CVE-2026-23477: OAuth Client Secrets Exposure Allows Unauthorized App Impersonation in Rocket.Chat Vulnerabilities AegironJanuary 16, 2026January 16, 202612 mins0 CVE ID: CVE-2026-23477Affected Product: Rocket.Chat (prior to version 6.12.0)Severity: HighCVSS v3.1 Score: 7.7 (High)Impact: Disclosure of OAuth…continue reading..
CVE-2026-0976: Keycloak Proxy Filter Bypass via URL Parsing Mismatch Vulnerabilities AegironJanuary 16, 2026January 16, 20268 mins0 CVE ID: CVE-2026-0976Product: KeycloakVulnerability Type: Proxy Filter Bypass / URL Parsing MismatchSeverity: High (Context-dependent)CVSS v3.1 Score: 3.7…continue reading..
CVE-2026-23512: One Click, One Binary — How a Hidden Search Path Flaw in SumatraPDF Can Hand Over Code Execution Vulnerabilities AegironJanuary 16, 2026January 16, 202612 mins0 CVE ID: CVE-2026-23512Severity: HighCVSS Score: ~8.6Type: Local Remote Code Execution (RCE) via Untrusted Search PathExploitability: Requires local…continue reading..
CVE-2026-0600 & CVE-2026-0601: Dual High-Risk Flaws in Sonatype Nexus Expose Internal Networks and Admin Sessions Vulnerabilities AegironJanuary 16, 2026January 16, 202611 mins0 Product overview Product: Sonatype Nexus Repository Manager 3Vendor: SonatypeWhat it does: Nexus Repository is widely used to…continue reading..
CVE-2026-23550: Critical Modular DS Flaw Allows Unauthenticated Admin Takeover Vulnerabilities AegironJanuary 16, 2026January 16, 20269 mins0 CVE-2026-23550 — Modular DS CVE ID: CVE-2026-23550Product: Modular DS (also known as Modular Connector for WordPress)Vulnerability Type:…continue reading..
Chained Weaknesses in Grafana: Permission Bypass and Redirect Abuse Lead to Data Exposure and XSS Vulnerabilities AegironJanuary 16, 2026January 16, 20269 mins0 Product: Grafana (Grafana OSS / self-managed editions)Affected Area: Dashboard API, redirection logic, access control layerRisk Level: HighAttack…continue reading..
CVE-2026-22908 & CVE-2026-22907: One Malicious Container Can Lead to Full Host Takeover Vulnerabilities AegironJanuary 16, 2026January 16, 202610 mins0 Product Overview Affected Product Type:Industrial Container-Based Platform used for edge/OT deployments (containerized application runtime integrated with host…continue reading..
CVE-2026-22708: Silent Prompt Injection Leading to Remote Code Execution in Cursor AI Editor Vulnerabilities AegironJanuary 16, 2026January 16, 202611 mins0 CVE: CVE-2026-22708Severity: High / CriticalCVSS: 7.2 (High)Exploitability: Moderate. The weakness is well understood, and exploitation techniques are…continue reading..
CVE-2025-0647: Silent Arm CPU Memory Flaw Caused by TLB Invalidation Failure Vulnerabilities AegironJanuary 16, 2026January 16, 202612 mins0 CVE Name: CVE-2025-0647Impact: Incorrect TLB invalidation on affected Arm CPUsSeverity: ModerateCVSS Score: 5.x (moderate risk)Exploitability: Technically possible…continue reading..
CVE-2025-70968: A Single Malicious Image Can Crash — or Compromise — FreeImage Vulnerabilities AegironJanuary 16, 2026January 16, 20267 mins0 CVE-2025-70968 Product: FreeImageVulnerability Type: Use-After-FreeImpact: Potential Remote Code Execution (RCE)Severity: CriticalCVSS Score: 9.8 (High confidentiality, integrity, and…continue reading..
