Skip to main content

Tag: cvss

12 articles

Brightly-lit industrial control system in a neutral server room setting.

CISA Warns of Active Exploitation of Adobe, Joomla, and Langflow Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on four high-severity vulnerabilities in Adobe, Joomla, and Langflow that are being actively exploited by hackers. Federal agencies have until July 10, 2026, to patch these flaws and avoid potential breaches.

Analyst 207
Laptop screen on a neutral surface in a bright, clean tech facility setting.

Fortinet, Ivanti, SAP Patch Critical Vulnerabilities

This week, Fortinet, Ivanti, and SAP issued urgent patch rollouts to fix critical vulnerabilities that could allow hackers to execute remote code or gain unauthorized access to sensitive systems. The flaws, affecting sandboxing infrastructure, mobile gateway software, and core enterprise apps, carry high severity scores and demand immediate attention.

Analyst 207
Node.js application running on a laptop in a developer's workspace with daylight in the background.

Protobuf.js Vulnerabilities Expose Node.js Apps to Code Execution, DoS

A single malicious protobuf schema could be all it takes to trigger crashes, corrupt runtimes, or even execute code in vulnerable Node.js apps, warns Cyera security researcher Assaf Morag. Six newly identified vulnerabilities in protobuf.js, known as Proto6, carry high severity scores and could put your app at risk.

Analyst 207
Server equipment on a rack in a brightly-lit government agency setting.

CISA Flags Oracle WebLogic Flaw as Actively Exploited

The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged a high-severity Oracle WebLogic flaw, CVE-2024-21182, as actively exploited, prompting federal agencies to apply fixes by June 4, 2026. This critical vulnerability, rated 7.5 by CVSS, was added to CISA's Known Exploited Vulnerabilities Catalog after evidence of active exploitation was confirmed.

Analyst 207
IT professional urgently working on laptop amidst computer equipment.

India's CERT-In Urges 12-Hour Patch Deadline for Exploited Vulnerabilities

CERT-In is urging organizations to act fast - patch, mitigate, or remove exposure to exploited vulnerabilities within 12 hours for internet-facing and high-priority systems. This strict deadline aims to minimize risk and protect critical assets from potential attacks.

Analyst 207
Server rack in a data center with exposed vulnerabilities under ambient light.

Cisco Exposes New Zero-Auth Vulnerability in Secure Workload Platform

Cisco has uncovered a critical zero-auth vulnerability in its Secure Workload platform, allowing attackers to access sensitive information and make configuration changes with alarming ease and admin-level privileges. This severe flaw, scoring a perfect 10.0 on the CVSS scale, demands immediate attention to prevent exploitation.

Analyst 207
Rows of computer servers in a brightly-lit data center or network operations center.

Microsoft Patches 138 Vulnerabilities, Including Critical DNS and Netlogon Flaws

Microsoft just patched a critical DNS flaw that could let hackers execute code on your network, along with 137 other vulnerabilities - so make sure to update ASAP! The update also includes a mandatory rollout of updated Secure Boot certificates to keep your system secure.

Analyst 207
Generic server setup with multiple monitors and equipment racks in a brightly-lit tech environment.

Microsoft Patch Tuesday Exposes 137 Vulnerabilities, Including 30 Critical Flaws

Microsoft just dropped a massive Patch Tuesday update, fixing 137 vulnerabilities - including 30 critical flaws and 14 high-severity bugs scoring 9.0 or higher on the CVSS scale. This surge in patches, partly driven by AI-powered bug detection, is expected to continue, making it crucial to stay on top of updates.

Analyst 207
Cluttered developer workstation with laptop and monitor in shared office space.

Cline Kanban Flaw Exposes AI Coding Agents to Website Hijacking

A critical vulnerability in Cline Kanban's WebSocket endpoints lets hackers hijack websites visited by developers, silently interacting with local AI agents - and it's a flaw that requires zero phishing, malware, or social engineering. This severe flaw, scoring 9.7 on the CVSS scale, puts AI coding agents at risk of website hijacking.

Analyst 207
Sharp-focus laptop screen on a modern desk with blurred background.

Google Fixes Critical Gemini CLI Flaw Enabling Remote Code Execution

Google patched a critical flaw in Gemini CLI that allowed hackers to inject malicious code and take control of host systems, thanks to a report from Novee Security. The vulnerability, scoring a perfect 10.0 on the CVSS scale, has been fixed in recent updates to the @google/gemini-cli and google-github-actions/run-gemini-cli packages.

Analyst 207
Cluttered developer workstation with laptop, coding tools, and notebook in a bright, neutral office space.

Cursor Flaw Exposes Developer API Keys to Unrestricted Access

A single design flaw in the AI-powered development tool Cursor has been found to expose developer API keys to unrestricted access, earning a high-severity CVSS score of 8.2. This vulnerability stems from Cursor's weak storage design, which stores sensitive authentication data in a locally accessible SQLite database without proper protection.

Analyst 207
A cracked laptop screen with code emanating from the cracks, set against a dark cityscape with a lone figure in a hoodie.

nginx-ui Flaw Enables Full Server Takeover via Active Exploits

A single flaw in nginx-ui, a popular open-source management tool for Nginx, has been actively exploited, allowing attackers to seize control of your server with ease. This critical authentication bypass vulnerability, tracked as CVE-2026-33032, has been rated extremely severe with a CVSS score of 9.8.

Analyst 207