Mastodawn

Yazoul - Cybersecurity Alerts May 11

PHP SOAP unauthenticated RCE (CVE-2026-6722)

CVE-2026-6722: PHP 8.2-8.5 SOAP object deduplication use-after-free grants unauthenticated RCE (CVSS 9.5). Update to PHP 8.2.31/8.3.31/8.4.21/8.5.6.

Yazoul Security

🚨 New security advisory:

CVE-2026-6722 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6722-php-soap-unauthenticated-rce

Yazoul - Cybersecurity Alerts May 11

PHP SOAP unauthenticated RCE (CVE-2026-6722)

CVE-2026-6722: PHP 8.2-8.5 SOAP object deduplication use-after-free grants unauthenticated RCE (CVSS 9.5). Update to PHP 8.2.31/8.3.31/8.4.21/8.5.6.

Yazoul Security

🚨 New security advisory:

CVE-2021-47936 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2021-47936-opencats-unauthenticated-rce

Yazoul - Cybersecurity Alerts May 11

OpenCATS unauthenticated RCE (CVE-2021-47936)

CVE-2021-47936: OpenCATS 0.9.4 unauthenticated RCE via PHP file upload to job application endpoint (CVSS 9.8). No patch available; remove the careers module or restrict upload directories.

Yazoul Security

🚨 New security advisory:

CVE-2021-47936 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2021-47936-opencats-unauthenticated-rce

OpenCATS unauthenticated RCE (CVE-2021-47936)

CVE-2021-47936: OpenCATS 0.9.4 unauthenticated RCE via PHP file upload to job application endpoint (CVSS 9.8). No patch available; remove the careers module or restrict upload directories.

Yazoul Security

🔴 New security advisory:

CVE-2026-41500 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41500-electerm-unauth-command-injection

electerm unauth command injection (CVE-2026-41500)

CVE-2026-41500: Critical unauth command injection in electerm <3.3.8 lets attackers run arbitrary macOS commands. Patch now to version 3.3.8.

Yazoul Security

🔴 New security advisory:

CVE-2026-41500 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41500-electerm-unauth-command-injection

electerm unauth command injection (CVE-2026-41500)

CVE-2026-41500: Critical unauth command injection in electerm <3.3.8 lets attackers run arbitrary macOS commands. Patch now to version 3.3.8.

Yazoul Security

🔴 New security advisory:

CVE-2026-33109 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33109-azure-cassandra-rce-low-privilege

Azure Cassandra RCE, low-privilege (CVE-2026-33109)

CVE-2026-33109: Critical Azure Managed Instance for Apache Cassandra RCE (CVSS 9.9). An attacker with low privileges can execute code over a network. Apply the Microsoft patch.

Yazoul Security

🔴 New security advisory:

CVE-2026-33109 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33109-azure-cassandra-rce-low-privilege

Azure Cassandra RCE, low-privilege (CVE-2026-33109)

CVE-2026-33109: Critical Azure Managed Instance for Apache Cassandra RCE (CVSS 9.9). An attacker with low privileges can execute code over a network. Apply the Microsoft patch.

Yazoul Security

🔴 New security advisory:

CVE-2026-33587 affects Lfnovo Open-Notebook.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33587-open-notebook-rce-via-ssti

Open Notebook RCE via SSTI (CVE-2026-33587)

CVE-2026-33587: Open Notebook v1.8.3 unauthenticated RCE via server-side template injection (CVSS 10.0). Patch now by upgrading to v1.8.4.

Yazoul Security

🔴 New security advisory:

CVE-2026-33587 affects Lfnovo Open-Notebook.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33587-open-notebook-rce-via-ssti