SysAdmin 24x7

16 April 2026 17:15

Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001

Date: 2026-April-15
Security risk: Critical
CVE IDs: CVE-2026-6365

Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which which can lead to a cross-site scripting (XSS) vulnerability.

https://www.drupal.org/sa-core-2026-001

SysAdmin 24x7

16 April 2026 17:12

Cisco Identity Services Engine Remote Code Execution Vulnerabilities

Advisory ID: cisco-sa-ise-rce-4fverepv
First Published: 2026 April 15 16:00 GMT
Version 1.0: Final
Cisco Bug IDs: CSCwq21242 CSCwq22993
CVSS Score: Base 9.9

Vulnerable Products
These vulnerabilities affect Cisco ISE, regardless of device configuration

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv

SysAdmin 24x7

15 April 2026 19:28

Múltiples vulnerabilidades en Identity Exposure de Tenable

Fecha 15/04/2026
Importancia 5 - Crítica

Recursos Afectados
Tenable Identity Exposure, versión 3.77.16 y anteriores.

Descripción
Tenable ha publicado un aviso donde informa de 19 vulnerabilidades, 1 de severidad crítica, 10 altas, 6 medias y 3 bajas. En caso de ser explotadas podrían permitir la lectura de ficheros sensibles, entre otras acciones.

Solución
Actualizar el producto a la versión 3.77.17.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-identity-exposure-de-tenable

SysAdmin 24x7

15 April 2026 19:27

Múltiples vulnerabilidades en productos de Adobe

Fecha 15/04/2026
Importancia 4 - Alta

Recursos Afectados
Acrobat DC, versiones 26.001.21411, 26.001.21367 y anteriores;
Acrobat Reader DC, versiones 26.001.21411, 26.001.21367 y anteriores;
Acrobat 2024, versión 24.001.30356 y anteriores:
Acrobat 2024 Windows, versión 24.001.30362 y anteriores;
Acrobat 2024 Mac, versión 24.001.30360 y versiones anteriores;
Adobe InDesign, versiones ID21.2, ID20.5.2 y todas las anteriores;
Adobe InCopy , versiones 21.2, 20.5.2 y anteriores;
Adobe Experience Manager (AEM) Screens, versiones 6.5 Service Pack 24, Feature Pack 11.7 o anteriores;
Adobe FrameMaker, actualización de lanzamiento 8 de 2022 y versiones anteriores;
Adobe Connect, versión 12.10 y anteriores;
Aplicación de escritorio Adobe Connect, versión 2025.3 y anteriores;
ColdFusion 2025, actualización 6 y versiones anteriores;
ColdFusion 2023, actualización 18 y versiones anteriores;
Adobe Bridge, versiones 15.1.4 (LTS), 16.0.2 y anteriores;
Photoshop 2026, versión 27.4 y anteriores;
Adobe DNG Software Development Kit (SDK), SDK de DNG 1.7.1 compilación 2502 y versiones anteriores;
Illustrator 2025, versión 29.8.5 y anteriores;
Ilustrador 2026, versión 30.2 y versiones anteriores.

https://www.incibe.es/empresas/avisos/multiples-vulnerabilidades-en-productos-de-adobe

SysAdmin 24x7

14 April 2026 23:40

Microsoft - April 2026 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr

SysAdmin 24x7

08 April 2026 13:53

CVE-2026-34040 Detail
Description
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

https://nvd.nist.gov/vuln/detail/CVE-2026-34040
https://explore.alas.aws.amazon.com/CVE-2026-34040.html
https://github.com/moby/moby/releases/tag/docker-v29.3.1

SysAdmin 24x7

06 April 2026 14:38

Product Release Advisory - VMware Tanzu for MySQL on Kubernetes 2.0.2

Advisory ID: TNZ-2026-0257
Severity: Critical
Issue Date: 2026-04-02

Synopsis
Many critical & high vulnerabilities were found in MySQL for Kubernetes 2.0.1, which is addressed in MySQL for Kubernetes 2.0.2

Product Version Release Advisory
VMware Tanzu for MySQL on Kubernetes

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37340

SysAdmin 24x7

06 April 2026 07:22

Cisco Integrated Management Controller Authentication Bypass Vulnerability

Advisory ID: cisco-sa-cimc-auth-bypass-AgG2BxTn
First Published: 2026 April 1 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCwq55648 CSCwq55659 CSCwq68912
CVE-2026-20093
CWE-20
CVSS Score: Base 9.8

Summary
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin.
This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn

SysAdmin 24x7

26 March 2026 10:14

Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability

Advisory ID: cisco-sa-fmc-rce-NKhnULJh
First Published: 2026 March 4 16:00 GMT
Last Updated: 2026 March 25 14:21 GMT
Version 1.2: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCwt14636
CVSS Score: Base 10.0
CVE-2026-20131

Summary
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.
Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh

SysAdmin 24x7

24 March 2026 08:35

Múltiples vulnerabilidades en productos UniFi Network y UniFi Express de Ubiquiti

Fecha 23/03/2026
Importancia 5 - Crítica

Recursos Afectados
Según la vulnerabilidad, los productos afectados son:
CVE-2026-22557 y CVE-2026-22558:
Lanzamiento oficial: aplicación UniFi Network, versión 10.1.85 y anteriores;
Lanzamiento candidato: aplicación UniFi Network, versión 10.2.93 y anteriores;
UniFi Express (UX): aplicación UniFi Network, versión 9.0.114 y anteriores.
CVE-2026-22559:
Servidor de red UniFi, versión 10.1.85 y anteriores.

Descripción
n00r3(@izn0u), Garett Kopcha (@0x5t) y Shubham Gupta (@hackerspider1) han descubierto 3 vulnerabilidades, una de ellas de severidad crítica y 2 alta. En caso de ser explotadas podrían permitir el acceso a ficheros no autorizados, la escalada de privilegios y el acceso no autorizado a una cuenta.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-ubiquiti

SysAdmin 24x7

22 March 2026 13:47

21 de marzo de 2026: KB5085516 (compilaciones del SO 26200.8039 y 26100.8039) Fuera de banda

Compilaciones del SO 26200.8039 y 26100.8039
Windows 11 version 25H2, all editions Windows 11 version 24H2, all editions

https://support.microsoft.com/es-es/topic/21-de-marzo-de-2026-kb5085516-compilaciones-del-so-26200-8039-y-26100-8039-fuera-de-banda-09e85404-1cb6-4ed4-9ca5-3e40d74307b9

SysAdmin 24x7

18 March 2026 19:07

CVE-2026-28779: Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Severity: Medium

Affected versions:
- Apache Airflow (apache-airflow) 3.0.0 before 3.1.8

https://lists.apache.org/thread/r4n5znb8mcq14wo9v8ndml36nxlksdqb

SysAdmin 24x7

17 March 2026 10:37

🔍 CVEf CVE-2026-4312 - DrangSoft｜GCB/FCB Audit Software - Missing Authentication

CVE ID :CVE-2026-4312
Published : March 17, 2026

Description :
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative accou…

https://nvd.nist.gov/vuln/detail/CVE-2026-4312

SysAdmin 24x7

15 March 2026 09:01

HPESBNW05027 rev.1 - HPE Aruba Networking AOS-CX, Multiple Vulnerabilities

Last Updated: 2026-03-13
Release Date: 2026-03-10

Potential Security Impact: Remote: Access Restriction Bypass, Code Execution, URL Redirection



Advisory ID: HPESBNW05027
CVE: CVE-2026-23813, CVE-2026-23814, CVE-2026-23815,
CVE-2026-23816, CVE-2026-23817
Publication Date: 2026-Mar-10
Status: Confirmed
Severity: Critical
Revision: 1

Affected Products
HPE Aruba Networking AOS-CX Software Version(s):
AOS-CX 10.17.xxxx: 10.17.0001 and below
AOS-CX 10.16.xxxx: 10.16.1020 and below
AOS-CX 10.13.xxxx: 10.13.1160 and below
AOS-CX 10.10.xxxx: 10.10.1170 and below

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027en_us

SysAdmin 24x7

14 March 2026 10:56

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Released: Mar 10, 2026
Last updated: Mar 13, 2026
Assigning CNA Microsoft
Impact Remote Code Execution
Max Severity Important

https://msrc.microsoft.com/update-guide/es-es/vulnerability/CVE-2026-25173

SysAdmin 24x7

16 April 2026 17:13

Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities

Advisory ID: cisco-sa-ise-rce-traversal-8bYndVrZ
First Published: 2026 April 15 16:00 GMT
Version 1.0: Final
Cisco Bug IDs: CSCws52717 CSCws52738
CVSS Score: Base 9.9

Vulnerable Products
These vulnerabilities affect Cisco ISE and Cisco ISE-PIC, regardless of device configuration

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ

SysAdmin 24x7

16 April 2026 17:11

Cisco Webex Services Certificate Validation Vulnerability

Advisory ID: cisco-sa-webex-cui-cert-8jSZYhWL
First Published: 2026 April 15 16:00 GMT
Version 1.0: Final
Cisco Bug IDs: CSCwt37111
CVSS Score: Base 9.8

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL

SysAdmin 24x7

15 April 2026 19:28

Múltiples vulnerabilidades en FortiSandbox

Fecha 15/04/2026
Importancia 5 - Crítica

Recursos Afectados
FortiSandbox 4.4, desde la versión 4.4.0 hasta la 4.4.8.
Solo para la vulnerabilidad CVE-2026-39813 también se ve afectado:
FortiSandbox 5.0, desde la versión 5.0.0 hasta la 5.0.5.

Descripción
Samuel de Lucas Maroto de KPMG Spain y Loic Pantano de Fortinet PSIRT han descubierto 2 vulnerabilidades de severidad crítica que, en caso de ser explotadas, podrían permitir a un atacante ejecutar comandos no autorizados o evitar la autenticación en el sistema.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-fortisandbox

SysAdmin 24x7

15 April 2026 19:27

Múltiples vulnerabilidades en Fusion Desktop de Autodesk

Fecha 15/04/2026
Importancia 4 - Alta

Recursos Afectados
Autodesk Fusion Desktop en la versión 2606.0 y todas las anteriores.

Descripción
Abdul-lateef Yusuff Goke de Alpha Aquila y Karim Belfodil de qatada han reportado 3 vulnerabilidades de severidad alta que, en caso de explotarse, podrían facilitar a un atacante leer archivos locales o ejecutar código arbitrario.

Solución
Se recomienda encarecidamente instalar la versión 2702.1.47 o posterior para estar protegido ante estas vulnerabilidades. Para su instalación, consulte el enlace de las referencias.

https://www.incibe.es/empresas/avisos/multiples-vulnerabilidades-en-fusion-desktop-de-autodesk

SysAdmin 24x7

14 April 2026 14:34

SAP Security Patch Day - April 2026

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html

SysAdmin 24x7

06 April 2026 14:42

SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

Project: SAML SSO - Service Provider
Date: 2026-April-01
Security risk: Critical
Vulnerability: Authentication bypass
Affected versions: <3.1.4
CVE IDs: CVE-2026-5343

Description:
This module enables you to perform SAML-protocol-based single-sign-on (SSO) on a Drupal site.
The module doesn't sufficiently block access, leading to a authentication bypass vulnerability.

Solution:
Install the latest version:

https://www.drupal.org/sa-contrib-2026-031

SysAdmin 24x7

06 April 2026 08:46

DSA-6197-1
Name: DSA-6197-1
Description: dovecot - security update
Source: Debian
References: CVE-2025-59031, CVE-2025-59032, CVE-2026-27855, CVE-2026-27856, CVE-2026-27857, CVE-2026-27858, CVE-2026-27859

Vulnerable and fixed packages
The table below lists information on source packages.
Source Package Release Version Status
dovecot (PTS)
bookworm 1:2.3.19.1+dfsg1-2.1+deb12u1 vulnerable
bookworm (security) 1:2.3.19.1+dfsg1-2.1+deb12u2 fixed
trixie 1:2.4.1+dfsg1-6+deb13u3 vulnerable
trixie (security) 1:2.4.1+dfsg1-6+deb13u4 fixed

https://security-tracker.debian.org/tracker/DSA-6197-1

SysAdmin 24x7

04 April 2026 22:33

API authentication and authorization bypass

IR Number FG-IR-26-099
Published Date Apr 4, 2026
Severity Critical
Discovered External
Attack Type Unauthenticated
Known Exploited No
CVSSv3 Score 9.1
Impact Escalation of privilege

Version Affected Solution
FortiClientEMS 7.4 7.4.5 through 7.4.6 Upgrade to upcoming 7.4.7 or above
FortiClientEMS 7.2 Not affected Not Applicable

https://fortiguard.fortinet.com/psirt/FG-IR-26-099

SysAdmin 24x7

26 March 2026 10:05

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application.

The vulnerabilities are listed below -

⚠️ CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread

⚠️ CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user session mixup

https://thehackernews.com/2026/03/citrix-urges-patching-critical.html

SysAdmin 24x7

24 March 2026 08:35

Escritura fuera de límites en telnetd afecta a productos de Synology

Fecha 23/03/2026
Importancia 5 - Crítica

Recursos Afectados
DSM versión 7.3;
DSM versión 7.2.2;
DSM versión 7.2.1;
DSMUC versión 3.1.

Descripción
Synology ha informado sobre 1 vulnerabilidad crítica que afecta a DiskStation Manager (DSM) que, en caso de ser explotada, podría permitir a atacantes remotos no autenticados ejecutar comandos arbitrarios.

Solución
Se recomienda actualizar los productos a las siguientes versiones o desactivar el servicio Telnet para reducir el riesgo.
7.3.2-86009-3 o superior;
7.2.2-72806-8 o superior;
7.2.1-69057-11 o superior.
Para el producto DSMUC 3.1 no hay actualización por el momento ya que esta está en curso de realizarse.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/escritura-fuera-de-limites-en-telnetd-afecta-productos-de-synology

SysAdmin 24x7

18 March 2026 19:07

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries.
In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's s…

https://thehackernews.com/2026/03/ai-flaws-in-amazon-bedrock-langsmith.html

SysAdmin 24x7

18 March 2026 11:58

Ejecución de código en remoto sin autenticación en Langflow

Fecha 18/03/2026
Importancia 5 - Crítica

Recursos Afectados
Langflow, versión 1.8.1 y anteriores.

Descripción
Langflow ha informado de una vulnerabilidad de severidad crítica que, en caso de ser explotada, podría permitir la ejecución de código en remoto sin autenticación.

Solución
Por el momento no existe un parche que resuelva el problema, sin embargo, se recomienda reconfigurar el producto de la siguiente forma para evitar verse afectado por esta vulnerabilidad:
En ' build_public_tmp' eliminar el parámetro ' data'. Los flujos públicos solo deberían ejecutar sus flujos de datos almacenados, no los proporcionados por un atacante.
En ' generate_flow_events → create_graph()', la única ruta que debería estar habilitada para peticiones no autenticadas es ' build_graph_from_db'.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/ejecucion-de-codigo-en-remoto-sin-autenticacion-en-langflow

SysAdmin 24x7

17 March 2026 09:09

🔍 CVEf CVE-2026-4254 - Tenda AC8 HTTP Endpoint SysToolChangePwd doSystemCmd stack-based overflow

CVE ID :CVE-2026-4254
https://nvd.nist.gov/vuln/detail/CVE-2026-4254

SysAdmin 24x7

14 March 2026 10:56

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Released: Mar 10, 2026
Last updated: Mar 13, 2026
Assigning CNA Microsoft
Impact Remote Code Execution
Max Severity Important

https://msrc.microsoft.com/update-guide/es-es/vulnerability/CVE-2026-25111

SysAdmin 24x7

14 March 2026 10:55

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Released: Mar 10, 2026
Last updated: Mar 13, 2026
Assigning CNA Microsoft
Impact Remote Code Execution
Max Severity Important

https://msrc.microsoft.com/update-guide/es-es/vulnerability/CVE-2026-25172