2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6310 — Google Chrome: Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6310

Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH) · EPSS 11th percentile

CWECWE 416VNDGoogleTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6309 — Google Chrome: Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6309

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH) · EPSS 11th percentile

CWECWE 416VNDGoogleTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6306 — Google Chrome: Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6306

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile

CWECWE 122VNDGoogleVNDHeapTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6305 — Google Chrome: Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6305

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile

CWECWE 787CWECWE 122VNDGoogleVNDHeapTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6304 — Google Chrome: Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6304

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.3 (HIGH) · EPSS 11th percentile

CWECWE 416VNDGoogleTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6303 — Google Chrome: Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6303

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH) · EPSS 15th percentile

CWECWE 416VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6302 — Google Chrome: Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6302

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH) · EPSS 15th percentile

CWECWE 416VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6301 — Google Chrome: Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6301

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH) · EPSS 10th percentile

CWECWE 843VNDGoogleVNDTypeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6300 — Google Chrome: Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6300

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVSSv3.1 8.8 (HIGH) · EPSS 15th percentile

CWECWE 416VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6299 — Google Chrome: Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6299

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.8 (HIGH) · EPSS 15th percentile

CWECWE 416VNDGoogleTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-6297 — Google Chrome: Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6297

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 8.3 (HIGH) · EPSS 1th percentile

CWECWE 416VNDGoogleTYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2026-04-15
2026-04-15 20:16Z
CRIT

CVE-2026-6296 — Google Chrome: Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6296

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CVSSv3.1 9.6 (CRITICAL) · EPSS 8th percentile

CWECWE 122VNDGoogleVNDHeapTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-04-15
2026-04-15 20:16Z
HIGH

CVE-2026-35569 — Apostrophecms Apostrophecms: Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-35569

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description), where user-controlled input is rendered without proper output encoding into HTML contexts including <title> tags, <meta> attributes, and JSON-LD structured data. An attacker can inject a payload such as "></title><script>alert(1)</script> to break out of the intended HTML contex CVSSv3.1 8.7 (HIGH) · EPSS 10th percentile

CWECWE 79CWECWE 116VNDApostrophecmsTYPVulnerability
8.7
CVSS v3.1
94
Edit Score
2026-04-15
2026-04-15 20:16Z
CRIT

CVE-2025-41118 — Grafana Pyroscope: The database supports various storage backends, including Tencent Cloud Object Storage (COS).

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-41118

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key configuration value from the Pyroscope API. To exploit this vulnerability, an attacker needs direct access to the Pyroscope API. We highly recommend limiting the public internet exposure of all our databases, su CVSSv3.1 9.1 (CRITICAL) · EPSS 25th percentile

CWECWE 732VNDGrafanaVNDPyroscopeTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-15
2026-04-15 18:17Z
HIGH

CVE-2026-6290 — Rapid7 Velociraptor: versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6290

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries on other orgs which they may not have access to. The user's permissions in the other org are the same as the permissions they have in the org containing the notebook. CVSSv3.1 8.0 (HIGH)

CWECWE 863VNDRapid7VNDVelociraptorTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-04-15
2026-04-15 17:17Z
CRIT

CVE-2026-20186 — Cisco Identity_services_engine: A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-20186

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exp CVSSv3.1 9.9 (CRITICAL) · EPSS 92th percentile

CWECWE 77VNDCiscoTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-04-15
2026-04-15 16:19Z
INFO

BloodHound CE v9.0.1

BloodHound releases·github.com

BloodHound CE v9.0.1 released with dependency updates and DAWGS library bump to 0.4.16. This is a maintenance release addressing identified vulnerabilities in upstream dependencies via Dependabot.

SRFApplicationVNDBloodhoundVNDSpecter OpsTYPToolSTGDiscoverySTGRecon
28
Edit Score
2026-04-15
2026-04-15 16:16Z
CRIT

CVE-2026-30625 — Upsonic: 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30625

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable execution of arbitrary OS commands. Maliciously crafted MCP tasks may lead to remote code execution with the privileges of the Upsonic process. In version 0.72.0 Upsonic added a warn CVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile

CWECWE 77VNDUpsonicTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-15
2026-04-15 16:16Z
HIGH

CVE-2026-30617 — LangChain: LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30617

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When the MCP server is started and MCP is enabled for agent execution, subsequent agent activity triggers execution of arbitrary commands on the server. Successful exploitation allows arbi CVSSv3.1 8.6 (HIGH) · EPSS 41th percentile

CWECWE 77VNDLangchainTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2026-04-15
2026-04-15 16:16Z
HIGH

CVE-2026-30615 — Windsurf: A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic registration of a malicious MCP STDIO server, resulting in execution of arbitrary commands without further user interaction. Successful exploitation may allow attackers to execute commands CVSSv3.1 8.0 (HIGH) · EPSS 18th percentile

CWECWE 77VNDWindsurfTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2026-04-15
2026-04-15 15:16Z
HIGH

CVE-2024-53412 — Command: injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-53412

Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field CVSSv3.1 8.4 (HIGH)

CWECWE 77VNDCommandTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-15
2026-04-15 12:30Z
HIGH

Threat landscape for industrial automation systems in Q4 2025

Kaspersky Securelist·securelist.com

Kaspersky's Q4 2025 industrial threat report reveals a 1.6x spike in worm detections on ICS systems, primarily driven by the Backdoor.MSIL.XWorm distributed via phishing emails in the 'Curriculum-vitae-catalina' campaign targeting HR personnel. Overall malicious object detection on ICS computers declined to 19.7%, but email-based threats remain the primary infection vector, with regional variations showing Africa and Southern Europe as hotspots for removable media and phishing-based attacks respectively.

SRFOsTACTA0001TACTA0002SRFNetwork ApplianceTACTA0003VNDKasperskyTYPResearchTYPThreat Intel
62
Edit Score
2026-04-15
2026-04-15 12:00Z
CRIT

CVE-2026-21643 — Fortinet: CVE-2026-21643 is a critical unauthenticated SQL injection in Fortinet FortiClient EMS 7.4.4

Horizon3.ai·horizon3.aiCVE-2026-21643in the wild0day

CVE-2026-21643 is a critical unauthenticated SQL injection in Fortinet FortiClient EMS 7.4.4 (CVSS 9.8) affecting the administrative GUI that allows remote code execution. Active exploitation in the wild was confirmed by March 30, 2026, and CISA added it to the Known Exploited Vulnerabilities catalog by April 13, 2026. Affected users must upgrade to 7.4.5 or above immediately.

SRFApplicationTACTA0001VNDFortinetTYPVulnerabilityTYPAdvisorySTGExecutionSTGInitial AccessTECT1190
9.8
CVSS v3.1
92
Edit Score
2026-04-15
2026-04-15 12:00Z
HIGH

From Patch Tuesday to Pentest Wednesday®: When “Clean” Didn’t Mean Secure

Horizon3.ai·horizon3.ai

Horizon3.ai published a case study of an internal penetration test at a defense industrial base organization that revealed critical attack paths despite passing external security assessments and maintaining active EDR/endpoint controls. The test demonstrated that credentialed attackers could achieve full domain compromise through credential reuse, lateral movement, and privilege escalation—techniques aligned with Iranian threat actor tradecraft (MuddyWater, APT33, APT39). Targeted remediation focused on breaking attack chains rather than patching individual vulnerabilities, validating that internal testing reveals risks invisible to external assessments.

SRFOsTACTA0004TACTA0005TACTA0001SRFIdentityTACTA0003TACTA0008TYPResearch
72
Edit Score
2026-04-15
2026-04-15 11:16Z
HIGH

CVE-2026-40784 — Authorization: Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40784

Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.2. CVSSv3.1 8.1 (HIGH) · EPSS 16th percentile

CWECWE 639TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
to break out of the intended HTML contex\n\nCVSSv3.1 8.7 (HIGH) · EPSS 10th percentile","commentary":"Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description), where user-controlled input is rendered without proper output encoding into HTML contexts including tags, <meta> attributes, and JSON-LD structured data. An attacker can inject a payload such as \"> to break out of the intended HTML context and execute arbitrary JavaScript in the browser of any authenticated user who views the affected page.","cves":["CVE-2026-35569"],"tags":["type:vulnerability","cwe:CWE-79","cwe:CWE-116","vendor:apostrophecms"],"likes_count":0,"cvss_score":8.7},{"id":"110ea6e4d36b849c","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-41118","title":"CVE-2025-41118 — Grafana Pyroscope: The database supports various storage backends, including Tencent Cloud Object Storage (COS).","published_at":1776284192933,"severity":"critical","editorial_score":96,"summary":"Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS).\n\nIf the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key configuration value from the Pyroscope API.\n\nTo exploit this vulnerability, an attacker needs direct access to the Pyroscope API. We highly recommend limiting the public internet exposure of all our databases, su\n\nCVSSv3.1 9.1 (CRITICAL) · EPSS 25th percentile","commentary":"The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secret_key configuration value from the Pyroscope API. CVSS 9.1 CRITICAL.","cves":["CVE-2025-41118"],"tags":["type:vulnerability","cwe:CWE-732","vendor:grafana","vendor:pyroscope"],"likes_count":0,"cvss_score":9.1},{"id":"246a09133c55aa6e","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6290","title":"CVE-2026-6290 — Rapid7 Velociraptor: versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows","published_at":1776277045030,"severity":"high","editorial_score":90,"summary":"Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries on other orgs which they may not have access to. The user's permissions in the other org are\nthe same as the permissions they have in the org containing the notebook.\n\nCVSSv3.1 8.0 (HIGH)","commentary":"Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries on other orgs which they may not have access to.","cves":["CVE-2026-6290"],"tags":["type:vulnerability","vendor:rapid7","cwe:CWE-863","vendor:velociraptor"],"likes_count":0,"cvss_score":8},{"id":"a3d29d7d3b7cdf5d","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20186","title":"CVE-2026-20186 — Cisco Identity_services_engine: A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker","published_at":1776273423933,"severity":"critical","editorial_score":100,"summary":"A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exp\n\nCVSSv3.1 9.9 (CRITICAL) · EPSS 92th percentile","commentary":"A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. CVSS 9.9 CRITICAL.","cves":["CVE-2026-20186"],"tags":["type:vulnerability","vendor:cisco","cwe:CWE-77"],"likes_count":0,"cvss_score":9.9},{"id":"1a17944e1177c4c7","source":{"id":"rel-bloodhound","name":"BloodHound releases","host":"github.com"},"external_url":"https://github.com/SpecterOps/BloodHound/releases/tag/v9.0.1","title":"BloodHound CE v9.0.1","published_at":1776269960000,"severity":"info","editorial_score":28,"summary":"BloodHound CE v9.0.1 released with dependency updates and DAWGS library bump to 0.4.16. This is a maintenance release addressing identified vulnerabilities in upstream dependencies via Dependabot.","commentary":"Routine patch release with no novel capability additions—dependency hygiene is table stakes for any mature tool. The DAWGS bump and Dependabot churn suggest the team is tracking supply-chain risk, which is good practice but not actionable for operators. Worth upgrading if you're running v9.0.0, otherwise not a priority.","cves":[],"tags":["stage:discovery","surface:application","type:tool","stage:recon","vendor:bloodhound","vendor:specter-ops"],"likes_count":0,"cvss_score":null},{"id":"b68ef67222622de8","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30625","title":"CVE-2026-30625 — Upsonic: 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality.","published_at":1776269796787,"severity":"critical","editorial_score":99,"summary":"Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable execution of arbitrary OS commands. Maliciously crafted MCP tasks may lead to remote code execution with the privileges of the Upsonic process. In version 0.72.0 Upsonic added a warn\n\nCVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile","commentary":"Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. CVSS 9.8 CRITICAL.","cves":["CVE-2026-30625"],"tags":["type:vulnerability","cwe:CWE-77","vendor:upsonic"],"likes_count":0,"cvss_score":9.8},{"id":"c52c3dd50def2072","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30617","title":"CVE-2026-30617 — LangChain: LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration","published_at":1776269796453,"severity":"high","editorial_score":93,"summary":"LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When the MCP server is started and MCP is enabled for agent execution, subsequent agent activity triggers execution of arbitrary commands on the server. Successful exploitation allows arbi\n\nCVSSv3.1 8.6 (HIGH) · EPSS 41th percentile","commentary":"LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments.","cves":["CVE-2026-30617"],"tags":["type:vulnerability","cwe:CWE-77","vendor:langchain"],"likes_count":0,"cvss_score":8.6},{"id":"6746df70c180c049","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30615","title":"CVE-2026-30615 — Windsurf: A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands","published_at":1776269796177,"severity":"high","editorial_score":90,"summary":"A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic registration of a malicious MCP STDIO server, resulting in execution of arbitrary commands without further user interaction. Successful exploitation may allow attackers to execute commands \n\nCVSSv3.1 8.0 (HIGH) · EPSS 18th percentile","commentary":"A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic registration of a malicious MCP STDIO server, resulting in execution of arbitrary commands without further user interaction.","cves":["CVE-2026-30615"],"tags":["type:vulnerability","cwe:CWE-77","vendor:windsurf"],"likes_count":0,"cvss_score":8},{"id":"4fbe07d09872c888","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53412","title":"CVE-2024-53412 — Command: injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to","published_at":1776266199710,"severity":"high","editorial_score":92,"summary":"Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field\n\nCVSSv3.1 8.4 (HIGH)","commentary":"Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads into the Port field","cves":["CVE-2024-53412"],"tags":["type:vulnerability","cwe:CWE-77","vendor:command"],"likes_count":0,"cvss_score":8.4},{"id":"ee121bfa5aa941d4","source":{"id":"securelist","name":"Kaspersky Securelist","host":"securelist.com"},"external_url":"https://securelist.com/industrial-threat-report-q4-2025/119392/","title":"Threat landscape for industrial automation systems in Q4 2025","published_at":1776256248000,"severity":"high","editorial_score":62,"summary":"Kaspersky's Q4 2025 industrial threat report reveals a 1.6x spike in worm detections on ICS systems, primarily driven by the Backdoor.MSIL.XWorm distributed via phishing emails in the 'Curriculum-vitae-catalina' campaign targeting HR personnel. Overall malicious object detection on ICS computers declined to 19.7%, but email-based threats remain the primary infection vector, with regional variations showing Africa and Southern Europe as hotspots for removable media and phishing-based attacks respectively.","commentary":"The XWorm resurgence in OT networks via HR-targeted phishing is a pattern worth monitoring—attackers are exploiting the human layer in industrial organizations where security posture is weakest. The bimodal attack waves (October/November) and regional clustering suggest coordinated campaigns rather than opportunistic scanning. Defenders need to enforce email attachment restrictions and credential controls on ICS network access points; pentesters should prioritize social engineering against HR/hiring staff as a reliable initial-access vector into OT environments.","cves":[],"tags":["type:research","surface:os","stage:execution","stage:initial-access","tactic:TA0001","tactic:TA0002","surface:network-appliance","tactic:TA0003","type:threat-intel","stage:persistence","exploit:cmd-injection","vendor:kaspersky"],"likes_count":0,"cvss_score":null},{"id":"7fecdb18bf31d424","source":{"id":"horizon3","name":"Horizon3.ai","host":"horizon3.ai"},"external_url":"https://horizon3.ai/attack-research/vulnerabilities/cve-2026-21643/","title":"CVE-2026-21643 — Fortinet: CVE-2026-21643 is a critical unauthenticated SQL injection in Fortinet FortiClient EMS 7.4.4","published_at":1776254400000,"severity":"critical","editorial_score":92,"summary":"CVE-2026-21643 is a critical unauthenticated SQL injection in Fortinet FortiClient EMS 7.4.4 (CVSS 9.8) affecting the administrative GUI that allows remote code execution. Active exploitation in the wild was confirmed by March 30, 2026, and CISA added it to the Known Exploited Vulnerabilities catalog by April 13, 2026. Affected users must upgrade to 7.4.5 or above immediately.","commentary":"This is a textbook critical management-layer compromise: unauthenticated RCE on a centralized endpoint management platform with confirmed ITW exploitation. FortiClient EMS controls your entire endpoint fleet, so a successful breach here is a direct path to domain-wide persistence and lateral movement. Patch 7.4.4 instances immediately; if you can't patch within hours, network-segment the EMS administrative interface to trusted hosts only and validate with active exploitation testing.","cves":["CVE-2026-21643"],"tags":["surface:application","exploit:rce","stage:execution","technique:T1190","type:vulnerability","stage:initial-access","status:itw-exploited","tactic:TA0001","status:0day","vendor:fortinet","type:advisory","exploit:sqli"],"likes_count":1,"cvss_score":9.8},{"id":"80fdd81e47c68cfe","source":{"id":"horizon3","name":"Horizon3.ai","host":"horizon3.ai"},"external_url":"https://horizon3.ai/intelligence/blogs/internal-pentest-hidden-attack-paths/","title":"From Patch Tuesday to Pentest Wednesday®: When “Clean” Didn’t Mean Secure","published_at":1776254400000,"severity":"high","editorial_score":72,"summary":"Horizon3.ai published a case study of an internal penetration test at a defense industrial base organization that revealed critical attack paths despite passing external security assessments and maintaining active EDR/endpoint controls. The test demonstrated that credentialed attackers could achieve full domain compromise through credential reuse, lateral movement, and privilege escalation—techniques aligned with Iranian threat actor tradecraft (MuddyWater, APT33, APT39). Targeted remediation focused on breaking attack chains rather than patching individual vulnerabilities, validating that internal testing reveals risks invisible to external assessments.","commentary":"This is a well-executed case study that validates a critical operational gap: external pentests and alert volume don't correlate with actual compromise resistance. The finding that 47 critical actions succeeded across EDR-protected hosts despite 745 alerts is the real story—detection without response context is noise. For red teamers, the lesson is that credentialed access + password reuse + weak lateral movement controls = domain compromise in hours; for defenders, this is a mandate to test attack chains end-to-end, not controls in isolation. The threat actor mapping to Iranian groups adds operational relevance for DIB organizations.","cves":[],"tags":["type:research","exploit:privilege-escalation","stage:privesc","surface:os","tactic:TA0004","tactic:TA0005","type:writeup","stage:initial-access","tactic:TA0001","stage:cred-access","surface:identity","tactic:TA0003","tactic:TA0008","stage:lat-movement"],"likes_count":1,"cvss_score":null},{"id":"b798630a1083d875","source":{"id":"nvd","name":"NVD (auto-promoted CVEs)","host":"nvd.nist.gov"},"external_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40784","title":"CVE-2026-40784 — Authorization: Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting","published_at":1776251797030,"severity":"high","editorial_score":91,"summary":"Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.2.\n\nCVSSv3.1 8.1 (HIGH) · EPSS 16th percentile","commentary":"Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.2.","cves":["CVE-2026-40784"],"tags":["type:vulnerability","cwe:CWE-639"],"likes_count":0,"cvss_score":8.1}],"sponsors":{"feed-top":[{"id":"sp-demo-welcome","sponsor":"news","tagline":"The portal itself — self-promo until real sponsors land","body":"Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com","cta":"Subscribe to news","href":"https://news.acadenix.com/?subscribe=1"}]},"tagCategories":{"vendor":{"label":"Vendor","short":"VND","hue":210},"os":{"label":"OS","short":"OS","hue":30},"software":{"label":"Software","short":"SW","hue":290},"type":{"label":"Type","short":"TYP","hue":340},"stage":{"label":"Kill Chain","short":"STG","hue":38},"tactic":{"label":"MITRE Tactic","short":"TAC","hue":268},"technique":{"label":"Technique","short":"TEC","hue":150},"surface":{"label":"Surface","short":"SRF","hue":188},"exploit":{"label":"Exploitation","short":"EXP","hue":18},"status":{"label":"Status","short":"STA","hue":0},"cwe":{"label":"CWE","short":"CWE","hue":54}},"stageLabels":{"recon":"Recon","initial-access":"Initial Access","execution":"Execution","persistence":"Persistence","privesc":"PrivEsc","defense-evasion":"Defense Evasion","cred-access":"Credential Access","discovery":"Discovery","lat-movement":"Lateral Movement","collection":"Collection","c2":"Command & Control","exfil":"Exfiltration","impact":"Impact"},"tacticLabels":{"TA0043":"Reconnaissance","TA0042":"Resource Development","TA0001":"Initial Access","TA0002":"Execution","TA0003":"Persistence","TA0004":"Privilege Escalation","TA0005":"Defense Evasion","TA0006":"Credential Access","TA0007":"Discovery","TA0008":"Lateral Movement","TA0009":"Collection","TA0011":"Command and Control","TA0010":"Exfiltration","TA0040":"Impact"},"pageKind":"feed","readFilter":"all","signedIn":false,"likesUntagged":false,"sort":"newest","pageSize":25,"ssrRows":true,"page":187,"totalPages":410,"totalCount":10227};