Robuta

https://www.cybersecuritydive.com/news/critical-cve-fortinet-exploited/729736/ Critical CVE in 4 Fortinet products actively exploited | Cybersecurity Dive CISA added the format string vulnerability to its known exploited vulnerabilities catalog last week, months after it was first disclosed by the company. critical cvein 4fortinetproductsactively https://www.cybersecuritydive.com/news/apache-ofbiz-cve-exploitation/703788/ Apache OFBiz critical CVE leads to surge in exploitation attempts | Cybersecurity Dive A patch for a prior vulnerability failed to resolve the root cause of an issue, leading to additional threat activity. apache ofbizcritical cve https://securityaffairs.com/151107/security/gitlab-critical-vulnerability-cve-2023-5009.html GitLab addressed critical vulnerability CVE-2023-5009 Sep 20, 2023 - GitLab rolled out security patches to address a critical flaw (CVE-2023-5009) that can be exploited to run pipelines as another user. critical vulnerabilitygitlabaddressedcve2023 https://securityaffairs.com/111743/hacking/darkirc-oracle-weblogic-cve-2020-14882.html DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882 Dec 1, 2020 - The critical remote code execution flaw CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. oracle weblogicbotnettargeting https://www.trendmicro.com/en_us/research/25/d/incomplete-nvidia-patch.html Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks |... Apr 10, 2025 - A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and... https://grafana.com/blog/grafana-security-release-critical-and-high-severity-security-fixes-for-cve-2026-27876-and-cve-2026-27880/?pg=blog-ai-observability-mcp-servers&plcmt=up-next-3 Grafana security release: Critical and high severity security fixes for CVE-2026-27876 and... Today we are releasing Grafana 12.4.2 along with security patches for Grafana 12.3, 12.2, 12.1, and 11.6, which include critical and high severity security... security release https://securityaffairs.com/181614/hacking/over-28000-citrix-instances-remain-exposed-to-critical-rce-flaw-cve-2025-7775.html Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775 Aug 27, 2025 - Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to critical RCE flaw CVE-2025-7775, already under active exploitation. https://securityaffairs.com/190471/security/attackers-exploit-critical-flowise-flaw-cve-2025-59528-for-remote-code-execution.html Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution Apr 7, 2026 - Attackers are exploiting a critical Flowise flaw CVE-2025-59528 to run arbitrary code and access systems via unvalidated JavaScript. https://www.turnkeylinux.org/comment/19765 TurnKey 13 critical security issue (Heartbleed / CVE-2014-0160) | TurnKey GNU/Linux Without action, your TurnKey 13 installations may remain vulnerable to the critical Heartbleed OpenSSL attack (DSA-2896-1 CVE-2014-0160). This is not a... cve 2014 0160security issueturnkey13critical https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE Apache fixes CVE-2026-23918 in HTTP/2; double-free flaw enables DoS and RCE, impacting version 2.4.66 users. https://www.turnkeylinux.org/comment/19827 TurnKey 13 critical security issue (Heartbleed / CVE-2014-0160) | TurnKey GNU/Linux Without action, your TurnKey 13 installations may remain vulnerable to the critical Heartbleed OpenSSL attack (DSA-2896-1 CVE-2014-0160). This is not a... cve 2014 0160security issueturnkey13critical https://www.trendmicro.com/pl_pl/research/25/d/incomplete-nvidia-patch.html Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks |... Apr 10, 2025 - A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and... https://www.bitdefender.com/en-us/blog/businessinsights/advisory-react2shell-critical-unauthenticated-rce-in-react-cve-2025-55182 Technical Advisory: React2Shell Critical Unauthenticated RCE in React (CVE-2025-55182) TL;DR Ransomware groups are expected to rapidly weaponize this critical (CVSS 10. technical advisoryreact2shellcritical https://www.trendmicro.com/es_mx/research/25/f/langflow-vulnerability-flodric-botnet.html Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet |... Jun 17, 2025 - This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to... https://www.turnkeylinux.org/blog/jenkins-remote-code-execution?page=3 CVE-2015-8103: Critical remotely exploitable security hole in existing TurnKey Jenkins deployments... Thanks to ElColmo it has come to our attention that existing deployments of TurnKey Jenkins are still vulnerable to CVE-2015-8103, a critical issue that allows... https://www.helpnetsecurity.com/2025/10/07/redis-patches-critical-redishell-rce-vulnerability-update-asap-cve-2025-49844/?ref=blog.onsec.io Redis patches critical "RediShell" RCE vulnerability, update ASAP! (CVE-2025-49844) - Help Net... Oct 7, 2025 - Redis has released patches for a critical vulnerability (CVE-2025-49844) that may allow attackers full access to the underlying host system.