Skip to content
feed: live
>_ 0dayNews

0dayNews — Vulnerability & Exploit News

$ kev-tracker --recent

Known Exploited Vulnerabilities

full tracker →
CVE-2026-56291
[ CRITICAL ] CVSS 9.8 kev

Balbooa Forms unauthenticated file-upload RCE

The Balbooa Forms Joomla extension (com_baforms) up to 2.4.0 accepts unauthenticated file uploads that permit dropping a PHP file to the web root, leading to remote code execution. Fixed in 2.4.1. CVSS 9.8. Added to CISA KEV on 2026-07-10.

Balbooa / Forms (Joomla extension, com_baforms)
CVE-2026-48908
[ CRITICAL ] CVSS 9.8 EPSS 0.8% kev

JoomShaper SP Page Builder unauthenticated file-upload RCE

An unrestricted-file-upload flaw in JoomShaper SP Page Builder (a Joomla extension) lets unauthenticated users upload arbitrary files, leading to execution of PHP code. CVSS 9.8 critical. Added to CISA KEV on 2026-07-07 alongside two other adds.

JoomShaper / SP Page Builder (Joomla extension)
CVE-2026-55255
[ HIGH ] CVSS 8.4 EPSS 0.2% kev

Langflow /api/v1/responses IDOR — cross-user flow execution

An authenticated IDOR in Langflow's /api/v1/responses endpoint lets a logged-in attacker execute any other user's flow by passing the victim's flow UUID. NVD scores it 8.4 high; the vendor GHSA calls it 9.9 critical. Fixed in Langflow 1.9.1. Added to CISA KEV on 2026-07-07.

Langflow / Langflow (versions before 1.9.1)
CVE-2026-56290
[ CRITICAL ] CVSS 9.8 EPSS 0.4% kev

Joomlack Page Builder unauthenticated file-upload RCE

An improper access control flaw in Joomlack Page Builder (a Joomla extension) permits unauthenticated arbitrary file upload, leading to remote code execution. CVSS 9.8 critical. Added to CISA KEV on 2026-07-07 alongside two other adds.

Joomlack / Page Builder (Joomla extension)
CVE-2026-45659
[ HIGH ] CVSS 8.8 EPSS 3.2% kev

Microsoft SharePoint Server deserialization remote code execution

A high-severity deserialization-of-untrusted-data flaw in on-premises Microsoft SharePoint Server that leads to remote code execution. Patched by Microsoft in the May 2026 security update; added to the CISA Known Exploited Vulnerabilities catalog on July 2, 2026 after confirmed exploitation in the wild.

Microsoft / SharePoint Server (on-premises)
CVE-2026-48282
[ CRITICAL ] CVSS 10.0 EPSS 1.0% kev

Adobe ColdFusion path-traversal to arbitrary code execution

Unauthenticated path-traversal (CWE-22) in Adobe ColdFusion 2023 (through update 20) and 2025 (through update 9) permitting arbitrary code execution without user interaction. CVSS 10.0. Patched by Adobe on 2026-07-01 in APSB26-68 (ColdFusion 2023 update 21, 2025 update 10). Active in-the-wild exploitation confirmed by the Canadian Centre for Cyber Security on 2026-07-02; Shadowserver counts ~800 exposed instances.

Adobe / ColdFusion (2023 through update 20; 2025 through update 9)
$ latest --more

From the desk

all articles →
~/articles/2026-07-13-memghost-arxiv-persistent-memory-poison-openclaw
MemGhost: an email that rewrites an AI agent's memory
Analysis
threat intel

MemGhost: an email that rewrites an AI agent's memory

arXiv paper: one crafted email talks a memory-enabled AI agent into writing attacker-supplied 'facts' into its memory files. Future sessions load them.

read →
~/articles/2026-07-13-cisa-github-leak-postmortem-nine-alerts-six-months
CISA postmortem: nine alerts ignored, six months exposed
Analysis
cloud

CISA postmortem: nine alerts ignored, six months exposed

CISA's postmortem on its own six-month GitHub credential leak faults slow key rotation and nine ignored GitGuardian alerts — signal without intake.

read →
~/articles/2026-07-13-lidl-online-shop-breach-de-be-nl-service-provider
Lidl online shop breach hits DE, BE, NL via provider
● Breaking
threat intel

Lidl online shop breach hits DE, BE, NL via provider

Lidl says a file at an unnamed service provider was accessed; DE/BE/NL online shop customer PII taken. Passwords and payment data not yet ruled out.

read →
~/articles/2026-07-13-huntress-ai-generated-powershell-ad-enum
Huntress Flags Suspected AI-Written PowerShell in AD Case
threat intel

Huntress Flags Suspected AI-Written PowerShell in AD Case

Huntress attributes an early-June AD enumeration case to a PowerShell script with clear LLM tells — cyan-and-green banners and 'FULLY FIXED' in the title.

read →
~/articles/2026-07-13-eu-uk-first-joint-cyber-sanctions-russia-33-named
First joint EU-UK cyber sanctions name 33 Russian targets
● Breaking
threat intel

First joint EU-UK cyber sanctions name 33 Russian targets

The EU Council named 9 individuals and 4 entities; the UK named 24 more. FSB Center 16, Sandworm, Turla, Lumma Stealer, and Rybar LLC are on the list.

read →
~/articles/2026-07-13-fsb-centre-16-cve-2018-0171-router-hygiene-csa
Seven years on, CVE-2018-0171 draws a 13-state advisory
ics ot

Seven years on, CVE-2018-0171 draws a 13-state advisory

US, UK, and eleven allied governments co-signed a July 13 advisory naming FSB Centre 16 as the actor still pulling configs off end-of-life Cisco routers via CVE-2018-0171.

read →