ScanForge Security Digest 2621-01

200 items
30 critical91 high10 news

This week's security digest includes 0 actively exploited vulnerabilities (CISA KEV), 30 critical CVEs, and 91 high-severity CVEs. Review the details below and prioritize patching for any affected systems.

Critical

30
9.8 Unsafe deserialization vulnerability in MixPHP Framework 2.x 2 CVEs

High Severity

91
8.8 A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management i CVE-2026-36956
8.8 PackageKit is a a D-Bus abstraction layer that allows the user to manage package CVE-2026-41651
8.8 Untrusted pointer dereference in SQL Server allows an authorized attacker to exe CVE-2026-33120
8.7 NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerabilit CVE-2026-29514
8.7 Unauthenticated attackers can exploit a weakness in the XML parser functionality CVE-2024-39847
8.7 This vulnerability exists in Quantum Networks router due to 4 CVEs CVE-2026-41039, CVE-2026-41037, CVE-2026-41036, CVE-2026-41038
8.7 The WebSocket Application Programming Interface lacks restri 5 CVEs CVE-2026-31904, CVE-2026-31903, CVE-2026-24696, CVE-2026-20882 +1
8.5 An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/ CVE-2026-5781
8.5 An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6 CVE-2026-5780
8.5 A command injection vulnerability was identified in the web module of Archer AXE CVE-2025-15568

+56 more products affected

Security News

10
Critical vm2 sandbox bug lets attackers execute code on hosts Bleeping Computer

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitra

New Cisco DoS flaw requires manual reboot to revive devices Bleeping Computer

Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requ

DAEMON Tools devs confirm breach, release malware-free version Bleeping Computer

Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain att

Autonomous Offensive Security Firm XBOW Raises $35 Million SecurityWeek

The company raised another $35 million as an extension to its previously announced Series C funding round. The post Auto

Why ransomware attacks succeed even when backups exist Bleeping Computer

Backups don't fail because they're missing, they fail because attackers destroy them first. Acronis explains how ransomw

Herd Security Raises $3 Million for AI-Powered Training Platform SecurityWeek

The startup will invest in expanding its training categories, optimizing video generation, and growing its partnership e

MuddyWater hackers use Chaos ransomware as a decoy in attacks Bleeping Computer

The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams socia

Iranian APT Intrusion Masquerades as Chaos Ransomware Attack SecurityWeek

Likely perpetrated by MuddyWater, the attack combined social engineering, persistence, credential harvesting, and data t

Content aggregated from NIST/NVD, CISA, CERT/CC, and public security news sources. External articles are linked to their original source.