Yazoul - Cybersecurity Alerts5h ago

🔴 New security advisory:

CVE-2026-34953 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34953-praisonai-auth-bypass

#InfoSec #VulnerabilityManagement #CyberSec

PraisonAI Auth Bypass (CVE-2026-34953) - Patch Now

CVE-2026-34953 is a critical authentication bypass in PraisonAI versions before 4.5.97 (CVSS 9.1). Attackers can gain full access to all AI tools and agents with any fake token.

Yazoul Security
Yazoul - Cybersecurity Alerts13h ago

🔴 New security advisory:

CVE-2016-20052 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2016-20052-snews-cms-rce

#InfoSec #VulnerabilityManagement #CyberSec

Snews CMS RCE (CVE-2016-20052) - Patch Now

CVE-2016-20052 is a critical RCE flaw in Snews CMS 1.7 (CVSS 9.8). Unauthenticated attackers can upload and execute arbitrary PHP files for complete system compromise.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

🚨 New security advisory:

CVE-2026-34934 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34934-praisonai-sql-injection

#InfoSec #VulnerabilityManagement #CyberSec

PraisonAI SQL Injection (CVE-2026-34934) - Patch Now

CVE-2026-34934 is a critical SQL injection flaw in PraisonAI before v4.5.90 (CVSS 9.8). It allows unauthenticated attackers to gain full database control. Update immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

🚨 New security advisory:

CVE-2026-34612 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34612-kestra-sqli-to-rce

#InfoSec #VulnerabilityManagement #CyberSec

Kestra SQLi to RCE (CVE-2026-34612) - Patch Now

CVE-2026-34612 is a critical SQL injection flaw in Kestra orchestration platform (CVSS 9.9). It allows authenticated attackers to execute arbitrary OS commands on the host server.

Yazoul Security
Yazoul - Cybersecurity Alerts1d ago

🚨 New security advisory:

CVE-2026-34612 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34612-kestra-sqli-to-rce

#InfoSec #VulnerabilityManagement #CyberSec

Kestra SQLi to RCE (CVE-2026-34612) - Patch Now

CVE-2026-34612 is a critical SQL injection flaw in Kestra orchestration platform (CVSS 9.9). It allows authenticated attackers to execute arbitrary OS commands on the host server.

Yazoul Security
CVE Program1d ago
Minutes from the CVE Board teleconference meeting on March 4 are now available

https://mail-archive.com/cve-editorial[email protected]/msg00321.html

#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity
CVE Board Meeting Minutes: March 4, 2026

Yazoul - Cybersecurity Alerts2d ago

â›” New security advisory:

CVE-2026-34559 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34559-ci4ms-critical-xss-vulnerability

#InfoSec #VulnerabilityManagement #CyberSec

CI4MS Critical XSS Vulnerability (CVE-2026-34559) - Patch Now

CVE-2026-34559 is a critical stored XSS flaw in CI4MS CMS (CVSS 9.1). Attackers can inject malicious scripts via blog tags, compromising user sessions and admin panels. Update to version 0.31.0.0 immediately.

Yazoul Security
Yazoul - Cybersecurity Alerts2d ago

â›” New security advisory:

CVE-2026-32213 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32213-azure-ai-foundry-privilege-escalation

#InfoSec #VulnerabilityManagement #CyberSec

Azure AI Foundry Privilege Escalation (CVE-2026-32213) - Patch Now

CVE-2026-32213 is a critical flaw in Azure AI Foundry (CVSS 10.0). Improper authorization allows network-based attackers to elevate privileges without credentials. Immediate remediation is required.

Yazoul Security
ICS Advisory Project2d ago

ICS[AP] Dashboards are updated with the 5 CISA Advisories released on 4/2/26:

Siemens: 1 New
Yokogawa: 1 New
Hitachi Energy: 1 New
Schneider Electric: 1 Update
Gardyn: 1 Update

www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement

ICS Advisory Project2d ago

ICS[AP] updated CISA ICS Advisories Master File for 4/2/26 & the following year's CSVs:

CISA_ICS_ADV_2026_4_2.csv
CISA_ICS_ADV_2025_4_2_26.csv

Available @ ICS[AP] GitHub:
https://github.com/icsadvprj/ICS-Advisory-Project/tree/main

#opensource
#vulnerabilitymanagement
#icssecurity