DEV Community: Freedom Coder The latest articles on DEV Community by Freedom Coder (@freedom-coder). https://dev.to/freedom-coder https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3057520%2F80e0c6d9-1160-4c3a-9af3-cdf5c163c85b.png DEV Community: Freedom Coder https://dev.to/freedom-coder en CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Vulnerability Freedom Coder Fri, 19 Jun 2026 03:35:11 +0000 https://dev.to/freedom-coder/cve-2023-48788-fortinet-forticlient-ems-sql-injection-vulnerability-141f https://dev.to/freedom-coder/cve-2023-48788-fortinet-forticlient-ems-sql-injection-vulnerability-141f <h3> CVE ID </h3> <p>CVE-2023-48788</p> <h3> Vulnerability Name </h3> <p>Fortinet FortiClient EMS SQL Injection Vulnerability</p> <ul> <li>Project: <strong>Fortinet</strong> </li> <li>Product: <strong>FortiClient EMS</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2024-03-25</li> <li>Due Date: 2024-04-15</li> </ul> <h3> Description </h3> <p>Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Known</p> <h3> Action </h3> <p>Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.</p> <h3> Additional Notes </h3> <p><a href="https://www.fortiguard.com/psirt/FG-IR-24-007" rel="noopener noreferrer">https://www.fortiguard.com/psirt/FG-IR-24-007</a>; <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-48788" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2023-48788</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/inc-ransomware-emerges-as-major-raas-threat-in-2026-with-830-victims-since-2023/" rel="noopener noreferrer">INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023</a></li> <li><a href="https://www.scyscan.com/news/badpilot-network-hacking-campaign-fuels-russian-sandworm-attacks/" rel="noopener noreferrer">BadPilot network hacking campaign fuels Russian SandWorm attacks</a></li> <li><a href="https://www.scyscan.com/news/microsoft-russias-sandworm-apt-exploits-edge-bugs-globally/" rel="noopener noreferrer">Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally</a></li> <li><a href="https://www.scyscan.com/news/microsoft-uncovers-sandworm-subgroups-global-cyber-attacks-spanning-15-countries/" rel="noopener noreferrer">Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries</a></li> <li><a href="https://www.scyscan.com/news/chinese-hackers-use-ghostspider-malware-to-hack-telecoms-across-12-countries/" rel="noopener noreferrer">Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries</a></li> <li><a href="https://www.scyscan.com/news/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/" rel="noopener noreferrer">Salt Typhoon hackers backdoor telcos with new GhostSpider malware</a></li> <li><a href="https://www.scyscan.com/news/ransomware-gangs-use-lockbits-fame-to-intimidate-victims-in-latest-attacks/" rel="noopener noreferrer">Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks</a></li> <li><a href="https://www.scyscan.com/news/ransomhub-ransomware-group-targets-210-victims-across-critical-sectors/" rel="noopener noreferrer">RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> fortinet forticlientems cybersecurity vulnerability CVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerability Freedom Coder Thu, 18 Jun 2026 22:01:30 +0000 https://dev.to/freedom-coder/cve-2026-20253-splunk-enterprise-missing-authentication-for-critical-function-vulnerability-25f7 https://dev.to/freedom-coder/cve-2026-20253-splunk-enterprise-missing-authentication-for-critical-function-vulnerability-25f7 <h3> CVE ID </h3> <p>CVE-2026-20253</p> <h3> Vulnerability Name </h3> <p>Splunk Enterprise Missing Authentication for Critical Function Vulnerability</p> <ul> <li>Project: <strong>Splunk</strong> </li> <li>Product: <strong>Enterprise</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2026-06-18</li> <li>Due Date: 2026-06-21</li> </ul> <h3> Description </h3> <p>Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Unknown</p> <h3> Action </h3> <p>Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.</p> <h3> Additional Notes </h3> <p><a href="https://advisory.splunk.com/advisories/SVD-2026-0603" rel="noopener noreferrer">https://advisory.splunk.com/advisories/SVD-2026-0603</a> ; BOD 26-04: <a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer">https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk</a> ; Forensics Triage Requirements: <a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer">https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk</a> ; <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20253" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2026-20253</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/" rel="noopener noreferrer">CISA: Splunk Enterprise flaw actively exploited, patch by Sunday</a></li> <li><a href="https://www.scyscan.com/news/unauthenticated-rce-in-splunk-enterprise-under-active-attack-cve-2026-20253/" rel="noopener noreferrer">Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> splunk enterprise cybersecurity vulnerability CVE-2026-48907: Widget Factory Joomla Content Editor Improper Access Control Vulnerability Freedom Coder Wed, 17 Jun 2026 19:01:35 +0000 https://dev.to/freedom-coder/cve-2026-48907-widget-factory-joomla-content-editor-improper-access-control-vulnerability-4dbf https://dev.to/freedom-coder/cve-2026-48907-widget-factory-joomla-content-editor-improper-access-control-vulnerability-4dbf <h3> CVE ID </h3> <p>CVE-2026-48907</p> <h3> Vulnerability Name </h3> <p>Widget Factory Joomla Content Editor Improper Access Control Vulnerability</p> <ul> <li>Project: <strong>Widget Factory</strong> </li> <li>Product: *<em>Joomla Content Editor *</em> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2026-06-16</li> <li>Due Date: 2026-06-19</li> </ul> <h3> Description </h3> <p>Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users. </p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Unknown</p> <h3> Action </h3> <p>Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.</p> <h3> Additional Notes </h3> <p><a href="https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites" rel="noopener noreferrer">https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites</a> ; <a href="https://www.joomlacontenteditor.net/support/changelog/editor" rel="noopener noreferrer">https://www.joomlacontenteditor.net/support/changelog/editor</a> ; BOD 26-04: <a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer">https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk</a> ; Forensics Triage Requirements: <a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer">https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk</a> ; <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-48907" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2026-48907</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/cisa-warns-of-actively-exploited-joomla-jce-flaw-allowing-php-code-execution/" rel="noopener noreferrer">CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution</a></li> <li><a href="https://www.scyscan.com/news/cisa-orders-feds-to-patch-max-severity-joomla-plugin-flaw-by-friday/" rel="noopener noreferrer">CISA orders feds to patch max severity Joomla plugin flaw by Friday</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> widgetfactory joomlacontenteditor cybersecurity vulnerability CVE-2026-20262: Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability Freedom Coder Tue, 16 Jun 2026 16:06:23 +0000 https://dev.to/freedom-coder/cve-2026-20262-cisco-catalyst-sd-wan-manager-directory-or-path-traversal-vulnerability-5hdp https://dev.to/freedom-coder/cve-2026-20262-cisco-catalyst-sd-wan-manager-directory-or-path-traversal-vulnerability-5hdp <h3> CVE ID </h3> <p>CVE-2026-20262</p> <h3> Vulnerability Name </h3> <p>Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability</p> <ul> <li>Project: <strong>Cisco</strong> </li> <li>Product: <strong>Catalyst SD-WAN Manager</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2026-06-15</li> <li>Due Date: 2026-06-29</li> </ul> <h3> Description </h3> <p>Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Unknown</p> <h3> Action </h3> <p>Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.</p> <h3> Additional Notes </h3> <p><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ" rel="noopener noreferrer">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ</a> ; BOD 26-04: <a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer">https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk</a> ; Forensics Triage Requirements: <a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer">https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk</a> ; <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20262" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2026-20262</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/cisco-releases-security-updates-for-actively-exploited-sd-wan-manager-flaw/" rel="noopener noreferrer">Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> cisco catalystsdwanmanager cybersecurity vulnerability CVE-2026-54420: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability Freedom Coder Tue, 16 Jun 2026 16:01:22 +0000 https://dev.to/freedom-coder/cve-2026-54420-litespeed-cpanel-plugin-unix-symbolic-link-symlink-following-vulnerability-372a https://dev.to/freedom-coder/cve-2026-54420-litespeed-cpanel-plugin-unix-symbolic-link-symlink-following-vulnerability-372a <h3> CVE ID </h3> <p>CVE-2026-54420</p> <h3> Vulnerability Name </h3> <p>LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability</p> <ul> <li>Project: <strong>LiteSpeed</strong> </li> <li>Product: <strong>cPanel Plugin</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2026-06-15</li> <li>Due Date: 2026-06-18</li> </ul> <h3> Description </h3> <p>LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Unknown</p> <h3> Action </h3> <p>Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.</p> <h3> Additional Notes </h3> <p><a href="https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/" rel="noopener noreferrer">https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/</a> ; BOD 26-04: <a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer">https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk</a> ; Forensics Triage Requirements: <a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer">https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk</a> ; <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-54420" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2026-54420</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/cisa-warns-of-another-cpanel-plugin-flaw-exploited-in-attacks/" rel="noopener noreferrer">CISA warns of another cPanel plugin flaw exploited in attacks</a></li> <li><a href="https://www.scyscan.com/news/cisa-flags-litespeed-cpanel-plugin-flaw-exploited-for-root-privilege-escalation/" rel="noopener noreferrer">CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> litespeed cpanelplugin cybersecurity vulnerability CVE-2024-20399: Cisco NX-OS Command Injection Vulnerability Freedom Coder Fri, 12 Jun 2026 20:35:04 +0000 https://dev.to/freedom-coder/cve-2024-20399-cisco-nx-os-command-injection-vulnerability-542e https://dev.to/freedom-coder/cve-2024-20399-cisco-nx-os-command-injection-vulnerability-542e <h3> CVE ID </h3> <p>CVE-2024-20399</p> <h3> Vulnerability Name </h3> <p>Cisco NX-OS Command Injection Vulnerability</p> <ul> <li>Project: <strong>Cisco</strong> </li> <li>Product: <strong>NX-OS</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2024-07-02</li> <li>Due Date: 2024-07-23</li> </ul> <h3> Description </h3> <p>Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Unknown</p> <h3> Action </h3> <p>Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.</p> <h3> Additional Notes </h3> <p><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP" rel="noopener noreferrer">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP</a>; <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-20399" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2024-20399</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/china-linked-hackers-backdoored-linux-login-software-to-hide-for-nearly-a-decade/" rel="noopener noreferrer">China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade</a></li> <li><a href="https://www.scyscan.com/news/cisco-bug-lets-hackers-run-commands-as-root-on-uwrb-access-points/" rel="noopener noreferrer">Cisco bug lets hackers run commands as root on UWRB access points</a></li> <li><a href="https://www.scyscan.com/news/cisco-warns-of-backdoor-admin-account-in-smart-licensing-utility/" rel="noopener noreferrer">Cisco warns of backdoor admin account in Smart Licensing Utility</a></li> <li><a href="https://www.scyscan.com/news/chinese-hackers-exploit-zero-day-cisco-switch-flaw-to-gain-system-control/" rel="noopener noreferrer">Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control</a></li> <li><a href="https://www.scyscan.com/news/exploit-released-for-cisco-ssm-bug-allowing-admin-password-changes/" rel="noopener noreferrer">Exploit released for Cisco SSM bug allowing admin password changes</a></li> <li><a href="https://www.scyscan.com/news/cisco-ssm-on-prem-bug-lets-hackers-change-any-users-password/" rel="noopener noreferrer">Cisco SSM On-Prem bug lets hackers change any user's password</a></li> <li><a href="https://www.scyscan.com/news/cisa-urges-devs-to-weed-out-os-command-injection-vulnerabilities/" rel="noopener noreferrer">CISA urges devs to weed out OS command injection vulnerabilities</a></li> <li><a href="https://www.scyscan.com/news/chinese-hackers-exploiting-cisco-switches-zero-day-to-deliver-malware/" rel="noopener noreferrer">Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware</a></li> <li><a href="https://www.scyscan.com/news/cisco-warns-of-nx-os-zero-day-exploited-to-deploy-custom-malware/" rel="noopener noreferrer">Cisco warns of NX-OS zero-day exploited to deploy custom malware</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> cisco nxos cybersecurity vulnerability CVE-2026-10520: Ivanti Sentry OS Command Injection Vulnerability Freedom Coder Fri, 12 Jun 2026 04:01:05 +0000 https://dev.to/freedom-coder/cve-2026-10520-ivanti-sentry-os-command-injection-vulnerability-325l https://dev.to/freedom-coder/cve-2026-10520-ivanti-sentry-os-command-injection-vulnerability-325l <h3> CVE ID </h3> <p>CVE-2026-10520</p> <h3> Vulnerability Name </h3> <p>Ivanti Sentry OS Command Injection Vulnerability</p> <ul> <li>Project: <strong>Ivanti</strong> </li> <li>Product: <strong>Sentry</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2026-06-11</li> <li>Due Date: 2026-06-14</li> </ul> <h3> Description </h3> <p>Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Unknown</p> <h3> Action </h3> <p>Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.</p> <h3> Additional Notes </h3> <p><a href="https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US" rel="noopener noreferrer">https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US</a> ; BOD 26-04: <a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer">https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk</a> ; Forensics Triage Requirements: <a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer">https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk</a> ; <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-10520" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2026-10520</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/cisa-orders-feds-to-patch-actively-exploited-ivanti-flaw-by-sunday/" rel="noopener noreferrer">CISA orders feds to patch actively exploited Ivanti flaw by Sunday</a></li> <li><a href="https://www.scyscan.com/news/max-severity-ivanti-sentry-vulnerability-now-exploited-in-attacks/" rel="noopener noreferrer">Max severity Ivanti Sentry vulnerability now exploited in attacks</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> ivanti sentry cybersecurity vulnerability CVE-2026-33017: Langflow Code Injection Vulnerability Freedom Coder Wed, 10 Jun 2026 16:38:10 +0000 https://dev.to/freedom-coder/cve-2026-33017-langflow-code-injection-vulnerability-58pb https://dev.to/freedom-coder/cve-2026-33017-langflow-code-injection-vulnerability-58pb <h3> CVE ID </h3> <p>CVE-2026-33017</p> <h3> Vulnerability Name </h3> <p>Langflow Code Injection Vulnerability</p> <ul> <li>Project: <strong>Langflow</strong> </li> <li>Product: <strong>Langflow</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2026-03-25</li> <li>Due Date: 2026-04-08</li> </ul> <h3> Description </h3> <p>Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Unknown</p> <h3> Action </h3> <p>Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.</p> <h3> Additional Notes </h3> <p><a href="https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx" rel="noopener noreferrer">https://github.com/langflow-ai/langflow/security/advisories/GHSA-vwmf-pq79-vjvx</a> ; <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-33017" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2026-33017</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/langflow-vulnerability-cve-2026-5027-exploited-for-unauthenticated-rce/" rel="noopener noreferrer">Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE</a></li> <li><a href="https://www.scyscan.com/news/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/" rel="noopener noreferrer">Path traversal flaw in AI dev platform Langflow exploited in attacks</a></li> <li><a href="https://www.scyscan.com/news/unpatched-langflow-flaw-cve-2026-5027-exploited-for-unauthenticated-rce/" rel="noopener noreferrer">Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE</a></li> <li><a href="https://www.scyscan.com/news/cisa-sounds-alarm-on-langflow-rce-trivy-supply-chain-compromise-after-rapid-exploitation/" rel="noopener noreferrer">CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation</a></li> <li><a href="https://www.scyscan.com/news/langchain-langgraph-flaws-expose-files-secrets-databases-in-widely-used-ai-frameworks/" rel="noopener noreferrer">LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks</a></li> <li><a href="https://www.scyscan.com/news/cisa-new-langflow-flaw-actively-exploited-to-hijack-ai-workflows/" rel="noopener noreferrer">CISA: New Langflow flaw actively exploited to hijack AI workflows</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> langflow cybersecurity vulnerability CVE-2026-50751: Check Point Security Gateway Improper Authentication Vulnerability Freedom Coder Tue, 09 Jun 2026 19:08:38 +0000 https://dev.to/freedom-coder/cve-2026-50751-check-point-security-gateway-improper-authentication-vulnerability-3ig6 https://dev.to/freedom-coder/cve-2026-50751-check-point-security-gateway-improper-authentication-vulnerability-3ig6 <h3> CVE ID </h3> <p>CVE-2026-50751</p> <h3> Vulnerability Name </h3> <p>Check Point Security Gateway Improper Authentication Vulnerability</p> <ul> <li>Project: <strong>Check Point</strong> </li> <li>Product: <strong>Security Gateway</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2026-06-08</li> <li>Due Date: 2026-06-11</li> </ul> <h3> Description </h3> <p>Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Known</p> <h3> Action </h3> <p>Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.</p> <h3> Additional Notes </h3> <p><a href="https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/" rel="noopener noreferrer">https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/</a> ; <a href="https://support.checkpoint.com/results/sk/sk185033?_gl=1*1wqeqhc*_gcl_au*MTI1MzE5MjI2LjE3ODA5MzQ1NTM" rel="noopener noreferrer">https://support.checkpoint.com/results/sk/sk185033?_gl=1*1wqeqhc*_gcl_au*MTI1MzE5MjI2LjE3ODA5MzQ1NTM</a>. ; <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-50751" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2026-50751</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/researchers-release-details-poc-for-exploited-check-point-vpn-flaw-cve-2026-50751/" rel="noopener noreferrer">Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> checkpoint securitygateway cybersecurity vulnerability CVE-2026-20245: Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability Freedom Coder Tue, 09 Jun 2026 19:06:07 +0000 https://dev.to/freedom-coder/cve-2026-20245-cisco-catalyst-sd-wan-manager-improper-encoding-or-escaping-of-output-vulnerability-3bfa https://dev.to/freedom-coder/cve-2026-20245-cisco-catalyst-sd-wan-manager-improper-encoding-or-escaping-of-output-vulnerability-3bfa <h3> CVE ID </h3> <p>CVE-2026-20245</p> <h3> Vulnerability Name </h3> <p>Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability</p> <ul> <li>Project: <strong>Cisco</strong> </li> <li>Product: <strong>Catalyst SD-WAN Manager</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2026-06-09</li> <li>Due Date: 2026-06-23</li> </ul> <h3> Description </h3> <p>Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Unknown</p> <h3> Action </h3> <p>Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.</p> <h3> Additional Notes </h3> <p><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx" rel="noopener noreferrer">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx</a> ; <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20245" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2026-20245</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/cisco-releases-security-updates-for-actively-exploited-sd-wan-manager-flaw/" rel="noopener noreferrer">Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw</a></li> <li><a href="https://www.scyscan.com/news/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks/" rel="noopener noreferrer">Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks</a></li> <li><a href="https://www.scyscan.com/news/cisa-adds-cisco-chrome-and-arista-flaws-to-kev-catalog-amid-active-exploitation/" rel="noopener noreferrer">CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> cisco catalystsdwanmanager cybersecurity vulnerability CVE-2026-7473: Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability Freedom Coder Tue, 09 Jun 2026 19:03:36 +0000 https://dev.to/freedom-coder/cve-2026-7473-arista-extensible-operating-system-incomplete-comparison-with-missing-factors-54pe https://dev.to/freedom-coder/cve-2026-7473-arista-extensible-operating-system-incomplete-comparison-with-missing-factors-54pe <h3> CVE ID </h3> <p>CVE-2026-7473</p> <h3> Vulnerability Name </h3> <p>Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability</p> <ul> <li>Project: <strong>Arista</strong> </li> <li>Product: <strong>Extensible Operating System</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2026-06-09</li> <li>Due Date: 2026-06-23</li> </ul> <h3> Description </h3> <p>Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Unknown</p> <h3> Action </h3> <p>Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.</p> <h3> Additional Notes </h3> <p><a href="https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137" rel="noopener noreferrer">https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137</a> ; <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-7473" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2026-7473</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/cisa-adds-cisco-chrome-and-arista-flaws-to-kev-catalog-amid-active-exploitation/" rel="noopener noreferrer">CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> arista extensibleoperatingsystem cybersecurity vulnerability CVE-2026-11645: Google Chromium V8 Out-of-Bounds Read and Write Vulnerability Freedom Coder Tue, 09 Jun 2026 19:01:05 +0000 https://dev.to/freedom-coder/cve-2026-11645-google-chromium-v8-out-of-bounds-read-and-write-vulnerability-4k1m https://dev.to/freedom-coder/cve-2026-11645-google-chromium-v8-out-of-bounds-read-and-write-vulnerability-4k1m <h3> CVE ID </h3> <p>CVE-2026-11645</p> <h3> Vulnerability Name </h3> <p>Google Chromium V8 Out-of-Bounds Read and Write Vulnerability</p> <ul> <li>Project: <strong>Google</strong> </li> <li>Product: <strong>Chromium V8</strong> </li> </ul> <h3> Date </h3> <ul> <li>Date Added: 2026-06-09</li> <li>Due Date: 2026-06-23</li> </ul> <h3> Description </h3> <p>Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.</p> <h3> Known To Be Used in Ransomware Campaigns? </h3> <p>Unknown</p> <h3> Action </h3> <p>Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.</p> <h3> Additional Notes </h3> <p><a href="https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html" rel="noopener noreferrer">https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html</a> ; <a href="https://issues.chromium.org/issues/506689381" rel="noopener noreferrer">https://issues.chromium.org/issues/506689381</a> ; <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-11645" rel="noopener noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2026-11645</a></p> <h3> Related Security News </h3> <ul> <li><a href="https://www.scyscan.com/news/cisa-adds-cisco-chrome-and-arista-flaws-to-kev-catalog-amid-active-exploitation/" rel="noopener noreferrer">CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation</a></li> </ul> <h3> More CVEs Info </h3> <p><a href="https://www.scyscan.com/cves/" rel="noopener noreferrer">Common Vulnerabilities &amp; Exposures (CVE) List</a></p> google chromiumv8 cybersecurity vulnerability