

labs.watchtowr.com12d ago
undercodetesting.com14d ago
CVE-2026-48558 lets attackers forge OIDC identity tokens to gain fully authenticated technician sessions in SimpleHelp RMM, enabling file transfer, command execution, and malware deployment.
CVE-2026-46817 is a critical Oracle Payments flaw actively exploited in the wild, enabling unauthenticated network access over HTTP to take over vulnerable instances.




undercodetesting.com1mo ago



In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk.
Casdoor contains multiple authentication bypass and access management vulnerabilities

Scan your Starlette or FastAPI server for CVE-2026-48710 (BadHost): a critical auth bypass via Host header injection affecting MCP servers, LLM proxies, AI agent frameworks, and thousands of Python ASGI applications.
