Skip to content
feed: live
>_ 0dayNews

0dayNews — Vulnerability & Exploit News

$ kev-tracker --recent

Known Exploited Vulnerabilities

full tracker →
CVE-2026-56291
[ CRITICAL ] CVSS 9.8 kev

Balbooa Forms unauthenticated file-upload RCE

The Balbooa Forms Joomla extension (com_baforms) up to 2.4.0 accepts unauthenticated file uploads that permit dropping a PHP file to the web root, leading to remote code execution. Fixed in 2.4.1. CVSS 9.8. Added to CISA KEV on 2026-07-10.

Balbooa / Forms (Joomla extension, com_baforms)
CVE-2026-48908
[ CRITICAL ] CVSS 9.8 EPSS 0.8% kev

JoomShaper SP Page Builder unauthenticated file-upload RCE

An unrestricted-file-upload flaw in JoomShaper SP Page Builder (a Joomla extension) lets unauthenticated users upload arbitrary files, leading to execution of PHP code. CVSS 9.8 critical. Added to CISA KEV on 2026-07-07 alongside two other adds.

JoomShaper / SP Page Builder (Joomla extension)
CVE-2026-55255
[ HIGH ] CVSS 8.4 EPSS 0.2% kev

Langflow /api/v1/responses IDOR — cross-user flow execution

An authenticated IDOR in Langflow's /api/v1/responses endpoint lets a logged-in attacker execute any other user's flow by passing the victim's flow UUID. NVD scores it 8.4 high; the vendor GHSA calls it 9.9 critical. Fixed in Langflow 1.9.1. Added to CISA KEV on 2026-07-07.

Langflow / Langflow (versions before 1.9.1)
CVE-2026-56290
[ CRITICAL ] CVSS 9.8 EPSS 0.4% kev

Joomlack Page Builder unauthenticated file-upload RCE

An improper access control flaw in Joomlack Page Builder (a Joomla extension) permits unauthenticated arbitrary file upload, leading to remote code execution. CVSS 9.8 critical. Added to CISA KEV on 2026-07-07 alongside two other adds.

Joomlack / Page Builder (Joomla extension)
CVE-2026-45659
[ HIGH ] CVSS 8.8 EPSS 3.2% kev

Microsoft SharePoint Server deserialization remote code execution

A high-severity deserialization-of-untrusted-data flaw in on-premises Microsoft SharePoint Server that leads to remote code execution. Patched by Microsoft in the May 2026 security update; added to the CISA Known Exploited Vulnerabilities catalog on July 2, 2026 after confirmed exploitation in the wild.

Microsoft / SharePoint Server (on-premises)
CVE-2026-48282
[ CRITICAL ] CVSS 10.0 EPSS 1.0% kev

Adobe ColdFusion path-traversal to arbitrary code execution

Unauthenticated path-traversal (CWE-22) in Adobe ColdFusion 2023 (through update 20) and 2025 (through update 9) permitting arbitrary code execution without user interaction. CVSS 10.0. Patched by Adobe on 2026-07-01 in APSB26-68 (ColdFusion 2023 update 21, 2025 update 10). Active in-the-wild exploitation confirmed by the Canadian Centre for Cyber Security on 2026-07-02; Shadowserver counts ~800 exposed instances.

Adobe / ColdFusion (2023 through update 20; 2025 through update 9)
$ latest --more

From the desk

all articles →
~/articles/2026-07-11-ptc-windchill-flexplm-cve-2026-12569-kev-jsp-webshell
PTC Windchill PLM RCE is on KEV — shells still landing
● Breaking
ptc

PTC Windchill PLM RCE is on KEV — shells still landing

PTC Windchill PDMLink and FlexPLM ship an unauth deserialization RCE. CISA added it to KEV on 2026-06-25. Unpatched instances are still catching JSP webshells.

read →
~/articles/2026-07-11-acsc-cms-plugin-exploitation-advisory-18-cves
Australia's ACSC names 18 CMS bugs under exploitation
Analysis
threat intel

Australia's ACSC names 18 CMS bugs under exploitation

Australia's ACSC named 18 CVEs across WordPress plugins, Craft CMS, Joomla JCE, and more as active exploitation targets, with attackers dropping webshells.

read →
~/articles/2026-07-11-gitea-docker-cve-2026-20896-sysdig-csa-1264-regression
Gitea Docker Auth Bypass: Patch 1.26.4, CSA Confirms
gitea

Gitea Docker Auth Bypass: Patch 1.26.4, CSA Confirms

Sysdig confirms the first in-the-wild hit on Gitea Docker CVE-2026-20896; Singapore CSA now warns customers; 1.26.3 shipped with a regression, so run 1.26.4.

read →
~/articles/2026-07-11-u-boot-libfdt-fit-parsing-six-brly-flaws
Six U-Boot flaws trace to one libfdt helper
ics ot

Six U-Boot flaws trace to one libfdt helper

Binarly disclosed six bugs in U-Boot's FIT-image parsing on July 9 — two potential RCE, four DoS — all tracing to unchecked libfdt calls present since 2013.07.

read →
~/articles/2026-07-11-ghostcommit-png-prompt-injection-coderabbit-bugbot
Ghostcommit and the reviewers that don't open the PNG
Analysis
threat intel

Ghostcommit and the reviewers that don't open the PNG

A PNG carrying prompt injection slips past AI code reviewers that never open image files, then talks a coding agent into exfiltrating a repo's .env secrets as a list of numbers.

read →
~/articles/2026-07-11-modbeacon-silver-fox-rust-rat-grpc-c2-qianxin
Silver Fox ships MODBEACON, a Rust RAT with gRPC C2
threat intel

Silver Fox ships MODBEACON, a Rust RAT with gRPC C2

QiAnXin attributes a new Rust-based RAT called MODBEACON to Silver Fox, using gRPC streaming for encrypted C2 and SEO-poisoned installers for delivery.

read →