans.edu/podcastdetail/9980
NVD References: https://my.f5.com/manage/s/article/K000161616
CVE-2026-47103 - Python StateMachine versions 3.0.0 before 3.2.0 is vulnerable to remote code execution via malicious SCXML documents with unsafely evaluated `<data expr="...">` attributes.
Product: Python StateMachine
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47103
NVD References: https://github.com/fgmacedo/python-statemachine/security/advisories/GHSA-v4jc-pm6r-3vj8
CVE-2026-55743 - OpenHuman desktop agent's SecurityPolicy shell tool command allowlist can be bypassed, leading to arbitrary OS command execution with desktop user privileges.
Product: OpenHuman desktop agent
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-55743
CVE-2026-20181 - Cisco ISE and ISE-PIC are vulnerable to arbitrary command execution by a remote attacker with admin credentials.
Product: Cisco Identity Services Engine Passive Identity Connector
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20181
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv
CVE-2026-53805 - NVIDIA SIL GEN3C is vulnerable to unauthenticated remote code execution through the inference API server due to a lack of input validation on certain HTTP request endpoints.
Product: NVIDIA Spatial Intelligence Lab's (SIL) GEN3C
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53805
NVD References: https://www.vulncheck.com/advisories/nvidia-sil-gen3c-unauthenticated-rce-via-pickle-deserialization-in-inference-api
CVE-2026-55196 - Hermes WebUI before version 0.51.409 allows unauthenticated remote attackers to register arbitrary passkeys and gain permanent administrative control.
Product: Hermes WebUI
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-55196
NVD References: https://www.vulncheck.com/advisories/hermes-webui-unauthenticated-passkey-registration-via-authentication-bypass
CVE-2026-38714, CVE-2026-38715, CVE-2026-38716, CVE-2026-38717 - Command injection vulnerabilities in InHand Networks IR912 and IR915 devices
Product: InHand Networks IR912 and IR915 Firmware
CVSS Score: 9.8
NVD References: https://www.inhand.com/wp-content/uploads/2026/06/InHand-PSA-2026-06_EN.pdf
CVE-2026-12045 - pgAdmin 4 AI Assistant allows an attacker to execute arbitrary SQL with the user's database role privileges through a read-only transaction bypass vulnerability.
Product: pgAdmin 4
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-12045
NVD References: https://github.com/pgadmin-org/pgadmin4/issues/10022
CVE-2026-12046 - pgAdmin 4's vulnerability involves two state-mutating endpoints in the SQL Editor blueprint missing the @pga_login_required decorator, allowing unauthenticated access to a deserialization sink and potential remote code execution.
Product: pgAdmin 4
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-12046
NVD References: https://github.com/pgadmin-org/pgadmin4/issues/10072
CVE-2026-12048 - pgAdmin 4 is vulnerable to stored cross-site scripting in error-rendering and plan-node-rendering paths, allowing attackers to inject arbitrary HTML into the DOM and potentially redirect victims to malicious websites.
Product: pgAdmin 4
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-12048
NVD References: https://github.com/pgadmin-org/pgadmin4/issues/10068
CVE-2026-12628 - IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0 through 8.2.1.0 contain a hardcoded credential vulnerability that could enable unauthorized access to system resources.
Product: IBM Storage Protect Client
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-12628
NVD References: https://www.ibm.com/support/pages/node/7277245
CVE-2026-7664 - IBM Langflow OSS 1.0.0 through 1.8.4 allows unauthenticated attackers to access protected MCP project resources and execute MCP operations.
Product: IBM Langflow OSS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7664
NVD References: https://www.ibm.com/support/pages/node/7277243
CVE-2026-10561 - IBM Langflow OSS 1.0.0 through 1.9.3 allows unauthenticated attackers to execute arbitrary code on the host system, leading to complete compromise.
Product: IBM Langflow OSS
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-10561
NVD References: https://www.ibm.com/support/pages/node/7277242
CVE-2026-48519 - Langflow prior to version 1.9.2 contains a critical RCE vulnerability in the Shareable Playground feature, allowing unauthenticated users to execute arbitrary Python code through a specific route.
Product: Langflow
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48519
NVD References: https://github.com/langflow-ai/langflow/security/advisories/GHSA-v5ff-9q35-q26f
CVE-2026-55255 - Langflow is vulnerable to an Insecure Direct Object Reference (IDOR) at /api/v1/responses endpoint pre-1.9.2, enabling an authenticated attacker to execute another user's flow by specifying their flow ID in the request.
Product: Langflow
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-55255
NVD References: https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2
CVE-2026-55447 - Langflow prior to 1.9.2 allows attackers to read any file on the file-system by absolute path via controlled files digested into the RAG.
Product: Langflow
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-55447
NVD References: https://github.com/langflow-ai/langflow/security/advisories/GHSA-ccv6-r384-xp75
CVE-2026-55450 - Langflow allows unauthenticated users to upload unlimited data to the server prior to version 1.9.1, potentially causing space exhaustion and exposing absolute file paths to attackers.
Product: Langflow
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-55450
NVD References: https://github.com/langflow-ai/langflow/security/advisories/GHSA-x223-p2gf-v735
CVE-2026-48746 - vLLM suffers from an authentication bypass vulnerability in ASGI web servers and starlette versions 0.3.0 to 0.22.0, allowing unauthorized access to the OpenAI API without a valid API key.
Product: OpenAI vLLM
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48746
NVD References: https://x41-dsec.de/lab/advisories/x41-2026-002-starlette
CVE-2026-11374 - ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus are vulnerable to account takeover as unauthenticated users can predict the SSO tickets generated for authentication.
Product: ManageEngine ADSelfService Plus
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-11374
NVD References: https://www.manageengine.com/products/self-service-password/advisory/CVE-2026-11374.html
CVE-2026-12293 through CVE-2026-12297, CVE-2026-12304, CVE-2026-12315, CVE-2026-12316 - Multiple vulnerabilities in Firefox, Thunderbird, and other related tools.
Products: Mozilla Firefox and Thunderbird
CVSS Scores: 9.1 - 9.8
NVD References:
- https://www.mozilla.org/security/advisories/mfsa2026-57/
- https://www.mozilla.org/security/advisories/mfsa2026-58/
- https://www.mozilla.org/security/advisories/mfsa2026-59/
- https://www.mozilla.org/security/advisories/mfsa2026-60/
- https://www.mozilla.org/security/advisories/mfsa2026-61/
CVE-2026-0126 - WC-Radio is vulnerable to an out of bounds write issue, potentially allowing remote code execution without requiring user interaction.
Product: Google Android
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0126
NVD References: https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01
CVE-2026-48781 - Postiz allowed authenticated users to forge SUPERADMIN sessions and impersonate organizations due to a vulnerability in versions prior to 2.21.8.
Product: Postiz AI social media scheduling tool
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48781
NVD References: https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-j77w-h625-56q2
CVE-2026-20266 - Splunk AI Toolkit versions below 5.7.4 allow an admin user to execute arbitrary OS commands due to an unsafe shell execution pattern in the btool configuration helper.
Product: Splunk AI Toolkit
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20266
NVD References: https://advisory.splunk.com/advisories/SVD-2026-0614
CVE-2026-54387 - Tinyproxy through 1.11.3 fails to reconcile conflicting Content-Length and Transfer-Encoding headers, allowing remote attackers to inject arbitrary HTTP requests for cache poisoning and request hijacking.
Product: Tinyproxy
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-54387
NVD References: https://www.vulncheck.com/advisories/tinyproxy-http-request-smuggling-via-cl-te-desynchronization
CVE-2026-54388 - Tinyproxy through 1.11.3 allows remote attackers to desynchronize parser state and inject arbitrary HTTP requests to the backend due to a failure to reject requests containing multiple Content-Length headers with differing values.
Product: Tinyproxy
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-54388
NVD References: https://www.vulncheck.com/advisories/tinyproxy-http-request-smuggling-via-duplicate-content-length-headers
CVE-2026-48768 - TypeBot's unauthenticated file upload functionality in versions 3.16.1 and earlier allows for potential stored XSS attacks and arbitrary content hosting by uploading attacker-controlled files.
Product: TypeBot chatbot builder
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48768
NVD References: https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-fp7x-6pqh-vhvf
CVE-2026-47846 - Bitnami Cassandra container images are vulnerable to a retained default superuser issue, potentially leaving the cassandra:cassandra superuser active unintentionally.
Product: Bitnami Cassandra container images
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47846
NVD References: https://github.com/bitnami/containers/security/advisories/GHSA-8q3j-37vg-8fc2
CVE-2026-49252 - Deepstream is vulnerable to Prototype Pollution in versions prior to 10.0.5, allowing potential privilege escalation from any authenticated user with write permission to any record.
Product: Deepstream server
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-49252
NVD References: https://github.com/deepstreamIO/deepstream.io/security/advisories/GHSA-9v98-6g37-x9g6
CVE-2026-50242, CVE-2026-56141, CVE-2026-56142 - Multiple vulnerabilities in JetBrains Hub.
Product: JetBrains Hub
CVSS Scores: 9.8 - 10.0
NVD References: https://www.jetbrains.com/privacy-security/issues-fixed/
CVE-2025-62821 - Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read vulnerability due to a flaw in CHEIFItemInfoEntry_GetDataSize, leading to a potential 1-byte allocation error in CopyPixels.
Product: Microsoft HEIF Image Extensions
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62821
CVE-2026-48772 - ProxySQL versions 2.0.0 through 3.0.8 allow for a routing and ACL bypass through forging source addresses in the PROXY protocol header.
Product: ProxySQL
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48772
NVD References: https://github.com/sysown/proxysql/security/advisories/GHSA-gw94-85m2-x8v2
CVE-2026-48773 - ProxySQL has a pre-authentication heap memory corruption vulnerability in versions 2.0.18 through 3.0.8, allowing a remote unauthenticated client to execute a potential attack.
Product: ProxySQL
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48773
NVD References: https://github.com/sysown/proxysql/security/advisories/GHSA-58ww-865x-grpr
CVE-2026-56265 - Crawl4AI before 0.8.7 is vulnerable to an authentication bypass through a hardcoded default JWT signing key, allowing attackers to forge authentication tokens and gain full access.
Product: Crawl4AI
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-56265
NVD References: https://github.com/unclecode/crawl4ai/security/advisories/GHSA-365w-hqf6-vxfg
CVE-2026-56395, CVE-2026-56397 - Remote code execution vulnerabilities in SiYuan
Product: SiYuan
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-56395
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-56397
NVD References:
- https://github.com/siyuan-note/siyuan/security/advisories/GHSA-v3mg-9v85-fcm7
- https://www.vulncheck.com/advisories/siyuan-remote-code-execution-via-malicious-bazaar-package-metadata-and-readme-2
CVE-2026-28381 - Snowflake datasource vulnerability enables unauthorized users to execute queries and transfer files between the local server and connected Snowflake host.
Product: Snowflake datasource
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-28381
CVE-2026-10789 - Autodesk Fusion Desktop is vulnerable to a maliciously crafted webpage that can trigger a vulnerability in the MCP extension, leading to arbitrary code execution with the user's privileges.
Product: Autodesk Fusion
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-10789
NVD References: https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0008
CVE-2026-48509 - MessagePack for C# versions prior to 2.5.301 and 3.1.7 allow for denial-of-service attacks due to insecure default serializer options.
Product: MessagePack
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48509
NVD References: https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-2f33-pr97-265q
CVE-2026-56348 - n8n before 2.20.0 exposes a vulnerability in the POST /rest/dynamic-node-parameters/options endpoint, enabling authenticated users to bypass domain restrictions and exfiltrate sensitive authentication data to unauthorized hosts.
Product: n8n
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-56348
NVD References: https://github.com/n8n-io/n8n/security/advisories/GHSA-3875-8gcx-7v46
CVE-2026-53662 - Immich has a reflected cross-site scripting (XSS) vulnerability on the /auth/login page, allowing an attacker to fully compromise any authenticated user's account with a single link click.
Product: Immich
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53662
NVD References: https://github.com/immich-app/immich/security/advisories/GHSA-8244-8vpr-vp9c
CVE-2026-53753 - Crawl4AI's _safe_eval_expression() function in versions prior to 0.8.7 allows for a complete sandbox escape to achieve arbitrary code execution through a crafted extraction schema.
Product: Crawl4AI
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-53753
NVD References: https://github.com/unclecode/crawl4ai/security/advisories/GHSA-qxjp-w3pj-48m7
CVE-2026-11807 - Event-Driven Ansible (EDA) websocket API has a missing authorization vulnerability that allows any authenticated user to send forged messages and access plaintext credentials.
Product: Event-Driven Ansible (EDA)
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-11807
CVE-2026-54588 - Poweradmin allows for full account takeover without credentials by exploiting a vulnerability in versions prior to 4.2.4 and 4.3.3.
Product: Poweradmin
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-54588
NVD References: https://github.com/poweradmin/poweradmin/security/advisories/GHSA-3735-5339-xfwx
CVE-2024-12802 - SonicWALL SSL-VPN may be vulnerable to MFA bypass due to separate handling of UPN and SAM account names, allowing attackers to potentially exploit alternative account names.
Product: SonicWALL SSL-VPN
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12802
ISC Diary: https://isc.sans.edu/diary/33094
CVE-2026-46331 - net/sched: fix pedit partial COW leading to page cache corruption
Product: Linux kernel
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46331
CVE-2026-46244 - netfilter: nft_inner: Fix IPv6 inner_thoff desync
Product: Linux kernel
CVSS Score: 7.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46244
CVE-2026-46275 - Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
Product: Linux kernel
CVSS Score: 7.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46275
CVE-2026-46285 - mtd: docg3: fix use-after-free in docg3_release()
Product: Linux kernel
CVSS Score: 7.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46285
CVE-2026-46301 - spi: topcliff-pch: fix use-after-free on unbind
Product: Linux kernel
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46301
CVE-2026-46319 - net/sched: act_ct: Only release RCU read lock after ct_ft
Product: Linux kernel
CVSS Score: 7.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46319
CVE-2026-46324 - netfilter: nf_tables: use list_del_rcu for netlink hooks
Product: Linux kernel
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46324
CVE-2026-46320 - tap: free page on error paths in tap_get_user_xdp()
Product: Linux kernel
CVSS Score: 7.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46320
CVE-2026-46243 - smb: client: reject userspace cifs.spnego descriptions
Product: Linux kernel
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46243
CVE-2026-46274 - io-wq: check that the predecessor is hashed in io_wq_remove_pending()
Product: Linux kernel
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46274
CVE-2026-46293 - clk: microchip: mpfs-ccc: fix out of bounds access during output registration
Product: Linux kernel
CVSS Score: 7.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46293
CVE-2026-46306 - flow_dissector: do not dissect PPPoE PFC frames
Product: Linux kernel
CVSS Score: 7.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46306
CVE-2026-46330 - Revert "net/smc: Introduce TCP ULP support"
Product: Linux kernel
CVSS Score: 7.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-46330
CVE-2026-45445 - AES-OCB IV Ignored on EVP_Cipher() Path
Product: OpenSSL AES-OCB
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45445
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45445
CVE-2026-45447 - Heap Use-After-Free in the PKCS7_verify() Function
Product: OpenSSL PKCS#7 APIs
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45447
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45447
CVE-2026-42764 - NULL Pointer Dereference in QUIC Server Initial Packet Handling
Product: OpenSSL QUIC server
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42764
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42764
CVE-2026-34181 - PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Product: OpenSSL PKCS#12
CVSS Score: 7.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34181
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34181
CVE-2026-34183 - Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
Product: OpenSSL QUIC
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34183
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34183
CVE-2026-7383 - Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Product: OpenSSL ASN1_mbstring_copy
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7383
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7383
CVE-2026-9076 - Out-of-Bounds Read in CMS Password-Based Decryption
Product: OpenSSL CMS_decrypt() or CMS_decrypt_set1_password()
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-9076
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9076
CVE-2026-34180 - Heap Buffer Over-read in ASN.1 Content Parsing
Product: OpenSSL OpenSSL's ASN.1 decoder
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34180
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34180
CVE-2026-6893 - Dracut: dracut: root code execution via dhcp options command injection
Product: Dracut
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-6893
CVE-2026-49759 - Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash
Product: Erlang OTP
CVSS Score: 8.2
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-49759
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49759
CVE-2026-9698 - DBI versions before 1.648 for Perl saved errors in a limited-sized buffer
Product: Perl DBI
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-9698
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9698
CVE-2026-12143 - form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)
Product: form-data library
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-12143
CVE-2026-50656 - Microsoft Defender Elevation of Privilege Vulnerability
Product: Microsoft Defender
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-50656
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
CVE-2026-44817, CVE-2026-44818, CVE-2026-44820, CVE-2026-44823, CVE-2026-45469 - Microsoft Excel Remote Code Execution Vulnerabilities
Product: Microsoft Office Excel
CVSS Scores: 7.0 - 7.8
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44817
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44818
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44820
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44823
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45469
CVE-2026-44822 - Microsoft Excel Information Disclosure Vulnerability
Product: Microsoft Office Excel
CVSS Score: 8.2
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44822
CVE-2026-44819, CVE-2026-44824, CVE-2026-45461, CVE-2026-45463, CVE-2026-45645, CVE-2026-45472, CVE-2026-45474, CVE-2026-45475 - Microsoft Office Remote Code Execution Vulnerabilities
Product: Microsoft Office
CVSS Scores: 7.8 - 8.4
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44819
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44824
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45461
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45463
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45645
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45472
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45474
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45475
CVE-2026-45456, CVE-2026-45458 - Microsoft Outlook and Word Remote Code Execution Vulnerabilities
Product: Microsoft Office
CVSS Score: 8.4
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45456
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45458
CVE-2026-45457, CVE-2026-45471, CVE-2026-45486, CVE-2026-45643 - Microsoft Word Remote Code Execution Vulnerabilities
Product: Microsoft Office Word
CVSS Score: 7.8
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45457
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45471
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45486
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45643
CVE-2026-45649 - Office for Android Spoofing Vulnerability
Product: Microsoft Office for Android
CVSS Score: 7.1
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45649
CVE-2026-42828 - Windows Projected File System Elevation of Privilege Vulnerability
Product: Microsoft Windows Projected File System Filter Driver
CVSS Score: 7.8
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42828
CVE-2026-44803, CVE-2026-44812 - Windows Graphics Component Remote Code Execution Vulnerabilities
Product: Microsoft Windows Win32K - GRFX
CVSS Score: 7.8
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44803
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44812
CVE-2026-45504 - Microsoft Exchange Server Elevation of Privilege Vulnerability
Product: Microsoft Exchange Server
CVSS Score: 8.8
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45504
The following vulnerability needs a manual review:
CVE-2026-47729 - It was discovered that Squid incorrectly handled FTP gateway processing under certain circumstances, which could result in an out-of-bounds read. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information. Product: Squid CVSS Score: N/A ISC Podcast: https://isc.sans.edu/podcastdetail/9980 References:
- https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2026-47729/
- https://blog.calif.io/p/squidbleed-cve-2026-47729
- https://www.suse.com/security/cve/CVE-2026-47729.html
- https://security-tracker.debian.org/tracker/CVE-2026-47729
*** NO CUSTOMER ACTION REQUIRED ***
CVE-2026-54130 - M365 Copilot Information Disclosure Vulnerability
Product: M365 Copilot
CVSS Score: 9.8
NO CUSTOMER ACTION REQUIRED
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-54130
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54130
CVE-2026-45480 - Azure Active Directory Elevation of Privilege Vulnerability
Product: Azure Active Directory
CVSS Score: 10.0
NO CUSTOMER ACTION REQUIRED
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-45480
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45480
CVE-2026-47647 - Dynamics 365 Elevation of Privilege Vulnerability
Product: Microsoft Dynamics 365
CVSS Score: 9.9
NO CUSTOMER ACTION REQUIRED
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47647
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47647
CVE-2026-48582 - Microsoft Exchange Online Elevation of Privilege Vulnerability
Product: Microsoft Exchange Online
CVSS Score: 9.6
NO CUSTOMER ACTION REQUIRED
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48582
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48582
CVE-2026-48584 - Microsoft Azure Synapse Elevation of Privilege Vulnerability
Product: Microsoft Azure Synapse
CVSS Score: 9.9
NO CUSTOMER ACTION REQUIRED
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-48584
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48584
CVE-2026-47633 - Microsoft Cost Management Information Disclosure Vulnerability
Product: Cost Management Interactive Experiences Vendor name: Cost Management Interactive Experiences
CVSS Score: 7.5
NO CUSTOMER ACTION REQUIRED
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47633
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47633
CVE-2026-32174 - Azure Bot Service Elevation of Privilege Vulnerability
Product: Microsoft Azure Bot Service
CVSS Score: 7.7
NO CUSTOMER ACTION REQUIRED
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32174
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32174
CVE-2026-32208 - Microsoft Edge (Chromium-based) Spoofing Vulnerability
Product: Microsoft Edge
CVSS Score: 8.8
NO CUSTOMER ACTION REQUIRED
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-32208
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32208
CVE-2026-47645 - Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
Product: Microsoft 365 Copilot's Business Chat
CVSS Score: 8.8
NO CUSTOMER ACTION REQUIRED
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47645
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47645
Confident AI investment starts with clarity. The CISOs Guide to Buying AI breaks down how to cut through hype, evaluate risk, and select solutions that deliver real outcomes. Learn what to prioritize, the right questions to ask, and how to align AI investments with your security goals across the organization.
Webinar | Agentic CTI Automation For Fun and Profit | Thursday, June 25 | Rebekah Brown & Jonathan Cran
SANS AI Survey Insights | Poisoned Wells and Pure Springs: Drawing Security and Compromise from the same AI Source | Wednesday, July 15 | Dave Shackleford
Webinar | The New Face of Fraud in Financial Services | Thursday, July 16 | Kevin Garvey, Mick Leach & Manuel Bernal