Friday , July 10 2026

Vulnerabilities

TP-Link Router Flaw Allows Auth Bypass Via Password Recovery Mechanism

password

A critical security flaw in TP-Link’s VIGI surveillance cameras allows attackers on local networks to change admin passwords without permission. CVE-2026-0629 identifies a critical flaw in the camera’s web interface password recovery, rated 8.7 on the CVSS v4.0 scale. The authentication bypass issue arises from incorrect client-side state handling in …

Read More »

Cisco 0-Day RCE Secure Email Gateway Vuln actively Exploited

Secure Email Gateway

Cisco has confirmed that a serious zero-day vulnerability allowing remote code execution is being actively exploited in its Secure Email Gateway and Secure Email and Web Manager appliances. The CVE-2025-20393 flaw lets unauthorized attackers run arbitrary root commands by sending specific HTTP requests to the Spam Quarantine feature. Cisco aware …

Read More »

Chrome 144 Released, Fixing 10 V8 Engine Vulnerabilities

Chrome 144

Google has released Chrome 144 for Windows, Mac, and Linux, fixing 10 security issues, mainly in the V8 JavaScript engine. The rollout is scheduled to reach users progressively over the coming days and weeks. Critical Security Patches for V8 Engine: Chrome version 144.0.7559.59 for Linux and 144.0.7559.59/60 for Windows and …

Read More »

Node.js Security Release Patches 7 Vulns Across Releases

Node.js

Node.js released security updates on January 13, 2026, fixing vulnerabilities that could cause memory leaks, denial-of-service attacks, and permission bypasses. These updates fix three critical vulnerabilities, among others, urging immediate upgrades for affected systems. High Severity Vulnerabilities: CVE-2025-55131 reveals critical flaws in Buffer.alloc and Uint8Array, resulting from timeout races in …

Read More »

Microsoft Patch Tuesday January 2026 addresses 3 zero-days and 114 flaws

January

Microsoft’s January 2026 updates address 114 vulnerabilities, including critical remote code execution bugs in Office apps and Windows services like LSASS. This Patch Tuesday fixes critical vulnerabilities that allow remote code execution and several privilege escalation problems that could let attackers take over systems. The number of bugs in each …

Read More »

CISA orders feds to fix Gogs RCE vuln exploited in zero-day attacks

Gogs

CISA has instructed government agencies to protect their systems from Gogs vulnerability exploited in zero-day attacks. Designated as CVE-2025-8110, this remote code execution (RCE) vulnerability originates from a path traversal issue within the PutContents API. It empowers authenticated attackers to circumvent the safety measures established for a previously resolved RCE …

Read More »

CIRT Alert
35 unique IP vulnarable via n8n (CVE:2026-21858) instances in Bangladesh

35

A total of 35 unique IP addresses have been identified exploitable via n8n instances (CVE: 2026-21858). BGD e-GOV CIRT advisory said, these IP address seems to be demonstrating active exploitation activity, indicating real-world targeting and compromise of vulnerable deployments. Affected versons: • n8n self-hosted instances running versions 1.65.0 to below …

Read More »

Over 10,000 Fortinet Firewalls Exposed to 5-Year-Old MFA Bypass Vuln

5

Over 10,000 Fortinet firewalls globally are still vulnerable to CVE-2020-12812, a flaw that allows bypassing multi-factor authentication (MFA) and was revealed over five years ago. Shadowserver added this issue to its daily Vulnerable HTTP Report. CVE-2020-12812 is due to inadequate authentication in FortiOS SSL VPN portals, impacting versions 6.4.0, 6.2.0 …

Read More »

Fortinet Warns of 2020 FortiGate Flaw to Bypass 2FA

bypass 2FA

Fortinet warns that a three-year-old vulnerability allows attackers to bypass 2FA on FortiGate firewalls by merely altering the capitalization of usernames. The vulnerability FG-IR-19-283 (CVE-2020-12812) was reported and fixed in July 2020. Recently, it has been noted that attackers are exploiting this flaw in organizations that haven’t addressed specific configurations. …

Read More »