Skip to content
feed: live
>_ 0dayNews

0dayNews — Vulnerability & Exploit News

$ kev-tracker --recent

Known Exploited Vulnerabilities

full tracker →
CVE-2026-48908
[ CRITICAL ] CVSS 9.8 EPSS 0.8% kev

JoomShaper SP Page Builder unauthenticated file-upload RCE

An unrestricted-file-upload flaw in JoomShaper SP Page Builder (a Joomla extension) lets unauthenticated users upload arbitrary files, leading to execution of PHP code. CVSS 9.8 critical. Added to CISA KEV on 2026-07-07 alongside two other adds.

JoomShaper / SP Page Builder (Joomla extension)
CVE-2026-55255
[ HIGH ] CVSS 8.4 EPSS 0.2% kev

Langflow /api/v1/responses IDOR — cross-user flow execution

An authenticated IDOR in Langflow's /api/v1/responses endpoint lets a logged-in attacker execute any other user's flow by passing the victim's flow UUID. NVD scores it 8.4 high; the vendor GHSA calls it 9.9 critical. Fixed in Langflow 1.9.1. Added to CISA KEV on 2026-07-07.

Langflow / Langflow (versions before 1.9.1)
CVE-2026-56290
[ CRITICAL ] CVSS 9.8 EPSS 0.4% kev

Joomlack Page Builder unauthenticated file-upload RCE

An improper access control flaw in Joomlack Page Builder (a Joomla extension) permits unauthenticated arbitrary file upload, leading to remote code execution. CVSS 9.8 critical. Added to CISA KEV on 2026-07-07 alongside two other adds.

Joomlack / Page Builder (Joomla extension)
CVE-2026-45659
[ HIGH ] CVSS 8.8 EPSS 3.2% kev

Microsoft SharePoint Server deserialization remote code execution

A high-severity deserialization-of-untrusted-data flaw in on-premises Microsoft SharePoint Server that leads to remote code execution. Patched by Microsoft in the May 2026 security update; added to the CISA Known Exploited Vulnerabilities catalog on July 2, 2026 after confirmed exploitation in the wild.

Microsoft / SharePoint Server (on-premises)
CVE-2026-48282
[ CRITICAL ] CVSS 10.0 EPSS 1.0% kev

Adobe ColdFusion path-traversal to arbitrary code execution

Unauthenticated path-traversal (CWE-22) in Adobe ColdFusion 2023 (through update 20) and 2025 (through update 9) permitting arbitrary code execution without user interaction. CVSS 10.0. Patched by Adobe on 2026-07-01 in APSB26-68 (ColdFusion 2023 update 21, 2025 update 10). Active in-the-wild exploitation confirmed by the Canadian Centre for Cyber Security on 2026-07-02; Shadowserver counts ~800 exposed instances.

Adobe / ColdFusion (2023 through update 20; 2025 through update 9)
CVE-2026-48558
[ CRITICAL ] CVSS 10.0 EPSS 1.2% kev

SimpleHelp Authentication Bypass Vulnerability

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.

SimpleHelp / SimpleHelp
$ latest --more

From the desk

all articles →
~/articles/2026-07-08-gitlost-github-agentic-workflows-noma-security-private-repos
cloud

GitLost: Public Issue Leaks Private GitHub Repo Data

Noma Security's GitLost shows how a public GitHub issue can trick Agentic Workflows into leaking private repos. Not patchable — scope your agent tokens today.

read →
~/articles/2026-07-08-ubiquiti-unifi-connect-command-injection-cve-2026-50746
ubiquiti

Ubiquiti Patches Max-Severity UniFi Connect Command Injection

Ubiquiti Bulletin 066 patches seven critical UniFi flaws, headlined by a CVSS 10.0 command injection in UniFi Connect 3.4.16 and earlier. Fix: 3.4.20 or later.

read →
~/articles/2026-07-08-dialogflow-cx-rogue-agent-shared-exec-varonis
Analysis
cloud

Dialogflow's Rogue Agent Flaw Is a Very Old Bug Class

Varonis' Rogue Agent finding in Google Dialogflow CX is a shared-runtime exec() escape — a bug class old enough to have graduated shared hosting.

read →
~/articles/2026-07-08-ghostlock-linux-kernel-cve-2026-43499-container-escape
linux kernel

GhostLock: 15-Year Linux Kernel Root/Container Escape

Nebula Security's GhostLock (CVE-2026-43499) — a 15-year-old futex use-after-free — hits every mainstream Linux distro. Escapes containers. Patch again.

read →
~/articles/2026-07-08-debull-m365-device-code-phishing-storm-2372-overlap
● Breaking
microsoft

DEBULL Kit Runs M365 Device-Code Phishing, Storm-2372

ZeroBEC reports DEBULL — a device-code phishing kit repackaging Storm-2372 tradecraft — active against M365 tenants late June to early July. Block it.

read →
~/articles/2026-07-08-cisa-kev-langflow-joomla-page-builder-adds
● Breaking
threat intel

CISA Adds Langflow and Two Joomla Builders to KEV

CISA added three vulnerabilities to KEV on July 7 — a Langflow IDOR and two Joomla page-builder RCEs. Federal due date is July 10. Priority order below.

read →