Security threats and CVE advisories

Current security advisories selected for DataHouse infrastructure contexts: Linux, Windows Server, virtualization, databases, network services and business applications.

Security feed

Recent CVE advisories selected for server infrastructure

The feed is built from NVD, CISA KEV and EPSS signals, then translated and cached for DataHouse users.

Server administration
CVE-2026-0300CVSS 9.3CISA KEVFirewall

CVE-2026-0300: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewal...

Updated: 2026-06-17
CVE-2008-4250CVSS 9.8CISA KEVWindows

CVE-2008-4250: Microsoft Windows Buffer Overflow Vulnerability

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path can...

Updated: 2026-06-16
CVE-2026-33017CVSS 9.3CISA KEVRuntime

CVE-2026-33017: Langflow Code Injection Vulnerability

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parame...

Updated: 2026-06-17
CVE-2026-39987CVSS 9.3CISA KEVRuntime

CVE-2026-39987: Marimo Remote Code Execution Vulnerability

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitra...

Updated: 2026-06-17
CVE-2026-21643CVSS 9.8CISA KEVFirewall

CVE-2026-21643: Fortinet FortiClient EMS SQL Injection Vulnerability

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Updated: 2026-06-17
CVE-2026-9082CVSS 9.8CISA KEVCMS

CVE-2026-9082: Drupal Core SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9,...

Updated: 2026-06-17
CVE-2026-33634CVSS 9.4CISA KEVContainers

CVE-2026-33634: Aquasecurity Trivy Embedded Malicious Code Vulnerability

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags ...

Updated: 2026-06-17
CVE-2026-0257CVSS 7.8CISA KEVFirewall

CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted ...

Updated: 2026-06-17
CVE-2026-42208CVSS 9.3CISA KEVKnown Exploited

CVE-2026-42208: BerriAI LiteLLM SQL Injection Vulnerability

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing...

Updated: 2026-06-29
CVE-2026-48172CVSS 10.0CISA KEVKnown Exploited

CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs...

Updated: 2026-06-17
CVE-2026-45321CVSS 9.6CISA KEVDNS

CVE-2026-45321: TanStack Unspecified Vulnerability

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack...

Updated: 2026-06-17
CVE-2026-34197CVSS 8.8CISA KEVWeb

CVE-2026-34197: Apache ActiveMQ Improper Input Validation Vulnerability

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolo...

Updated: 2026-06-30
CVE-2010-0249CVSS 8.8CISA KEVWindows

CVE-2010-0249: Microsoft Internet Explorer Use-After-Free Vulnerability

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attacke...

Updated: 2026-06-16
CVE-2025-34291CVSS 9.4CISA KEVKnown Exploited

CVE-2025-34291: Langflow Origin Validation Error Vulnerability

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie...

Updated: 2026-06-17
CVE-2009-1537CVSS 8.8CISA KEVWindows

CVE-2009-1537: Microsoft DirectX NULL Byte Overwrite Vulnerability

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a...

Updated: 2026-06-16
CVE-2010-0806CVSS 8.8CISA KEVWindows

CVE-2010-0806: Microsoft Internet Explorer Use-After-Free Vulnerability

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object,...

Updated: 2026-06-16
CVE-2026-42271CVSS 8.7CISA KEVKnown Exploited

CVE-2026-42271: BerriAI LiteLLM Command Injection Vulnerability

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/l...

Updated: 2026-06-30
CVE-2009-0238CVSS 8.8CISA KEVWindows

CVE-2009-0238: Microsoft Office Remote Code Execution

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attac...

Updated: 2026-06-16
CVE-2026-28318CVSS 7.5CISA KEVKnown Exploited

CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are...

Updated: 2026-06-17
CVE-2026-34909CVSS 10.0CISA KEVKnown Exploited

CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

Updated: 2026-06-24
CVE-2026-48027CVSS 9.3CISA KEVKnown Exploited

CVE-2026-48027: Nx Console Embedded Malicious Code Vulnerability

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX...

Updated: 2026-06-17
CVE-2025-29635CVSS 7.2CISA KEVKnown Exploited

CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote comma...

Updated: 2026-06-17
CVE-2009-3459CVSS 8.8CISA KEVKnown Exploited

CVE-2009-3459: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009....

Updated: 2026-06-16
CVE-2023-27351CVSS 7.5CISA KEVKnown Exploited

CVE-2023-27351: PaperCut NG/MF Improper Authentication Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class....

Updated: 2026-06-17
CVE-2024-21182CVSS 7.5CISA KEVKnown Exploited

CVE-2024-21182: Oracle WebLogic Server Unspecified Vulnerability

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Updated: 2026-06-17
CVE-2020-9715CVSS 7.8CISA KEVKnown Exploited

CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Updated: 2026-06-17
CVE-2024-57726CVSS 9.9CISA KEVKnown Exploited

CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Updated: 2026-06-17
CVE-2022-0492CVSS 7.8CISA KEVLinux

CVE-2022-0492: Linux Kernel Improper Authentication Vulnerability

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namesp...

Updated: 2026-06-17