CVE-2026-2439: Critical Session ID Flaw in Concierge::Sessions Opens Door to Remote Account Takeover Vulnerabilities AegironFebruary 18, 2026February 18, 20269 mins0 Concierge::Sessions (Perl) — Predictable Session IDs CVE ID: CVE-2026-2439Affected Component: Concierge::Sessions (Concierge::Sessions::Base)Affected Versions: 0.8.1 through 0.8.4Fixed Version:…continue reading..
CVE-2026-25903: Apache NiFi Authorization Bypass Lets Low-Privilege Users Modify Restricted Dataflows Vulnerabilities AegironFebruary 18, 2026February 18, 20269 mins0 Apache NiFi – Missing Authorization on Restricted Component Updates CVE ID: CVE-2026-25903Product: Apache NiFiAffected Versions: 1.1.0 through…continue reading..
CVE-2026-22860: Rack Directory Traversal Flaw Exposes Sensitive Files via Root Prefix Bypass Vulnerabilities AegironFebruary 18, 2026February 18, 20269 mins0 Rack Rack::Directory – Directory Traversal (Root Prefix Bypass) CVE ID: CVE-2026-22860Component: Rack (Rack::Directory)Vulnerability Type: Directory Traversal /…continue reading..
CVE-2025-36247: Critical XXE Flaw in IBM Db2 Exposes Databases to Data Theft and Remote Exploitation Vulnerabilities AegironFebruary 18, 2026February 18, 202610 mins0 IBM Db2 – CVE-2025-36247 XML External Entity (XXE) Vulnerability CVE ID: CVE-2025-36247Product: IBM Db2Vulnerability Type: XML External…continue reading..
CVE-2026-24733: Apache Tomcat HTTP/0.9 Flaw Enables Security Constraint Bypass via Crafted HEAD Requests Vulnerabilities AegironFebruary 18, 2026February 18, 20269 mins0 Apache Tomcat – HTTP/0.9 Security Constraint Bypass CVE ID: CVE-2026-24733Product: Apache TomcatVulnerability Type: Security Constraint Bypass /…continue reading..
CVE-2026-2630: Critical Command Injection Flaw in Tenable Security Center Allows Authenticated Remote Code Execution Vulnerabilities AegironFebruary 18, 2026February 18, 20269 mins0 CVE-2026-2630 Product: Tenable Security CenterVulnerability Type: OS Command Injection (CWE-78)CVSS v3.1: 8.8 (High)Vector: AV:N / AC:L /…continue reading..
CVE-2026-26119: Critical Privilege Escalation Flaw in Windows Admin Center Exposes Enterprise Management Gateways to Full System Takeover Vulnerabilities AegironFebruary 18, 2026February 18, 20269 mins0 Windows Admin Center – Privilege Escalation Vulnerability CVE ID: CVE-2026-26119Product: Microsoft Windows Admin Center (WAC)Vulnerability Type: Improper…continue reading..
CVE-2025-65753: Critical TLS Flaw in Guardian Gryphon Router Enables Remote Root Command Execution Without Authentication Vulnerabilities AegironFebruary 18, 2026February 18, 20269 mins0 Guardian Gryphon – TLS Certificate Handling → Root Command Execution CVE ID: CVE-2025-65753Affected Product: Gryphon Guardian router…continue reading..
CVE-2026-26220: Critical LightLLM Flaw Enables Unauthenticated Remote Code Execution via Unsafe Pickle Deserialization Vulnerabilities AegironFebruary 18, 2026February 18, 202610 mins0 LightLLM — Unauthenticated Remote Code Execution via pickle.loads() CVE ID: CVE-2026-26220Product: LightLLMAffected Component: PD (Prefill-Decode) Disaggregation Mode…continue reading..
CVE-2026-22208: Critical OpenS100 Lua Flaw Enables Remote Code Execution Through Malicious Chart Files Vulnerabilities AegironFebruary 18, 2026February 18, 20268 mins0 OpenS100 – Unrestricted Lua Execution Leading to Remote Code Execution CVE ID: CVE-2026-22208Product: OpenS100 (S-100 Portrayal Engine)Vulnerability…continue reading..
