Yazoul - Cybersecurity Alerts4h ago

πŸ”΄ New security advisory:

CVE-2026-34938 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34938-praisonai-critical-rce

#Cybersecurity #PatchNow #InfoSecCommunity

PraisonAI Critical RCE (CVE-2026-34938) - Patch Now

CVE-2026-34938 is a critical flaw in PraisonAI (CVSS 10.0). The vulnerability allows unauthenticated remote attackers to bypass sandbox protections and execute arbitrary OS commands on the host system.

Yazoul Security
Yazoul - Cybersecurity Alerts20h ago

🚨 New security advisory:

CVE-2026-34758 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34758-oneuptime-auth-bypass

#Cybersecurity #PatchNow #InfoSecCommunity

OneUptime Auth Bypass (CVE-2026-34758) - Patch Now

CVE-2026-34758 is a critical authentication bypass in OneUptime (CVSS 9.1). Unauthenticated attackers can abuse SMS, calls, email, and purchase phone numbers. Update to version 10.0.42 immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

🚨 New security advisory:

CVE-2026-33107 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33107-azure-databricks-ssrf

#Cybersecurity #PatchNow #InfoSecCommunity

Azure Databricks SSRF (CVE-2026-33107) - Patch Now

CVE-2026-33107 is a critical SSRF vulnerability in Azure Databricks (CVSS 10.0). Unauthorized attackers can exploit it over a network to escalate privileges. Immediate action is required.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

β›” New security advisory:

CVE-2026-34456 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34456-reviactyl-oauth-account-takeover

#Cybersecurity #PatchNow #InfoSecCommunity

Reviactyl OAuth Account Takeover (CVE-2026-34456) - Patch Now

CVE-2026-34456 is a CRITICAL flaw (CVSS 9.1) in the Reviactyl game server panel. It allows full account takeover via OAuth email matching. Update to version 26.2.0-beta.5 immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

β›” New security advisory:

CVE-2026-29014 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-29014-metinfo-cms-rce

#Cybersecurity #PatchNow #InfoSecCommunity

MetInfo CMS RCE (CVE-2026-29014) - Patch Now

CVE-2026-29014 is a critical RCE vulnerability in MetInfo CMS 7.9-8.1 (CVSS 9.8). Unauthenticated attackers can execute arbitrary PHP code and fully compromise servers.

Yazoul Security
Yazoul - Cybersecurity Alerts3d ago

🟠 New security advisory:

CVE-2026-33030 affects multiple systems.

β€’ Impact: Significant security breach potential
β€’ Risk: Unauthorized access or data exposure
β€’ Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33030-nginx-ui-idor-vulnerability

#CVE #PatchNow #InfoSecCommunity

Nginx Vulnerability (CVE-2026-33030) - Update Required

A high-severity Insecure Direct Object Reference (IDOR) flaw in Nginx UI versions 2.3.3 and prior allows any authenticated user to access, modify, and delete other users' resources. CVSS 8.8.

Yazoul Security
Yazoul - Cybersecurity Alerts3d ago

πŸ”΄ New security advisory:

CVE-2026-30562 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-30562-sourcecodester-sales-inventory-system-xss

#CVE #PatchNow #InfoSecCommunity

Critical: SourceCodester Sales Inventory System XSS (CVE-2026-30562) - Critical Update | Yazoul Security

Critical Reflected XSS vulnerability in SourceCodester Sales and Inventory System 1.0 via the add_stock.php "msg" parameter. CVSS 9.3. Patch or mitigate immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts4d ago

πŸ”΄ New security advisory:

CVE-2025-15379 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2025-15379-mlflow-command-injection-vulnerability-patch-immediately

#CVE #PatchNow #InfoSecCommunity

Critical: MLflow Command Injection Vulnerability (CVE-2025-15379) - Patch Immediately | Yazoul Security

Critical MLflow command injection flaw (CVSS 10.0) allows remote code execution via malicious model artifacts. Affects version 3.8.0. Update to 3.8.2 now to mitigate.

Yazoul Security
Yazoul - Cybersecurity Alerts4d ago

🚨 New security advisory:

CVE-2026-32924 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32924-openclaw-authorization-bypass-update-immediately

#CVE #PatchNow #InfoSecCommunity

Critical: OpenClaw Authorization Bypass (CVE-2026-32924) - Update Immediately | Yazoul Security

Critical OpenClaw vulnerability (CVSS 9.8) allows attackers to bypass group chat protections via Feishu reaction events. Update to version 2026.3.12 or later to remediate.

Yazoul Security
Yazoul - Cybersecurity Alerts5d ago

🚨 New security advisory:

CVE-2026-32973 affects multiple systems.

β€’ Impact: Remote code execution or complete system compromise possible
β€’ Risk: Attackers can gain full control of affected systems
β€’ Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32973-openclaw-exec-allowlist-bypass

#CVE #PatchNow #InfoSecCommunity

Critical: OpenClaw Exec Allowlist Bypass (CVE-2026-32973) - Critical Update Required | Yazoul Security

Critical OpenClaw vulnerability allows bypass of execution allowlist via improper path normalization. CVSS 9.8. Update to version 2026.3.11 immediately to prevent unauthorized command execution.

Yazoul Security