CVE-2026-38059: CWE-306 Missing authentication for critical function in ST Engineering iDirect Evolution iQ‑Series terminals
ST Engineering iDirect Evolution iQ-Series terminals have a vulnerability (CVE-2026-38059) where critical REST API endpoints (/api/identity and /api/) are exposed without authentication. This allows…
Read the full articleYou might also wanna read
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig
CVE-2026-48558: Critical Authentication Bypass Vulnerability in SimpleHelp RMM Exploited for Credential Theft and Malware Delivery
Summary CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software, caus
Critical SimpleHelp Vulnerability (CVE-2026-48558) Enables Malware Delivery via Forged Authentication Tokens
CVE-2026-48558 lets attackers forge OIDC identity tokens to gain fully authenticated technician sessions in SimpleHelp RMM, enabling file tr
Critical PTC Windchill Vulnerability CVE-2026-12569 Actively Exploited; CISA Orders Federal Remediation
CVE-2026-12569 affects PTC Windchill and FlexPLM and stems from improper input validation. A remote, unauthenticated attacker can exploit it
CVE-2026-5667: Unauthenticated Remote Control Vulnerability in Mitsubishi MAC-577IF-2E WiFi Air Conditioner Adapters
"CVE-2026-5667 – Unauthenticated remote control of Mitsubishi MAC-577IF-2E WiFi air conditioner adapters discovered via citywide probe reque

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along

Comments
Sign in to join the conversation.
No comments yet. Be the first.