Critical Nginx UI flaw CVE-2026-27944 exposes server backups

Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data on public management interfaces. A critical vulnerability in Nginx UI, tracked as CVE-2026-27944 (CVSS score of 9.8), allows attackers to download and decrypt full server backups without authentication. The flaw poses a serious risk to organizations exposing the management […]

Nginx UI Vulnerabilities Let Attackers Download Full System Backups

itsecuritynews.info - 07:34

A critical security flaw has been discovered in Nginx UI that allows unauthenticated threat actors to download and decrypt complete system backups....

Critical Zyxel router flaw exposed devices to remote attacks

itsecuritynews.info - 25/Feb 21:34

Zyxel fixed a critical flaw in multiple routers that lets unauthenticated attackers remotely execute commands on vulnerable devices. Zyxel addressed a...

Critical Zyxel router flaw exposed devices to remote attacks

itsecuritynews.info - 25/Feb 21:34

Zyxel fixed a critical flaw in multiple routers that lets unauthenticated attackers remotely execute commands on vulnerable devices. Zyxel addressed a...

Critical Zyxel router flaw exposed devices to remote attacks

securityaffairs.co - 25/Feb 20:28

Zyxel fixed a critical flaw in multiple routers that lets unauthenticated attackers remotely execute commands on vulnerable devices. Zyxel addressed a...

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

securityaffairs.co - 26/Feb 11:40

Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability,...

Chrome security flaw enabled spying via Gemini Live assistant

securityaffairs.co - 03/Mar 08:48

A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto...

Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking

itsecuritynews.info - 08/Mar 03:34

A critical vulnerability in AVideo, a widely used open-source video hosting and streaming platform. Tracked as CVE-2026-29058, this zero-click flaw...

Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking

itsecuritynews.info - 08/Mar 03:34

A critical vulnerability in AVideo, a widely used open-source video hosting and streaming platform. Tracked as CVE-2026-29058, this zero-click flaw...

CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

securityaffairs.co - 23/Feb 12:09

Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems....

Critical ServiceNow AI Platform Vulnerability Enables Remote Code Execution

itsecuritynews.info - 26/Feb 14:05

A critical vulnerability in an enterprise AI platform has been patched, addressing a flaw that could allow unauthenticated remote code execution....

Rubriques :

Critical Nginx UI flaw CVE-2026-27944 exposes server backups

Articles similaires

Nginx UI Vulnerabilities Let Attackers Download Full System Backups

Critical Zyxel router flaw exposed devices to remote attacks

Critical Zyxel router flaw exposed devices to remote attacks

Critical Zyxel router flaw exposed devices to remote attacks

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

Chrome security flaw enabled spying via Gemini Live assistant

Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking

Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking

CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

Critical ServiceNow AI Platform Vulnerability Enables Remote Code Execution

Les derniers communiqués