DEV Community: Freedom Coder

CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Freedom Coder — Fri, 29 May 2026 22:01:12 +0000

CVE ID

CVE-2026-0257

Vulnerability Name

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Project: Palo Alto Networks
Product: PAN-OS

Date

Date Added: 2026-05-29
Due Date: 2026-06-01

Description

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://security.paloaltonetworks.com/CVE-2026-0257 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0257

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

CVE-2026-8398: Daemon Tools Lite Embedded Malicious Code Vulnerability

Freedom Coder — Wed, 27 May 2026 22:07:45 +0000

CVE ID

CVE-2026-8398

Vulnerability Name

Daemon Tools Lite Embedded Malicious Code Vulnerability

Project: Daemon
Product: Daemon Tools Lite

Date

Date Added: 2026-05-27
Due Date: 2026-05-30

Description

Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://blog.daemon-tools.cc/post/security-incident ; https://nvd.nist.gov/vuln/detail/CVE-2026-8398

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

CVE-2026-45321: TanStack Unspecified Vulnerability

Freedom Coder — Wed, 27 May 2026 22:04:24 +0000

CVE ID

CVE-2026-45321

Vulnerability Name

TanStack Unspecified Vulnerability

Project: TanStack
Product: TanStack

Date

Date Added: 2026-05-27
Due Date: 2026-06-10

Description

TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx ; https://nvd.nist.gov/vuln/detail/CVE-2026-45321

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

CVE-2026-48027: Nx Console Embedded Malicious Code Vulnerability

Freedom Coder — Wed, 27 May 2026 22:01:04 +0000

CVE ID

CVE-2026-48027

Vulnerability Name

Nx Console Embedded Malicious Code Vulnerability

Project: Nx
Product: Nx Console

Date

Date Added: 2026-05-27
Due Date: 2026-06-10

Description

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w ; https://nvd.nist.gov/vuln/detail/CVE-2026-48027

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

Freedom Coder — Tue, 26 May 2026 19:01:05 +0000

CVE ID

CVE-2026-48172

Vulnerability Name

LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

Project: LiteSpeed
Product: cPanel Plugin

Date

Date Added: 2026-05-26
Due Date: 2026-05-29

Description

LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-9082: Drupal Core SQL Injection Vulnerability

Freedom Coder — Fri, 22 May 2026 22:01:03 +0000

CVE ID

CVE-2026-9082

Vulnerability Name

Drupal Core SQL Injection Vulnerability

Project: Drupal
Product: Core

Date

Date Added: 2026-05-22
Due Date: 2026-05-27

Description

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.drupal.org/sa-core-2026-004 ; https://nvd.nist.gov/vuln/detail/CVE-2026-9082

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

CVE-2010-5330: Ubiquiti AirOS Command Injection Vulnerability

Freedom Coder — Fri, 22 May 2026 16:30:07 +0000

CVE ID

CVE-2010-5330

Vulnerability Name

Ubiquiti AirOS Command Injection Vulnerability

Project: Ubiquiti
Product: AirOS

Date

Date Added: 2022-04-15
Due Date: 2022-05-06

Description

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2010-5330

Related Security News

Ubiquiti patches three max severity UniFi OS vulnerabilities

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

CVE-2026-34926: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

Freedom Coder — Fri, 22 May 2026 01:06:04 +0000

CVE ID

CVE-2026-34926

Vulnerability Name

Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

Project: Trend Micro
Product: Apex One

Date

Date Added: 2026-05-21
Due Date: 2026-06-04

Description

Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

CVE-2025-34291: Langflow Origin Validation Error Vulnerability

Freedom Coder — Fri, 22 May 2026 01:01:03 +0000

CVE ID

CVE-2025-34291

Vulnerability Name

Langflow Origin Validation Error Vulnerability

Project: Langflow
Product: Langflow

Date

Date Added: 2026-05-21
Due Date: 2026-06-04

Description

Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/langflow-ai/langflow ; https://github.com/langflow-ai/langflow/releases/tag/v1.9.3; https://github.com/langflow-ai/langflow/issues/11465#event-25774545848 ; https://nvd.nist.gov/vuln/detail/CVE-2025-34291

Related Security News

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability

Freedom Coder — Wed, 20 May 2026 19:09:57 +0000

CVE ID

CVE-2026-45498

Vulnerability Name

Microsoft Defender Denial of Service Vulnerability

Project: Microsoft
Product: Defender

Date

Date Added: 2026-05-20
Due Date: 2026-06-03

Description

Microsoft Defender contains an unspecified vulnerability that allows for denial of service.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

CVE-2026-41091: Microsoft Defender Link Following Vulnerability

Freedom Coder — Wed, 20 May 2026 19:08:30 +0000

CVE ID

CVE-2026-41091

Vulnerability Name

Microsoft Defender Link Following Vulnerability

Project: Microsoft
Product: Defender

Date

Date Added: 2026-05-20
Due Date: 2026-06-03

Description

Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

CVE-2010-0806: Microsoft Internet Explorer Use-After-Free Vulnerability

Freedom Coder — Wed, 20 May 2026 19:07:04 +0000

CVE ID

CVE-2010-0806

Vulnerability Name

Microsoft Internet Explorer Use-After-Free Vulnerability

Project: Microsoft
Product: Internet Explorer

Date

Date Added: 2026-05-20
Due Date: 2026-06-03

Description

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806

Related Security News

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List