Flaw – NuclearCoffee

Hacker news

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

On Mar 20, 2026 6:30 pm, by NuclearCoffee

Ravie LakshmananMar 20, 2026Web Security / Vulnerability Sansec is warning of a critical security flaw in Magento’s REST API that could allow unauthenticated attackers to upload arbitrary executables… Continue reading

Hacker news

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

On Mar 20, 2026 4:28 pm, by NuclearCoffee

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities…. Continue reading

Hacker news

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

On Mar 19, 2026 7:56 am, by NuclearCoffee

Ravie LakshmananMar 19, 2026Network Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor… Continue reading

Hacker news

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE

On Mar 18, 2026 1:41 pm, by NuclearCoffee

Ravie LakshmananMar 18, 2026Vulnerability / Data Protection Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an… Continue reading

Hacker news

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

On Mar 04, 2026 7:15 am, by NuclearCoffee

Ravie LakshmananMar 04, 2026Vulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations… Continue reading

Hacker news

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

On Feb 28, 2026 7:43 pm, by NuclearCoffee

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and… Continue reading

Hacker news

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

On Feb 24, 2026 8:17 pm, by NuclearCoffee

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial… Continue reading

Hacker news

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

On Feb 20, 2026 6:39 pm, by NuclearCoffee

Ravie LakshmananFeb 20, 2026Vulnerability / Cyber Attack Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access… Continue reading

Hacker news

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

On Feb 10, 2026 6:24 am, by NuclearCoffee

Ravie LakshmananFeb 10, 2026Vulnerability / Network Security Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code… Continue reading

Hacker news

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

On Feb 05, 2026 6:37 am, by NuclearCoffee

Ravie LakshmananFeb 05, 2026Workflow Automation / Vulnerability A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in… Continue reading

Tag: Flaw

Stay Connected