⛔ New security advisory:
CVE-2026-25873 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-25873-omnigen2-rl-remote-code-execution
🟠 New security advisory:
CVE-2026-32628 affects Mintplexlabs Anythingllm.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32628-anythingllm-sql-injection-vulnerability-update-now
A high-severity SQL injection flaw in AnythingLLM's SQL Agent plugin allows authenticated users to execute arbitrary commands on connected databases. CVSS 8.8. Update to the latest version immediately.
🔴 New security advisory:
CVE-2016-20030 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2016-20030-zkteco-zkbiosecurity-3-0-user-enumeration
Critical user enumeration flaw in ZKTeco ZKBioSecurity 3.0 allows unauthenticated attackers to discover valid usernames. CVSS 9.8. Apply patches immediately to prevent credential attacks.
🔴 New security advisory:
CVE-2026-32621 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32621-apollo-federation-prototype-pollution-vulnerability
Critical Apollo Federation gateway vulnerability (CVSS 9.9) allows prototype pollution via malicious queries or compromised subgraphs. Update to patched versions immediately to prevent exploitation.
🔴 New security advisory:
CVE-2026-32621 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32621-apollo-federation-prototype-pollution-vulnerability
Critical Apollo Federation gateway vulnerability (CVSS 9.9) allows prototype pollution via malicious queries or compromised subgraphs. Update to patched versions immediately to prevent exploitation.
🟠 New security advisory:
CVE-2019-25509 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2019-25509-xoodigital-latest-sql-injection
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET r...
🟠 New security advisory:
CVE-2026-1090 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-1090-gitlab-cross-site-scripting-vulnerability
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markd...
🔴 New security advisory:
CVE-2026-21708 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-21708-backup-viewer-remote-code-execution-patch-critical-flaw
🚨 New security advisory:
CVE-2026-31896 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-31896-wegia-sql-injection-vulnerability-update-immediately
WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The remover_produto_ocultar.php script uses extract(...
Yazoul - Cybersecurity Alerts
Yazoul - Cybersecurity Alerts
Bradley 🇨🇦