CVE-2026-23735: Silent Token Leakage via GraphQL Parallel Request Context Mix-Up Vulnerabilities AegironJanuary 17, 2026January 17, 202611 mins0 CVE: CVE-2026-23735Product: graphql-modules (Node.js GraphQL framework)Affected Versions: All releases between 2.2.1 up to 2.4.0 and 3.0.0 up…continue reading..
CVE-2026-23742: Skipper Inline Lua Filters Enable Unauthorized File Access and Secret Disclosure Vulnerabilities AegironJanuary 17, 2026January 17, 202610 mins0 CVE: CVE-2026-23742Alias: Skipper inline Lua filter vulnerabilityCVSS v3.1 Score: 8.8 (High)Severity: HighExploitability: What the Vulnerability Is Skipper…continue reading..
CVE-2026-20960: Power Apps Authorization Flaw Enables High-Risk Remote Code Execution Vulnerabilities AegironJanuary 17, 2026January 17, 202611 mins0 CVE: CVE-2026-20960Product Affected: Microsoft Power AppsVulnerability Type: Improper Authorization → leads to Remote Code ExecutionCVSSv3.1 Score: 8.0…continue reading..
CVE-2026-23745: node-tar Link Path Traversal Flaw Enables Arbitrary File Overwrite via Malicious TAR Archives Vulnerabilities AegironJanuary 17, 2026January 17, 202612 mins0 CVE: CVE-2026-23745Name: node-tar — Arbitrary File Overwrite & Link Path TraversalCVSS Score: 8.2 (High)Severity: HighExploitability: Moderate —…continue reading..
High-Risk Supply Chain Exposure: Gradle Dependency Resolution Flaws Put CI/CD Pipelines at Risk Vulnerabilities AegironJanuary 17, 2026January 17, 20269 mins0 Product Name: Gradle Build ToolVendor / Maintainer: Gradle, Inc.Component Affected: Dependency Resolution & Repository HandlingEnvironment Impacted: CI/CD…continue reading..
CVE-2025-67822: Critical Authentication Bypass in Mitel MX-ONE Enables Unauthorized Administrative Control Vulnerabilities AegironJanuary 17, 2026January 17, 20269 mins0 Executive Summary CVE ID: CVE-2025-67822Product: MiVoice MX-ONE (Provisioning Manager component)Vendor: MitelSeverity: CriticalCVSS v3.1 Score: 9.4Attack Vector: NetworkAuthentication…continue reading..
CVE-2026-23520: Critical Command Injection Flaw in Arcane Docker Manager Enables Remote Code Execution Vulnerabilities AegironJanuary 17, 2026January 17, 202611 mins0 At-a-glance summary What this vulnerability is Arcane Docker Manager includes an automated updater feature that can run…continue reading..
CVE-2026-23744: One HTTP Request, Total Host Takeover — Critical MCPJam Inspector Remote Code Execution Vulnerabilities AegironJanuary 17, 2026January 17, 202614 mins0 CVE: CVE-2026-23744CVSS v3.1 Base Score: 9.8 (Critical) — Network exploitable, low complexity, no privileges required.Severity: CriticalExploitability: Very…continue reading..
CVE-2026-23523: One Click to Command Execution — Critical Deeplink RCE in Dive MCP Desktop App Vulnerabilities AegironJanuary 17, 2026January 17, 20269 mins0 CVE ID: CVE-2026-23523Product: Dive – MCP Host Desktop ApplicationAffected versions: All versions prior to 0.13.0Fixed version: 0.13.0…continue reading..
Unauthenticated Admin Access Discovered: CVE-2026-23800 Actively Threatens Modular DS WordPress Sites Vulnerabilities AegironJanuary 17, 2026January 17, 20268 mins0 Executive Summary CVE ID: CVE-2026-23800Product: Modular DS – modular-connector (WordPress plugin component)Vulnerability Type: Incorrect Privilege Assignment /…continue reading..
