PulsePatch.io

`Apache Tomcat` has an incomplete fix (CVE-2023-28709) for a previous request smuggling vulnerability. Review your `Tomcat` deployments. #ApacheTomcat #Vulnerability #infosec pulsepatch.io/posts/cve-2023…

Critical SSRF & LFI flaws in `LLaMA Factory` Chat API (CVE-2025-61784) pose data exfiltration risks. Review API exposure and internal network segmentation. #infosec #vulnerability pulsepatch.io/posts/cve-2025…

`Keylime` users should be aware of CVE-2025-13609, a vulnerability allowing agent UUID recycling with different TPMs. This could impact attestation integrity. Monitor for updates. #Keylime #InfoSec #Cybersecurity pulsepatch.io/posts/cve-2025…

A critical CORS misconfiguration (CVE-2026-30924) allows arbitrary origins to access resources on affected systems. Review CORS policies to prevent potential data exposure. #infosec #CORS #securitymisconfiguration pulsepatch.io/posts/cve-2026…

An arbitrary file write vulnerability (CVE-2026-33309) impacting `Langflow` via its v2 API may lead to RCE. Assess exposure and restrict v2 API access. #Langflow #RCE #infosec pulsepatch.io/posts/cve-2026…

An unauthenticated SSRF vulnerability (CVE-2026-33351) in `AVideo` allows for a verification bypass. Review `AVideo` deployments for exposure. #SSRF #AVideo #infosec pulsepatch.io/posts/cve-2026…

`AVideo` is affected by an unauthenticated SQL injection (CVE-2026-33352). This allows database compromise and potential RCE. Patching is critical. #SQLi #WebSecurity #InfoSec pulsepatch.io/posts/cve-2026…

`Apollo Federation` is affected by CVE-2026-32621, a prototype pollution flaw due to incomplete key sanitization. Potential for property injection exists. Monitor for updates. #GraphQL #Security #AppSec pulsepatch.io/posts/cve-2026…

Unauthenticated Remote Code Execution (CVE-2026-33057) impacts `Mesop` via its `/exec-py` route. Admins should identify affected systems and apply network restrictions. #RCE #Python #InfoSec pulsepatch.io/posts/cve-2026…

A critical SanitizeSVG bypass (CVE-2026-32940) has been identified in `SiYuan`, allowing `data:text/xml` to bypass sanitization. This incomplete fix may lead to client-side code execution. Monitor for updates. #SiYuan #Vulnerability #XSS pulsepatch.io/posts/cve-2026…

A critical URL validation bypass (CVE-2026-25534) affects `Spinnaker` clouddriver and orca components, allowing underscore usage in hostnames. Monitor for official patches. #Spinnaker #CloudSecurity #Vulnerability pulsepatch.io/posts/cve-2026…

Unauthenticated Remote OS Command Execution (RCE) affects `MCP Connect` (GHSA-wvr4-3wq4-gpc5). Review network access to the `/bridge` endpoint immediately. #RCE #InfoSec #Vulnerability pulsepatch.io/posts/mcp-conn…

`Apache Camel` has an improper input validation vulnerability (CVE-2020-11971). Impact depends on specific usage but could lead to data integrity issues. Review configurations and apply robust input validation. #ApacheCamel #InfoSec #CVE pulsepatch.io/posts/cve-2020…

An OutOfMemory vulnerability (CVE-2024-3884) affects `Undertow` when parsing `x-www-form-urlencoded` data, leading to denial of service. Monitor official channels for patch information. #Undertow #DoS #infosec pulsepatch.io/posts/cve-2024…

An HTTP/2 DDoS vulnerability (`CVE-2025-9784`) impacts `Undertow`. Review configurations and consider mitigations for potential service disruption. #Undertow #HTTP2 #DDoS #infosec pulsepatch.io/posts/cve-2025…

`Drupal Open Social` has a missing authorization flaw (CVE-2025-31686), potentially leading to unauthorized access. Monitor for updates. #Drupal #OpenSocial #infosec pulsepatch.io/posts/cve-2025…

Path traversal in `Mesop`'s `FileStateSessionBackend` (CVE-2026-33054) allows app DoS & file manipulation. Monitor vendor for updates. #Mesop #PathTraversal #InfoSec pulsepatch.io/posts/cve-2026…

`HAPI FHIR` is affected by `CVE-2026-33180`, an HTTP authentication leak vulnerability during redirects. This could expose credentials. Review `FHIR` authentication configurations. #infosec #HAPI_FHIR #CVE pulsepatch.io/posts/cve-2026…

Admidio is vulnerable to unauthorized document/folder deletion (CVE-2026-32817) due to missing auth & CSRF protection. Monitor for vendor updates. #Admidio #infosec #websecurity pulsepatch.io/posts/cve-2026…

A critical arbitrary file read vulnerability (CVE-2026-32938) affects `SiYuan`'s Desktop Publish Service, leading to potential information disclosure. Assess exposure and monitor for updates. #infosec #vulnerability #desktopsecurity pulsepatch.io/posts/cve-2026…