security bulletin
CVE-2026-45247: Critical Magento RCE Vulnerability in Mirasvit Cache Warmer
CVE-2026-45247 is a critical PHP deserialization vulnerability in Mirasvit Cache Warmer allowing unauthenticated RCE. Learn the impact and how to fix it. The post <em>CVE-2026-45247</em>: Critical Magento RCE Vulnerability in <em>Mirasvit Cache ...
NGINX Under Active Attack: CVE-2026-42945 and CVE-2026-9256 Put Your Infrastructure at Risk
Two critical NGINX heap buffer overflows are under active exploitation. Learn what's at risk, affected versions, and fixes for CVE-2026-42945 and CVE-2026-9256. The post NGINX Under Active Attack: <em>CVE-2026-42945</em> and <em>CVE-2026-9256</em> Put ...
CVE-2026-9082: Critical Drupal SQL Injection Vulnerability Affects PostgreSQL Deployments
A critical SQLi vulnerability in Drupal core is actively exploited. Find out which versions are affected, what's at risk, and how to patch your PostgreSQL deployment. The post CVE-2026-9082: Critical <em>Drupal SQL ...
CVE-2026-44575: Middleware Authorization Bypass in Next.js App Router
CVE-2026-44575 lets attackers bypass Next.js middleware via .rsc and segment-prefetch requests. Learn exploit steps, fixes and AppTrana coverage. The post CVE-2026-44575: <em>Middleware Authorization Bypass</em> in Next.js App Router appeared first on Indusface ...
Bleeding Llama (CVE-2026-7482): Critical Unauthenticated Memory Leak in Ollama
Critical Ollama flaw CVE-2026-7482 exposes 300K servers, letting attackers leak API keys, prompts, and credentials through just three API calls silently. The post <em>Bleeding Llama</em> (CVE-2026-7482): Critical Unauthenticated Memory Leak in Ollama ...
CVE-2026-23918: Apache HTTP/2 Double-Free Vulnerability with Possible RCE
CVE-2026-23918 is a high-severity Apache HTTP/2 double-free flaw affecting version 2.4.66. Learn the root cause, who's at risk, and how to patch or mitigate it. The post CVE-2026-23918: Apache HTTP/2 Double-Free Vulnerability ...
CVE-2026-41940: Zero-Day Authentication Bypass in cPanel & WHM
A critical zero-day vulnerability in cPanel & WHM is giving attackers unauthenticated root-level access to servers managing over tens of millions of domains. No credentials required, no prior access needed. The post ...
CVE-2026-42208: Pre-Authentication SQL Injection in LiteLLM Exposes API Credentials
LiteLLM's unauthenticated SQL injection flaw leaks API credentials across providers. Explore CVE-2026-42208 impact, fixes, and AppTrana WAAP coverage. The post CVE-2026-42208: <em>Pre-Authentication SQL Injection in LiteLLM</em> Exposes API Credentials appeared first on ...
CVE-2026-32201: SharePoint Spoofing Vulnerability Enabling Unauthenticated Impersonation
CVE-2026-32201 is an actively exploited SharePoint spoofing flaw. No auth needed. Learn the impact, affected versions, and how to stay protected. The post CVE-2026-32201: <em>SharePoint Spoofing Vulnerability</em> Enabling Unauthenticated Impersonation appeared first ...
CVE-2026-34197: Apache ActiveMQ Jolokia RCE Vulnerability
CVE-2026-34197: ActiveMQ Jolokia flaw enables authenticated RCE, exposing sensitive data, credentials, and integrated systems across enterprise environments. The post CVE-2026-34197: Apache ActiveMQ Jolokia RCE Vulnerability appeared first on Indusface ...
