CCB Alert

Warning: Critical #RCE vulnerability CVE‑2026‑25769 in Wazuh affects cluster mode (master/worker). A compromised worker node allows full root access on the master. More info at: github.com/wazuh/wazuh/se… advisory #patch #patch #patch

Warning: High severity vulnerability in #spring AI. CVE-2026-22729 CVSS: 8.6. Authenticated users can bypass access controls and access unauthorised documents. Update to versions 1.0.4 and 1.1.3. More info: spring.io/security/cve-2… #Patch #Patch #Patch

Warning: Critical Improper Verification of Cryptographic Signature vulnerability in #ScreenConnect. CVE-2026-3564 CVSS: 9.0. Unauthenticated attackers can get access to machine keys and use them to elevate their access. #Patch #Patch #Patch

Warning: XSS vulnerability in #Angular. #CVE-2026-32635 CVSS: 8.6. This XSS vulnerability can lead to session hijacking, data exfil, or unauthorised actions. More info: ccb.belgium.be/advisories/war… #Patch #Patch #Patch

Warning: Critical code injection vulnerability in the #SandboxJS JavaScript library. CVE-2026-26954 CVSS: 10.0 Exploitation can lead to sandbox escape. More info: github.com/nyariv/Sandbox… #Patch #Patch #Patch

Warning: Two vulnerabilities in Google #Chrome are now actively exploited. CVE-2026-3909 and CVE-2026-3910 both CVSS: 8.8. More info: cisa.gov/known-exploite… & cisa.gov/known-exploite… #Patch #Patch #Patch

Warning: A 2025 vulnerability in Wing FTP Server is now actively exploited. CVE-2025-47813 CVSS: 4.3. This vulnerability might be chained in #RCE attacks. More info: cisa.gov/known-exploite… #Patch #Patch #Patch

Warning: 10 Critical #RCE vulnerabilities patched in #GStreamer! Highlights: CVE-2026-3083 & CVE-2026-3085 CVSS: 8.8. Network-exploitable Heap Overflow & OOB Write in RTP stream parsing. #Patch #Patch #Patch

Warning: Critical #XSS Account Takeover in #ZITADEL. CVE-2026-29191 CVSS: 9.3. This flaw in Login V2 /saml-post can enable account takeover and then lead to serious compromise. #Patch #Patch #Patch

Warning: Multiple Critical (Including CVSS 10.0) Vulnerabilities in #Veeam Backup and Replication. These vulnerabilities can lead to a full compromise. ccb.belgium.be/advisories/war… #Patch #Patch #Patch

Warning: Deserialization and Improper Input Validation vulnerability in #Microsoft Office SharePoint. CVE-2026-26106 CVE-2026-26114 CVSS 8.8. These vulnerabilities can lead to remote code execution #RCE! #Patch #Patch #Patch

Warning: Critical Authentication Bypass vulnerability in #JwtAuthenticator pac4j-jwt. CVE-2026-29000 CVSS: 9.3. This vulnerability can allow an attacker to bypass signature verification to then authenticate as any user. #ATO #Patch #Patch #Patch

Warning: Critical race condition and session takeover vulnerability in #ParseServer. CVE-2026-32242 CVSS 9.1 CVE-2026-32248 CVSS: 9.3. This vulnerability can lead to a token being accepted by the wrong provider which results in an #ATO. #Patch #Patch #Patch

Warning: Critical vulnerability in #LXD daemon. CVE-2026-28384 CVSS: 9.4. This vulnerability can allow an unprivileged user to execute commands as the LXD daemon on the server. #Patch #Patch #Patch

Warning: Critical Second-order Expression Injection Vulnerability in #n8n. CVE-2026-27493 CVSS: 9.5. This vulnerability could escalate to remote code execution when chained with an expression sandbox escape. #Patch #Patch #Patch

Warning: High Vulnerability in #ingress-nginx #Kubernetes. CVE-2026-3288 CVSS: 8.8. This vulnerability can lead arbitrary code execution in the context of the ingress-nginx-controller. #Patch #Patch #Patch

Warning: #CISA has observed active exploitation of the #n8n vulnerability (#CVE-2025-68613, CVSSv3.1 9.9). It has been added to the CISA KEV list. Time to #Patch #Patch #Patch

Warning: #Cisco patched 4 vulnerabilities in it's IOS XR software. The two most critical flaws (#CVE-2026-20040, #CVE-2026-20046 ; CVSSv3.1 8.8 ) could allow an authenticated local attacker to execute arbitrary commands as root. #Patch #Patch #Patch

Warning: #Gitlab patched 15 vulnerabilities. The most critical one (#CVE-2026-1090, CVSSv3.1 8.7) could allow an authenticated attacker to inject JavaScript in a browser. Time to #Patch #Patch #Patch

Warning: #Fortinet patched 22 vulnerabilities. Flaws in FortiWeb, FortiSwitchAXFixed, and FortiManager can allow remote, unauthenticated attackers to bypass rate limits or execute unauthorized code. #Patch #Patch #Patch