Mastodawn

Yazoul - Cybersecurity Alerts 4h ago

Critical: Locutus Code Execution Vulnerability (CVE-2026-32304) - Update to 3.0.14 | Yazoul Security

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function ...

Yazoul Security

🚨 New security advisory:

CVE-2026-3891 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-3891-pix-for-woocommerce-arbitrary-file-upload-update-now

Yazoul - Cybersecurity Alerts 22h ago

Critical: Pix for WooCommerce Arbitrary File Upload (CVE-2026-3891) - Update Now | Yazoul Security

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' ...

Yazoul Security

🔶 New security advisory:

CVE-2019-25514 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2019-25514-jettweb-php-hazir-haber-site-script-sql-injection

Yazoul - Cybersecurity Alerts 1d ago

High: Jettweb PHP Hazir Haber Site Script SQL Injection (CVE-2019-25514) - Update Required | Yazoul Security

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can ma...

Yazoul Security

⛔ New security advisory:

CVE-2026-32096 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32096-plunk-ssrf-vulnerability-update-to-0-7-0

Yazoul - Cybersecurity Alerts 2d ago

Critical: Plunk SSRF Vulnerability (CVE-2026-32096) - Update to 0.7.0 | Yazoul Security

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could...

Yazoul Security

🔴 New security advisory:

CVE-2026-28495 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-28495-getsimple-cms-massiveadmin-plugin-rce

Critical: GetSimple CMS massiveAdmin Plugin RCE (CVE-2026-28495) - Critical Update Required | Yazoul Security

GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration fi...

Yazoul Security

🔴 New security advisory:

CVE-2026-30887 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-30887

Critical: OneUptime Remote Code Execution (CVE-2026-30887) - Update Immediately | Yazoul Security

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites...

Yazoul Security

🔴 New security advisory:

CVE-2026-30887 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-30887

Critical: OneUptime Remote Code Execution (CVE-2026-30887) - Update Immediately | Yazoul Security

Yazoul Security

🔴 New security advisory:

CVE-2025-48611 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2025-48611

Critical: Android DeviceId Persistence Desync (CVE-2025-48611) - Critical Update Required | Yazoul Security

In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. ...

Yazoul Security

⚠️ New security advisory:

CVE-2025-61614 affects Google Android.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2025-61614

Yazoul - Cybersecurity Alerts 4d ago

High: NR Modem System Crash Vulnerability (CVE-2025-61614) - Update Required | Yazoul Security

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed....

Yazoul Security

⚠️ New security advisory:

CVE-2026-3288 affects multiple systems.

• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-3288