CERT@VDE6m ago

#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230

An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/

#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json

Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230

CERT@VDE8m ago

#OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E

An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711

https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json

Janitza: Multiple vulnerabilities in UMG 96RM-E

packet storm8h ago
Ubuntu Security Notice USN-8080-1 https://packetstorm.news/files/216843 #advisory
Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers

packet storm8h ago
openSUSE Security Advisory - openSUSE-SU-2026:0077-1 https://packetstorm.news/files/216826 #advisory
Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers

BeyondMachines 11h ago

Critical SSRF Vulnerability Patched in Angular Server-Side Rendering

Angular patched a critical SSRF vulnerability (CVE-2026-27739) in its SSR framework that allows attackers to redirect server-side requests to malicious or internal destinations by manipulating HTTP headers.

**If you are using Angular, this is important and urgent. Check your package.json for the possibly risky versions of the libraries, and either patch or sanitize the headers. Always validate incoming headers against a strict allowlist and avoid using client-provided data to build internal request URLs.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-ssrf-vulnerability-patched-in-angular-server-side-rendering-n-2-c-r-e/gD2P6Ple2L

Critical SSRF Vulnerability Patched in Angular Server-Side Rendering

Angular patched a critical SSRF vulnerability (CVE-2026-27739) in its SSR framework that allows attackers to redirect server-side requests to malicious or internal destinations by manipulating HTTP headers.

BeyondMachines
misryoum global news network17h ago

Togo Travel Advisory

https://misryoum.com/us/us/togo-travel-advisory/

There was no change to the advisory level. The "health” risk indicator was added. Advisory summary was updated. Exercise Increased Caution in Togo due to risk of crime, terrorism, unrest, kidnapping, and health. Some areas have increased risk. Read the entire Travel...

#Togo #Travel #Advisory #US_News_Hub #misryoum_com

Togo Travel Advisory

There was no change to the advisory level. The "health” risk indicator was added. Advisory summary was updated. Exercise Increased Caution in Togo due

US News Hub
BeyondMachines 22h ago

Critical Nginx UI Flaw Allows Unauthenticated Backup Theft and Decryption

Nginx UI version 2.3.3 patches a critical vulnerability (CVE-2026-27944) that allows unauthenticated attackers to download and decrypt full server backups. The flaw exposes sensitive data including SSL private keys, admin credentials, and server configurations via an unprotected API endpoint.

**If you are using Nginx UI, first make sure they are isolated from the internet. Then patch to version 2.3.3 immediately because the exploit is trivial - especially if your Nginix UI is exposed to the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-nginx-ui-flaw-allows-unauthenticated-backup-theft-and-decryption-l-t-k-6-p/gD2P6Ple2L

Critical Nginx UI Flaw Allows Unauthenticated Backup Theft and Decryption

Nginx UI version 2.3.3 patches a critical vulnerability (CVE-2026-27944) that allows unauthenticated attackers to download and decrypt full server backups. The flaw exposes sensitive data including SSL private keys, admin credentials, and server configurations via an unprotected API endpoint.

BeyondMachines
BeyondMachines 23h ago

GnuPG Releases Version 2.5.17 to Patch Critical RCE and Buffer Overflow Flaws

GnuPG released version 2.5.17 to address three security vulnerabilities, including a critical stack-based buffer overflow in gpg-agent that allows remote code execution via crafted S/MIME messages.

**Update GnuPG and Gpg4win immediately to version 2.5.17 or 5.0.1. There are multiple flaws that should not be ignored. If you cannot patch, remove the gpgsm binary to block the primary remote attack vector.**
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/gnupg-releases-version-2-5-17-to-patch-critical-rce-and-buffer-overflow-flaws-l-s-x-o-v/gD2P6Ple2L

GnuPG Releases Version 2.5.17 to Patch Critical RCE and Buffer Overflow Flaws

GnuPG released version 2.5.17 to address three security vulnerabilities, including a critical stack-based buffer overflow in gpg-agent that allows remote code execution via crafted S/MIME messages.

BeyondMachines
BeyondMachines 1d ago

Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking

AVideo version 6.0 contains a critical zero-click command injection vulnerability (CVE-2026-29058) that allows unauthenticated attackers to execute arbitrary OS commands and hijack video streams.

**If you are using AVideo platform this is urgent and important. Patch ASAP to version 7.0, because your server will be attacked. Until you update today, use a web application firewall or reverse proxy to block access to the getImage.php component.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-zero-click-command-injection-in-avideo-platform-allows-stream-hijacking-w-3-3-3-s/gD2P6Ple2L

Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking

AVideo version 6.0 contains a critical zero-click command injection vulnerability (CVE-2026-29058) that allows unauthenticated attackers to execute arbitrary OS commands and hijack video streams.

BeyondMachines
misryoum global news network2d ago

Afghanistan Travel Advisory

https://misryoum.com/us/us24/afghanistan-travel-advisory/

There was no change to the advisory level. Do not travel to Afghanistan due to civil unrest, crime, terrorism, risk of wrongful detention, kidnapping, natural disasters, and limited health facilities. Do not travel to Afghanistan for any reason We urge...

#Afghanistan #Travel #Advisory #US_News_Hub #misryoum_com