ALL POSTS

Key Findings Critical vulnerability (CVE-2026-1868) discovered in GitLab self-hosted AI Gateway with a CVSS score of 9.9 Flaw allows attackers to execute arbitrary code or trigger a Denial of Service on affected systems The vulnerability is caused by improper sanitization of user-supplied templates in the Duo Workflow Service Affects versions 18.1.6, 18.2.6, and 18.3.1 of the GitLab AI Gateway Patched versions 18.6.2, 18.7.1, and 18.8.1 have been released to address the issue

Key Findings SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws. The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication: CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods CVE-2025-40553 (CVSS 9.8

Key Findings Apache has patched a vulnerability (CVE-2025-60021) in its bRPC C++ RPC framework The flaw allows remote command injection by manipulating the `extra_options` parameter in the `/pprof/heap` endpoint The vulnerability affects bRPC versions 1.11.0 through 1.14.0, and is rated as "Important" bRPC is widely used in high-performance systems for search, storage, ML, advertising, and recommendation Successful exploitation could allow attackers to execute remote commands

Key Findings Microsoft released its January 2026 security update, addressing 112 vulnerabilities, including 8 critical flaws One of the "important" vulnerabilities, CVE-2026-20805, is being exploited in the wild 6 out of the 8 critical vulnerabilities are remote code execution (RCE) affecting Windows services and Microsoft Office The remaining 2 critical vulnerabilities are elevation of privilege (EoP) affecting Windows Graphic Component and Windows Virtualization-Based Secur

Key Findings Trend Micro patched three vulnerabilities (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console. The most severe issue is a LoadLibraryEX remote code execution (RCE) vulnerability tracked as CVE-2025-69258, with a CVSS score of 9.8. The other vulnerabilities are an unchecked NULL return value Denial of Service (DoS) issue (CVE-2025-69259) and a message out-of-bounds read Denial of Service (DoS) flaw (CVE-2025-69260), both with a

Key Findings IBM disclosed a critical vulnerability (CVE-2025-13915) in its API Connect product that allows remote attackers to bypass authentication and gain unauthorized access. The vulnerability has a CVSS score of 9.8, indicating a severe and high-risk flaw. The issue affects versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0 of IBM API Connect. Background IBM API Connect is an end-to-end API management solution used by organizations to create, test, manage, and secure APIs

Key Findings Vulnerability CVE-2025-54322 in XSpeeder networking devices allows for remote root access without a password. The vulnerability earned a perfect 10.0 (Critical) CVSS score, the highest possible threat rating. The vulnerability was discovered by the research firm pwn.ai using its proprietary AI tool. Over 70,000 XSpeeder devices are currently exposed online due to this vulnerability. Despite the research team's 7-month effort to notify the vendor, XSpeeder has not

Key Findings A critical vulnerability, tracked as CVE-2025-14847, has been discovered in MongoDB, a popular open-source database system. The flaw, dubbed "MongoBleed," allows remote, unauthenticated attackers to read sensitive contents from the server's memory (heap), potentially exposing internal states and pointers. The vulnerability lies in how MongoDB handles Zlib compressed protocol headers, where the server blindly trusts the length claimed by a client, even when it doe

Key Findings: A critical security flaw (CVE-2025-68664) has been disclosed in LangChain Core that could enable attackers to steal sensitive secrets and influence large language model (LLM) responses through prompt injection. The vulnerability, tracked as CVE-2025-68664, carries a CVSS score of 9.3 out of 10.0. The vulnerability is caused by a serialization injection issue in the `dumps()` and `dumpd()` functions of LangChain, which fail to properly escape dictionaries with "l

Key Findings A critical security vulnerability (CVE-2025-68613) with a CVSS score of 9.9 has been discovered in the n8n workflow automation platform. The flaw could enable arbitrary code execution under certain circumstances, potentially leading to a full compromise of the affected instances. The vulnerability affects all versions of n8n from 0.211.0 and below 1.120.4, and has been patched in versions 1.120.4, 1.121.1, and 1.122.0. According to Censys, there are 103,476 poten

Key Findings: A use-after-free (UAF) vulnerability in the Linux kernel's io_uring subsystem can be exploited to bypass the BPF verifier and achieve container escape. The flaw, tracked as CVE-2025-40364, allows attackers to manipulate the BPF verifier and gain arbitrary kernel code execution. Proof-of-concept (PoC) exploits have been publicly released, demonstrating the feasibility of the attack. Background The Linux kernel's io_uring subsystem is a high-performance I/O interf

Key Findings CVE-2025-55184 (CVSS 7.5) - A pre-authentication denial of service vulnerability in React Server Components (RSC) that can trigger an infinite loop and hang the server process CVE-2025-67779 (CVSS 7.5) - An incomplete fix for CVE-2025-55184 with the same impact CVE-2025-55183 (CVSS 5.3) - An information leak vulnerability that may expose the source code of a vulnerable Server Function Background The React team has released fixes for three new vulnerabilities in R

Key Findings Microsoft released patches for 56 security vulnerabilities in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two of the patched vulnerabilities are listed as publicly known at the time of the release. The vulnerabilities include 29 privilege escalation, 18 remote code execution, four information disclosure, th

Key Findings A critical vulnerability (CVE-2025-59718, CVE-2025-59719) in Fortinet's FortiCloud Single Sign-On (SSO) feature allows unauthenticated attackers to bypass authentication and gain administrative access to affected devices. The vulnerability, which has a CVSS score of 9.1, stems from improper verification of cryptographic signatures (CWE-347) in the FortiCloud SSO SAML implementation. Affected products include FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager.

Key Findings A critical XXE vulnerability (CVE-2025-66516) with a CVSS score of 10.0 was discovered in Apache Tika The vulnerability allows XML external entity attacks and affects Tika's core, PDF, and parser modules Attackers can embed a malicious XFA file inside a PDF to trigger the XXE injection in Tika Background Apache Tika is an open-source content analysis toolkit used to extract text, metadata, and structured information from various file types Tika is widely used in

Key Findings A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-62593, has been discovered in the Ray framework. The vulnerability allows attackers to execute arbitrary code on a developer's machine via a malicious website or advertisement, targeting users of Safari and Firefox. The attack exploits a flaw in how Ray handles local API requests, bypassing the framework's defense mechanism that relies on checking the User-Agent header. Background Ray is a

Key Findings A critical vulnerability in Fortinet's FortiWeb Web Application Firewall (WAF) product allows unauthenticated attackers to gain administrative-level access. The flaw has been observed actively exploited in the wild since October 2025. A public Proof-of-Concept (PoC) exploit exists, raising the likelihood of widespread exploitation. Organizations using vulnerable versions of FortiWeb are advised to take emergency remediation steps. Background On October 6, 2025, c

Key Findings: A newly discovered vulnerability in the Windows Kernel, tracked as CVE-2025-62215, allows local privilege escalation. The flaw, present in all supported versions of Windows, enables a low-privileged user or process to elevate their permissions to gain SYSTEM-level access. Proof-of-concept (PoC) exploits have been publicly released, demonstrating the ability to achieve arbitrary code execution with SYSTEM privileges. The vulnerability is considered high-severity,