ScanForge Security Digest 2623-02

200 items
85 critical10 high10 news

This week's security digest includes 0 actively exploited vulnerabilities (CISA KEV), 85 critical CVEs, and 10 high-severity CVEs. Review the details below and prioritize patching for any affected systems.

Critical

85
10.0 Unrestricted Upload of File with Dangerous Type vulnerabilit 2 CVEs
10.0 Improper Neutralization of Special Elements used in an SQL C 23 CVEs

High Severity

10
8.9 Improper Neutralization of Input During Web Page Generation 3 CVEs CVE-2025-11956, CVE-2025-10467, CVE-2025-9798
8.8 In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: CVE-2026-46264
8.8 Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors CVE-2022-4992
8.8 authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026 CVE-2026-49443
8.8 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Re CVE-2026-1829
8.8 A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi end CVE-2026-30652
8.8 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Pro CVE-2026-7201
8.8 CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x CVE-2026-7195

Security News

10
Critical Everest Forms Pro flaw exploited to take over WordPress sites Bleeping Computer

Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets the

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration The Hacker News

OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data ex

Opal Security Raises $23 Million for AI-Native Identity Governance SecurityWeek

Raising $59 million to date, Opal also announced five senior leadership appointments. The post Opal Security Raises $23

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI The Hacker News

A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns dev

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting Solar

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs The Hacker News

Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack The Hacker News

Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chai

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available The Hacker News

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation

Exploits & Threats

1
[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

Content aggregated from NIST/NVD, CISA, CERT/CC, and public security news sources. External articles are linked to their original source.