Fortinet confirms active exploitation of FortiCloud SSO auth bypass (CVE-2026-24858, CVSS 9.4).
Cross-customer access via trusted SSO paths observed.

SSO now blocked for vulnerable versions - patching required.

https://www.technadu.com/fortinet-temporarily-disables-forticloud-sso-following-active-exploitation/619206/

#InfoSec #Fortinet #CVE #IdentitySecurity

@gvip #cve The Menlo https://www.dhs.gov/sites/default/files/publications/CSD-MenloPrinciplesCORE-20120803_1.pdf and also https://web.archive.org/web/20251123232841/https://www.dhs.gov/sites/default/files/publications/CSD-MenloPrinciplesCORE-20120803_1.pdf (assuming archive.org gets well again)

WinRAR-Schwachstelle CVE-2025-8088: Staatsakteure und Cyberkriminelle nutzen Sicherheitslücke massiv aus

Bei CVE-2025-8088 handelt es sich um eine hochriskante Path-Traversal-Schwachstelle, die Angreifer durch Manipulation von Alternate Data Streams (ADS) ausnutzen können.

https://www.all-about-security.de/winrar-schwachstelle-cve-2025-8088-staatsakteure-und-cyberkriminelle-nutzen-sicherheitsluecke-massiv-aus/

#ads
#cve #WinRAR #cybersecurity

🔴 CVE-2026-1056 - Critical (9.8)

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthent...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1056/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-1056 - Critical (9.8)

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1056/

#CVE #vulnerability #infosec #cybersecurity

🟠 CVE-2026-24842 - High (8.2)

node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to cra...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24842/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-14386 - High (8.8)

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' f...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14386/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-24838 - Critical (9.1)

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24838/

#CVE #vulnerability #infosec #cybersecurity

🟠 CVE-2025-14386 - High (8.8)

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions in versions 2.4.4 to 2.5.12. This makes i...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14386/

#CVE #vulnerability #infosec #cybersecurity

🟠 CVE-2026-1280 - High (7.5)

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthe...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1280/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-1280 - High (7.5)

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded fil...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1280/

#CVE #vulnerability #infosec #cybersecurity

🟠 CVE-2026-0844 - High (8.8)

The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers,...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0844/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-0844 - High (8.8)

The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0844/

#CVE #vulnerability #infosec #cybersecurity

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 20 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 11
• 🟡 Medium: 5
• 🔵 Low: 4

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 20 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 11
• 🟡 Medium: 5
• 🔵 Low: 4

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 20 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 11
• 🟡 Medium: 5
• 🔵 Low: 4

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

🟠 CVE-2025-40536 - High (8.1)

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40536/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-40536 - High (8.1)

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40536/

#CVE #vulnerability #infosec #cybersecurity

CVE Alert: CVE-2025-14610 - bloompixel - TableMaster for Elementor – Advanced Responsive Tables for Elementor - https://www.redpacketsecurity.com/cve-alert-cve-2025-14610-bloompixel-tablemaster-for-elementor-advanced-responsive-tables-for-elementor/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-14610 #bloompixel #tablemaster-for-elementor-advanced-responsive-tables-for-elementor

CVE Alert: CVE-2026-0832 - saadiqbal - New User Approve - https://www.redpacketsecurity.com/cve-alert-cve-2026-0832-saadiqbal-new-user-approve/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-0832 #saadiqbal #new-user-approve