Threats Tagged 'patch'

Cisco has disclosed a critical, unpatched zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that is actively exploited in the wild. The flaw allows local attackers with netadmin privileges to perform command injection attacks, leading to root privilege escalation by uploading crafted files. Exploitation requires valid credentials or prior exploitation of related vulnerabilities (CVE-2026-20182 or CVE-2026-20127). The vulnerability affects all deployment types of the product, including on-premises and cloud-managed versions. Cisco has not yet released a patch for this zero-day but advises monitoring for indicators of compromise and engaging Cisco TAC for incident response support. The vendor has released patches for related vulnerabilities but this specific flaw remains unpatched at this time.

Oracle released its first monthly Critical Security Patch Update (CSPU) in May 2026, addressing 77 vulnerabilities across multiple products including Database Server, REST Data Services, Communications, E-Business Suite, and Hospitality Applications. About a dozen of these vulnerabilities are rated critical, with several exploitable remotely without authentication. Oracle's move to monthly patching aims to reduce the window of exposure caused by delayed patch application. The May CSPU is currently available, with subsequent monthly updates planned. Oracle emphasizes that many breaches stem from unpatched known vulnerabilities rather than zero-days. Organizations using Oracle products should prioritize patching especially for Database Server and REST Data Services due to their higher attack surface and remote exploitability.

A critical remote code execution (RCE) vulnerability, tracked as CVE-2026-45659, affects Microsoft SharePoint Server versions including Subscription Edition, 2019, and Enterprise Server 2016. The flaw arises from deserialization of untrusted data, allowing an authenticated attacker with low privileges (Site Member) to execute code remotely over the network. Microsoft has released security updates to address this vulnerability. Although Microsoft assesses exploitation likelihood as low, the vulnerability's nature and SharePoint's history of being targeted warrant prompt patching. No known exploits are currently reported in the wild.

LiteLLM, an AI Gateway used to route requests to multiple large language model providers, ships with a hardcoded master API key 'sk-1234' in its default configuration. This key grants full administrative access, including generating unlimited API keys, reading all stored provider credentials, making inference calls billed to the victim, accessing spend logs, and modifying or deleting models. The default key is present in the . env. example file and referenced directly in docker-compose setups, with no startup validation or forced rotation. The vulnerability remains unpatched as of the latest release (1. 86. 0). Hundreds of exposed instances with default configurations are publicly accessible, increasing the risk of exploitation. The issue was reported recently and is awaiting vendor response.

A SQL injection vulnerability in Drupal Core was patched recently, but active exploitation attempts began less than 48 hours after the patch release. Approximately 15,000 attack attempts have been recorded targeting around 6,000 sites. The vulnerability allows attackers to perform SQL injection attacks, potentially compromising affected Drupal installations. The patch has been released, but rapid exploitation attempts highlight the urgency for site administrators to apply the update promptly.

This entry discusses a security-related blog post titled 'Score by collisions, patch by panic: defensive architecture for the post-90-day-disclosure era,' which addresses changes in vulnerability disclosure practices. The content is sourced from a Reddit NetSec post linking to an external blog, reflecting on the evolving landscape of patching and disclosure timelines. There are no specific vulnerabilities, affected software versions, or technical exploit details provided. No known exploits or patches are referenced. The severity is indicated as medium, likely reflecting the general importance of the topic rather than an immediate technical threat.

This article details a recently patched critical zero-day vulnerability (CVE-2026-20805) in Microsoft's Desktop Window Manager (DWM) that allows local low-privilege attackers to disclose sensitive memory addresses, aiding privilege escalation. The vulnerability is actively exploited in the wild and affects legacy Windows versions still under extended support. Microsoft has released patches and recommends urgent deployment alongside monitoring and restricting local low-privilege accounts.

The RondoDox botnet is actively exploiting the React2Shell vulnerability to compromise thousands of unpatched devices. This threat leverages a known code execution flaw to hijack vulnerable systems, primarily targeting those that have not applied available patches. While exploitation in the wild is not yet widely confirmed, the botnet's activity indicates a growing risk of large-scale device compromise. European organizations with unpatched infrastructure are at risk of device hijacking, leading to potential service disruption and data integrity issues. The threat is medium severity but could escalate if exploitation becomes widespread. Mitigation requires immediate patching of affected systems and enhanced network monitoring for unusual botnet-related traffic. Countries with high IoT and enterprise device usage, especially those with historically targeted sectors, are more likely to be affected. The threat does not require user interaction but targets unpatched systems, increasing its potential impact. Defenders should prioritize vulnerability management and incident response readiness to mitigate this evolving botnet threat.

MediumBotnetGermanyFranceItaly+5#infosecnews#reddit#botnet

A remote code execution (RCE) vulnerability was discovered in the CurseForge launcher involving an unauthenticated local WebSocket API accessible from the browser. This flaw allowed attackers to execute arbitrary code on the local machine without authentication. The vulnerability has been patched, and no known exploits are currently in the wild. The issue primarily affects users of the CurseForge launcher, a popular mod management tool for games. Due to its local nature and requirement for local access, exploitation complexity is moderate. European organizations using the CurseForge launcher, especially in gaming or software development sectors, could be impacted if the vulnerability is exploited. Mitigation involves applying the official patch promptly and restricting local WebSocket API access. Countries with significant gaming communities and software development industries, such as Germany, France, and the UK, are more likely to be affected. The severity is assessed as medium given the local attack vector and absence of authentication requirements but no remote network exploitation. Defenders should prioritize patching and monitor local WebSocket interfaces for unauthorized access attempts.

MediumVulnerabilityGermanyFranceNetherlands+3#netsec#reddit#rce

A critical remote code execution (RCE) vulnerability has been identified in MongoDB, prompting urgent warnings for administrators to apply patches immediately. Although specific affected versions and technical details are not disclosed, the flaw allows attackers to execute arbitrary code remotely, potentially compromising confidentiality, integrity, and availability of database systems. No known exploits are currently reported in the wild, but the severity and nature of the vulnerability demand swift action. European organizations relying on MongoDB for data storage and management face significant risks including data breaches, service disruption, and unauthorized access. Mitigation requires prioritizing patch deployment, reviewing MongoDB configurations, and enhancing network-level protections. Countries with high adoption of MongoDB and critical infrastructure relying on it are at greater risk. Given the critical impact and ease of exploitation without authentication, this vulnerability is assessed as critical severity. Immediate remediation and proactive monitoring are essential to prevent exploitation and protect sensitive data assets.

CriticalVulnerabilityGermanyFranceNetherlands+4#infosecnews#reddit#high-priority