#patchnow — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #patchnow, aggregated by home.social.
-
📰 Critical 18-Year-Old 'NGINX Rift' Vulnerability (CVE-2026-42945) Under Active Attack
🚨 CRITICAL NGINX FLAW! An 18-year-old bug 'NGINX Rift' (CVE-2026-42945) is actively exploited for DoS & RCE. Affects millions of web servers. Patch immediately! #NGINX #CVE #Infosec #PatchNow
🌐 cyber[.]netsecops[.]io
-
📰 CISA Adds Seven New Vulnerabilities to 'Must-Patch' KEV Catalog
📢 CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are required to patch under BOD 22-01. All orgs are urged to prioritize these fixes to defend against active threats. #CISA #KEV #PatchNow ...
🌐 cyber[.]netsecops[.]io
-
«Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen:
Die CISA warnt vor Angriffen auf teils 18 Jahre alte Microsoft-Lücken. Patches schützen den Defender und Gegenmaßnahmen vor BitLocker-Lücke.»Hach ja, Microsoft und ihre Sicherheit. Abgesehen davon, System- so wie Softwareupdates IMMER so schnell wie möglich einspielen aber zu viele glauben Updates sind nicht wirklich wichtig.
#microsift #bitlocker #MSDefender #cisa #patch #PatchNOW #itsicherheit #update
-
«Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen:
Die CISA warnt vor Angriffen auf teils 18 Jahre alte Microsoft-Lücken. Patches schützen den Defender und Gegenmaßnahmen vor BitLocker-Lücke.»Hach ja, Microsoft und ihre Sicherheit. Abgesehen davon, System- so wie Softwareupdates IMMER so schnell wie möglich einspielen aber zu viele glauben Updates sind nicht wirklich wichtig.
#microsift #bitlocker #MSDefender #cisa #patch #PatchNOW #itsicherheit #update
-
«Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen:
Die CISA warnt vor Angriffen auf teils 18 Jahre alte Microsoft-Lücken. Patches schützen den Defender und Gegenmaßnahmen vor BitLocker-Lücke.»Hach ja, Microsoft und ihre Sicherheit. Abgesehen davon, System- so wie Softwareupdates IMMER so schnell wie möglich einspielen aber zu viele glauben Updates sind nicht wirklich wichtig.
#microsift #bitlocker #MSDefender #cisa #patch #PatchNOW #itsicherheit #update
-
«Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen:
Die CISA warnt vor Angriffen auf teils 18 Jahre alte Microsoft-Lücken. Patches schützen den Defender und Gegenmaßnahmen vor BitLocker-Lücke.»Hach ja, Microsoft und ihre Sicherheit. Abgesehen davon, System- so wie Softwareupdates IMMER so schnell wie möglich einspielen aber zu viele glauben Updates sind nicht wirklich wichtig.
#microsift #bitlocker #MSDefender #cisa #patch #PatchNOW #itsicherheit #update
-
«Attackierte MS-Defender-Lücken und BitLocker-Schutzmaßnahmen:
Die CISA warnt vor Angriffen auf teils 18 Jahre alte Microsoft-Lücken. Patches schützen den Defender und Gegenmaßnahmen vor BitLocker-Lücke.»Hach ja, Microsoft und ihre Sicherheit. Abgesehen davon, System- so wie Softwareupdates IMMER so schnell wie möglich einspielen aber zu viele glauben Updates sind nicht wirklich wichtig.
#microsift #bitlocker #MSDefender #cisa #patch #PatchNOW #itsicherheit #update
-
🔴 New security advisory:
CVE-2026-20182 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-20182-catalyst-sd-wan-bypass-grants-admin-access -
🔴 New security advisory:
CVE-2026-20182 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-20182-catalyst-sd-wan-bypass-grants-admin-access -
🔴 New security advisory:
CVE-2026-42945 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42945-nginx-plus-heap-overflow-unauth-poc -
🔴 New security advisory:
CVE-2026-42945 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42945-nginx-plus-heap-overflow-unauth-poc -
🚨 CVE-2026-44258: CRITICAL OS command injection in efwGrp efw4.X (<4.08.010). Attackers can copy/move files outside home dir, bypassing controls. Upgrade to 4.08.010+ ASAP! https://radar.offseq.com/threat/cve-2026-44258-cwe-78-improper-neutralization-of-s-147a3557 #OffSeq #CVE202644258 #infosec #patchnow
-
🚨 CVE-2026-44258: CRITICAL OS command injection in efwGrp efw4.X (<4.08.010). Attackers can copy/move files outside home dir, bypassing controls. Upgrade to 4.08.010+ ASAP! https://radar.offseq.com/threat/cve-2026-44258-cwe-78-improper-neutralization-of-s-147a3557 #OffSeq #CVE202644258 #infosec #patchnow
-
🚨 CVE-2026-44258: CRITICAL OS command injection in efwGrp efw4.X (<4.08.010). Attackers can copy/move files outside home dir, bypassing controls. Upgrade to 4.08.010+ ASAP! https://radar.offseq.com/threat/cve-2026-44258-cwe-78-improper-neutralization-of-s-147a3557 #OffSeq #CVE202644258 #infosec #patchnow
-
🚨 CVE-2026-44258: CRITICAL OS command injection in efwGrp efw4.X (<4.08.010). Attackers can copy/move files outside home dir, bypassing controls. Upgrade to 4.08.010+ ASAP! https://radar.offseq.com/threat/cve-2026-44258-cwe-78-improper-neutralization-of-s-147a3557 #OffSeq #CVE202644258 #infosec #patchnow
-
⚠️ CVE-2026-42288: ChurchCRM < 7.3.2 impacted by critical pre-auth RCE (CWE-94) via code injection in setup wizard. Unauthenticated attackers can take full control. Upgrade to 7.3.2+ ASAP! https://radar.offseq.com/threat/cve-2026-42288-cwe-94-improper-control-of-generati-052b937e #OffSeq #ChurchCRM #Vuln #RCE #PatchNow
-
⚠️ CVE-2026-42288: ChurchCRM < 7.3.2 impacted by critical pre-auth RCE (CWE-94) via code injection in setup wizard. Unauthenticated attackers can take full control. Upgrade to 7.3.2+ ASAP! https://radar.offseq.com/threat/cve-2026-42288-cwe-94-improper-control-of-generati-052b937e #OffSeq #ChurchCRM #Vuln #RCE #PatchNow
-
⚠️ CVE-2026-42288: ChurchCRM < 7.3.2 impacted by critical pre-auth RCE (CWE-94) via code injection in setup wizard. Unauthenticated attackers can take full control. Upgrade to 7.3.2+ ASAP! https://radar.offseq.com/threat/cve-2026-42288-cwe-94-improper-control-of-generati-052b937e #OffSeq #ChurchCRM #Vuln #RCE #PatchNow
-
⚠️ CVE-2026-42288: ChurchCRM < 7.3.2 impacted by critical pre-auth RCE (CWE-94) via code injection in setup wizard. Unauthenticated attackers can take full control. Upgrade to 7.3.2+ ASAP! https://radar.offseq.com/threat/cve-2026-42288-cwe-94-improper-control-of-generati-052b937e #OffSeq #ChurchCRM #Vuln #RCE #PatchNow
-
📰 MOVEit Automation Hit with Critical 9.8 CVSS Auth Bypass Flaw (CVE-2026-4670)
🚨 URGENT PATCH: A critical 9.8 CVSS auth bypass (CVE-2026-4670) is found in MOVEit Automation. Attacker could gain admin control. Given MOVEit's history, this is a major risk. Upgrade immediately! #MOVEit #CyberSecurity #Vulnerability #PatchNow
-
📰 MOVEit Automation Hit with Critical 9.8 CVSS Auth Bypass Flaw (CVE-2026-4670)
🚨 URGENT PATCH: A critical 9.8 CVSS auth bypass (CVE-2026-4670) is found in MOVEit Automation. Attacker could gain admin control. Given MOVEit's history, this is a major risk. Upgrade immediately! #MOVEit #CyberSecurity #Vulnerability #PatchNow
-
🔴 New security advisory:
CVE-2026-44336 affects Praison Praisonai.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-44336-praisonai-path-traversal-leads-to-rce -
🔴 New security advisory:
CVE-2026-44336 affects Praison Praisonai.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-44336-praisonai-path-traversal-leads-to-rce -
🔴 New security advisory:
CVE-2026-44335 affects Praison Praisonaiagents.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-44335-praisonai-ssrf-via-url-bypass -
🔴 New security advisory:
CVE-2026-41501 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41501-electerm-unauthenticated-rce -
🔴 New security advisory:
CVE-2026-41501 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41501-electerm-unauthenticated-rce -
🚨 New security advisory:
CVE-2026-42454 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42454-termix-server-rce-via-shell-injection -
🚨 New security advisory:
CVE-2026-42454 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42454-termix-server-rce-via-shell-injection -
🚨 New security advisory:
CVE-2026-41070 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41070-openvpn-auth-oauth2-bypasses-sso-auth -
🚨 New security advisory:
CVE-2026-41070 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41070-openvpn-auth-oauth2-bypasses-sso-auth -
📰 A Dozen Critical Sandbox Escape Flaws Found in Popular 'vm2' Node.js Library
📢 CRITICAL: A dozen sandbox escape vulnerabilities found in the popular 'vm2' Node.js library. Flaws (CVSS 9.8) allow for full host takeover. If you use vm2, update to version 3.11.2 immediately! #NodeJS #CyberSecurity #Vulnerability #PatchNow
-
📰 A Dozen Critical Sandbox Escape Flaws Found in Popular 'vm2' Node.js Library
📢 CRITICAL: A dozen sandbox escape vulnerabilities found in the popular 'vm2' Node.js library. Flaws (CVSS 9.8) allow for full host takeover. If you use vm2, update to version 3.11.2 immediately! #NodeJS #CyberSecurity #Vulnerability #PatchNow
-
🟢 New security advisory:
CVE-2026-0300 affects multiple systems.
• Impact: Security weakness that could be exploited
• Risk: Potential for targeted attacks
• Mitigation: Schedule patching in your next maintenance windowFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-0300-pan-os-unauth-rce-exploited-in-the-wild-poc -
🟢 New security advisory:
CVE-2026-0300 affects multiple systems.
• Impact: Security weakness that could be exploited
• Risk: Potential for targeted attacks
• Mitigation: Schedule patching in your next maintenance windowFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-0300-pan-os-unauth-rce-exploited-in-the-wild-poc -
🔴 New security advisory:
CVE-2026-24118 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-24118-vm2-sandbox-breakout-host-rce -
🔴 New security advisory:
CVE-2026-24120 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-24120-vm2-sandbox-escape-rce -
🔴 New security advisory:
CVE-2026-24120 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-24120-vm2-sandbox-escape-rce -
🚨 New security advisory:
CVE-2026-26332 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-26332-vm2-sandbox-escape-rce -
MoveIT, encore dans l'actualité. Progress vient de corriger une faille critique dans MoveIT Automation — un rappel que les outils de transfert de fichiers restent une surface d'attaque très surveillée, des deux côtés. Si vous utilisez MoveIT, le calendrier de mise à jour mérite un coup d'œil rapide aujourd'hui plutôt que demain. ☕ #infosec #CVE #patchnow
https://www.lemondeinformatique.fr/actualites/lire-progress-comble-une-faille-critique-dans-moveit-automation-100094.html -
🚨 New security advisory:
CVE-2026-42811 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42811-polaris-bucket-wide-credential-leak -
🚨 New security advisory:
CVE-2026-42811 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42811-polaris-bucket-wide-credential-leak -
🟠 New security advisory:
CVE-2026-43824 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hoursFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-43824-argocd-diff-leaks-k8s-secret-data -
🟠 New security advisory:
CVE-2026-43824 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hoursFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-43824-argocd-diff-leaks-k8s-secret-data -
🔴 New security advisory:
CVE-2026-42472 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42472-mixphp-unauth-rce-via-deserialization -
🔴 New security advisory:
CVE-2026-42778 affects Apache Mina.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-42778-apache-mina-iobuffer-rce-patch-bypass -
⚠️ New security advisory:
CVE-2026-36957 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hoursFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-36957-dbit-n300-t1-pro-dos-crashes-router -
📰 MOVEit Automation Hit with Critical 9.8 CVSS Auth Bypass Flaw (CVE-2026-4670)
🚨 URGENT PATCH: A critical 9.8 CVSS auth bypass (CVE-2026-4670) is found in MOVEit Automation. Attacker could gain admin control. Given MOVEit's history, this is a major risk. Upgrade immediately! #MOVEit #CyberSecurity #Vulnerability #PatchNow
-
📰 MOVEit Automation Hit with Critical 9.8 CVSS Auth Bypass Flaw (CVE-2026-4670)
🚨 URGENT PATCH: A critical 9.8 CVSS auth bypass (CVE-2026-4670) is found in MOVEit Automation. Attacker could gain admin control. Given MOVEit's history, this is a major risk. Upgrade immediately! #MOVEit #CyberSecurity #Vulnerability #PatchNow
-
🚨 New security advisory:
CVE-2022-50993 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systemsFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2022-50993-fanwei-e-office-unauth-file-upload-rce -
🔶 New security advisory:
CVE-2026-34965 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hoursFull breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34965-cockpit-cms-authenticated-rce