β New security advisory:
CVE-2026-25873 affects multiple systems.
β’ Impact: Remote code execution or complete system compromise possible
β’ Risk: Attackers can gain full control of affected systems
β’ Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-25873-omnigen2-rl-remote-code-execution
π New security advisory:
CVE-2026-32628 affects Mintplexlabs Anythingllm.
β’ Impact: Significant security breach potential
β’ Risk: Unauthorized access or data exposure
β’ Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32628-anythingllm-sql-injection-vulnerability-update-now
A high-severity SQL injection flaw in AnythingLLM's SQL Agent plugin allows authenticated users to execute arbitrary commands on connected databases. CVSS 8.8. Update to the latest version immediately.
π΄ New security advisory:
CVE-2016-20030 affects multiple systems.
β’ Impact: Remote code execution or complete system compromise possible
β’ Risk: Attackers can gain full control of affected systems
β’ Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2016-20030-zkteco-zkbiosecurity-3-0-user-enumeration
Critical user enumeration flaw in ZKTeco ZKBioSecurity 3.0 allows unauthenticated attackers to discover valid usernames. CVSS 9.8. Apply patches immediately to prevent credential attacks.
π΄ New security advisory:
CVE-2026-32621 affects multiple systems.
β’ Impact: Remote code execution or complete system compromise possible
β’ Risk: Attackers can gain full control of affected systems
β’ Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32621-apollo-federation-prototype-pollution-vulnerability
Critical Apollo Federation gateway vulnerability (CVSS 9.9) allows prototype pollution via malicious queries or compromised subgraphs. Update to patched versions immediately to prevent exploitation.
π΄ New security advisory:
CVE-2026-32621 affects multiple systems.
β’ Impact: Remote code execution or complete system compromise possible
β’ Risk: Attackers can gain full control of affected systems
β’ Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32621-apollo-federation-prototype-pollution-vulnerability
Critical Apollo Federation gateway vulnerability (CVSS 9.9) allows prototype pollution via malicious queries or compromised subgraphs. Update to patched versions immediately to prevent exploitation.
π New security advisory:
CVE-2019-25509 affects multiple systems.
β’ Impact: Significant security breach potential
β’ Risk: Unauthorized access or data exposure
β’ Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2019-25509-xoodigital-latest-sql-injection
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET r...
π New security advisory:
CVE-2026-1090 affects multiple systems.
β’ Impact: Significant security breach potential
β’ Risk: Unauthorized access or data exposure
β’ Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-1090-gitlab-cross-site-scripting-vulnerability
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markd...
π΄ New security advisory:
CVE-2026-21708 affects multiple systems.
β’ Impact: Remote code execution or complete system compromise possible
β’ Risk: Attackers can gain full control of affected systems
β’ Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-21708-backup-viewer-remote-code-execution-patch-critical-flaw
π¨ New security advisory:
CVE-2026-31896 affects multiple systems.
β’ Impact: Remote code execution or complete system compromise possible
β’ Risk: Attackers can gain full control of affected systems
β’ Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-31896-wegia-sql-injection-vulnerability-update-immediately
WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract(...
Yazoul - Cybersecurity Alerts
Yazoul - Cybersecurity Alerts
Bradley π¨π¦