Top/Articles

Articles

markdown-preview-enhanced-cve-2026-49492-49493-50733-vscode-rce-cover-en

Markdown Preview Enhanced (VS Code Extension): Opening a Markdown File Can Run Code, CVE-2026-49492/49493/50733, Update to 0.8.28

In Markdown Preview Enhanced, the popular VS Code extension, opening and previewing a malicious Markdown file can run code on your PC (CVE-2026-49492/49493/50733). Update to 0.8.28.

2026.06.0614 views

solarwinds-serv-u-cve-2026-28318-kev-dos-cover-en

News

SolarWinds Serv-U Flaw Lets Attackers Crash the Service: CVE-2026-28318, Now Exploited

SecurityInfrastructure

A flaw in the enterprise file-transfer server SolarWinds Serv-U lets attackers crash the service by sending a crafted request without authentication. Tracked as CVE-2026-28318 (CVSS 7.5), CISA added it to KEV on June 5, 2026 as actively exploited and ordered federal agencies to fix it by June 19. Here are the affected versions, the 15.5.4-hotfix-1 fix, and what to do now.

2026.06.0644 views

7-zip-cve-2026-48095-ntfs-heap-overflow-rce-cover-en

News

7-Zip Flaw Lets a Crafted File Take Over Your PC: CVE-2026-48095, Update to 26.01

SecurityDevelopment

A flaw in the free 7-Zip compressor lets a crafted file take over a PC just by being opened. Tracked as CVE-2026-48095 (CVSS 8.8), it affects version 26.00 and earlier and can trigger even from files disguised as .zip or .rar. 7-Zip has no auto-update and PoC code is public. Here are the affected versions, update steps, and what to do now.

2026.06.0610 views

tp-link-tapo-cve-2026-34126-bluetooth-cleartext-setup-cover-en

News

Tapo D100C, L535E and P300 Leak Setup Data Over Bluetooth (CVE-2026-34126) — Update Now

PrivacySecurity

TP-Link's Tapo smart-home devices — the D100C doorbell chime, L535E bulb, and P300 power strip — leak their initial-setup Bluetooth communication in cleartext, letting someone nearby intercept it or hijack the device (CVE-2026-34126). Fixed firmware is out; here is how to check and update affected models and what to do if already set up.

2026.06.0527 views

bartender-cve-2026-25550-net-remoting-rce-cover-en

News

Unauthenticated Takeover in Label Software BarTender (CVE-2026-25550): Legacy 2010/2016/2019 at Risk

SecurityInfrastructure

BarTender, the label and barcode printing software widely used in factories, warehouses and logistics, has a 9.8-severity flaw (CVE-2026-25550) in its legacy 2010/2016/2019 versions. An attacker can take over the PC remotely with no login and run code at the highest privilege. Block the service and migrate.

2026.06.0511 views

tautulli-cve-2026-43986-plex-monitor-takeover-cover-en

News

Plex Companion Tautulli Hit by Five Flaws (CVE-2026-43986 and More): Update to v2.17.1

InfrastructureDevelopmentSecurity

Tautulli, the popular dashboard that tracks viewing on the Plex media server, has five vulnerabilities including a 9.9-severity flaw. Some paths work without logging in, and chained together they lead to admin-panel takeover or code execution on your server. Update to v2.17.1.

2026.06.058 views

openstack-mistral-cve-2026-41283-policy-bypass-rce-cover-en

News

Critical Takeover Flaw in OpenStack Mistral: CVE-2026-41283 Lets Any Logged-In User Run Code

DevelopmentSecurityInfrastructure

CVE-2026-41283: a 9.9-severity flaw in OpenStack Mistral lets any logged-in user run arbitrary code and steal cloud-wide service credentials. Patch now.

2026.06.0426 views

mirasvit-cache-warmer-cve-2026-45247-magento-rce-cover-en

News

Magento Stores Face Server Takeover Flaw CVE-2026-45247, Already Under Attack

DevelopmentInfrastructureSecurity

A Magento extension used by online stores worldwide has a critical flaw (CVE-2026-45247, CVSS 9.8) that lets attackers take over servers without logging in. Real attacks have already begun, risking theft of shoppers' credit card data. Affected stores must update to 1.11.12 now.

2026.06.044 views

apache-mina-cve-2026-47065-deserialization-rce-cover-en

News

Apache MINA Flaw CVE-2026-47065 Lets Attackers Take Over Servers Without a Login

SecurityDevelopmentInfrastructure

Apache MINA, the Java networking library behind many server apps, has a critical flaw (CVE-2026-47065, CVSS 9.8) that lets attackers take over servers without logging in. It is the third bypass of earlier fixes—update to 2.2.8, 2.1.13, or 2.0.29 now.

2026.06.037 views

authentik-cve-2026-49448-multiple-vulnerabilities-cover-en

News

authentik Identity Platform: 4 Flaws Let Attackers Skip Login, CVE-2026-49448 — Update Now

InfrastructureGlobal CompaniesSecurity

Four serious vulnerabilities have been found in authentik, the identity platform widely used for single sign-on. The worst lets an unauthenticated attacker skip an authentication step by sending empty data and log in as someone else (CVE-2026-49448, CVSS 9.8). Here are the affected versions, the patched releases to update to now, and how to check.

2026.06.038 views

linux-cgroups-cve-2022-0492-container-escape-kev-cover-en

News

Linux container-escape flaw CVE-2022-0492 exploited; CISA orders a fix

InfrastructureSecurityLinux

Linux cgroups v1 flaw CVE-2022-0492 is being exploited and CISA added it to KEV. A missing permission check on release_agent enables container escape and privilege escalation. Escape needs conditions like privileged containers. Update to kernel 5.17+ and harden.

2026.06.0329 views

amazon-kiro-cve-2026-10591-file-write-tasks-json-rce-cover-en

News

Flaw in Amazon's AI dev tool Kiro, CVE-2026-10591: open a folder, run code

SecurityDevelopmentAI

Amazon Kiro flaw CVE-2026-10591 (CVSS 8.8): the AI's file-write tool can write to .vscode/tasks.json, auto-running an attacker's command when the folder opens. Prompt injection is the trigger. Update to Kiro 0.11 or later.

2026.06.032 views

1…6 789 10…15