Skip to main content
FailleWeb — Your daily watch on web application security
FailleWeb Web security flaws, every day
CVE WordPress Frameworks Browsers Servers Best practices
Archives

All security alerts

29 alerts published · A daily watch on web application security

FreeBSD: a confidentiality flaw to fix quickly Servers
6 juillet 2026 ·CERT-FR · 4 min

FreeBSD: a confidentiality flaw to fix quickly

CERT-FR warns of a vulnerability in FreeBSD that could compromise data confidentiality. Patch to be applied quickly.

Read the article
MediaWiki fixes XSS flaws and data leakage Frameworks
6 juillet 2026 ·Debian Security Advisories · 4 min

MediaWiki fixes XSS flaws and data leakage

Debian has released a MediaWiki fix for several flaws that could lead to XSS and information disclosure on exposed wikis.

Read the article
Debian fixes critical Linux kernel flaws to watch Servers
22 juin 2026 ·Debian Security Advisories · 4 min

Debian fixes critical Linux kernel flaws to watch

Debian has released DSA-6355-1 to fix several Linux kernel flaws that could lead to privilege escalation, denial of service, or information leakage.

Read the article
FFmpeg fixes PixelSmash, an RCE threatening Jellyfin Servers
23 juin 2026 ·BleepingComputer · 4 min

FFmpeg fixes PixelSmash, an RCE threatening Jellyfin

FFmpeg fixes PixelSmash, a flaw that could lead to remote code execution on Jellyfin via video decoding. Update recommended.

Read the article
Moodle fixes several security flaws that need to be addressed quickly Frameworks
23 juin 2026 ·CERT-FR · 4 min

Moodle fixes several security flaws that need to be addressed quickly

CERT-FR warns of several vulnerabilities in Moodle that could cause denial of service, information disclosure, and other impacts depending on the versions.

Read the article
Cisco Unified CM: CVE-2026-20230 SSRF already exploited CVE
24 juin 2026 ·BleepingComputer · 4 min

Cisco Unified CM: CVE-2026-20230 SSRF already exploited

Cisco Unified CM fixes CVE-2026-20230, a high-severity SSRF flaw already being exploited that could expose internal services.

Read the article
Chrome fixes critical flaws in the desktop stable channel Browsers
24 juin 2026 ·Google Chrome Releases · 4 min

Chrome fixes critical flaws in the desktop stable channel

Google has released a security update for Chrome desktop stable that fixes several vulnerabilities that could lead to a crash or code execution.

Read the article
PHP 8.4 fixes several server-side risk vulnerabilities Servers
5 juillet 2026 ·Debian Security Advisories · 4 min

PHP 8.4 fixes several server-side risk vulnerabilities

Debian has released a security fix for PHP 8.4. Several vulnerabilities may affect confidentiality, integrity, and availability.

Read the article
OpenVPN fixes a critical server-side flaw Servers
5 juillet 2026 ·Debian Security Advisories · 4 min

OpenVPN fixes a critical server-side flaw

OpenVPN receives a server-side security fix via Debian. A flaw can expose VPN infrastructures and requires a rapid update.

Read the article
Lantronix EDS5000: critical flaw exploited, CISA warns Servers
25 juin 2026 ·The Hacker News · 4 min

Lantronix EDS5000: critical flaw exploited, CISA warns

CISA is warning about a critically severe flaw being actively exploited in Lantronix EDS5000, with a risk of code execution and device compromise.

Read the article
cURL and libcurl: multiple vulnerabilities to fix on the server side Servers
25 juin 2026 ·CERT-FR · 4 min

cURL and libcurl: multiple vulnerabilities to fix on the server side

CERT-FR warns of several vulnerabilities in cURL and libcurl that could cause denial of service, information disclosure, or other security issues.

Read the article
cpp-httplib: HTTP header injection to fix on the server side Servers
26 juin 2026 ·Ubuntu Security Notices · 4 min

cpp-httplib: HTTP header injection to fix on the server side

A flaw in cpp-httplib allows HTTP header injection via percent-decoding. Exposed C++ servers and tools should be updated.

Read the article
xrdp fixes critical remote pre-auth flaws Servers
26 juin 2026 ·Ubuntu Security Notices · 4 min

xrdp fixes critical remote pre-auth flaws

xrdp fixes several pre-authentication flaws that could lead to code execution or denial of service on Linux servers exposed over RDP.

Read the article
PTC Windchill: critical RCE exploited, CISA mandates patching CVE
27 juin 2026 ·The Hacker News · 4 min

PTC Windchill: critical RCE exploited, CISA mandates patching

CISA is warning about a critical PTC Windchill RCE flaw already being exploited via web shells. Exposed servers must be patched without delay.

Read the article
FatFs: 7 flaws affect millions of embedded devices CVE
4 juillet 2026 ·The Hacker News · 5 min

FatFs: 7 flaws affect millions of embedded devices

Seven vulnerabilities in FatFs expose millions of embedded devices to memory corruption, crashes, and possible code execution.

Read the article
Bad Epoll: CVE-2026-46242 gives root on Linux Servers
4 juillet 2026 ·The Hacker News · 4 min

Bad Epoll: CVE-2026-46242 gives root on Linux

The Linux flaw CVE-2026-46242 allows a local unprivileged user to obtain root privileges on Linux servers and Android devices.

Read the article
Tenable Nessus: SQLi flaws to fix without delay Servers
27 juin 2026 ·CERT-FR · 4 min

Tenable Nessus: SQLi flaws to fix without delay

CERT-FR warns of several vulnerabilities in Tenable Nessus, including SQL injections that could compromise the platform’s integrity.

Read the article
Amazon Q Developer: booby-trapped repository, code execution, and AWS theft Frameworks
28 juin 2026 ·The Hacker News · 4 min

Amazon Q Developer: booby-trapped repository, code execution, and AWS theft

A flaw in Amazon Q Developer allowed a malicious repository to execute commands and steal cloud credentials via booby-trapped MCP configs.

Read the article
Linux: CVE-2026-46331 opens the way to local root Servers
28 juin 2026 ·The Hacker News · 4 min

Linux: CVE-2026-46331 opens the way to local root

The CVE-2026-46331 flaw in the Linux kernel allows an unprivileged local user to obtain root privileges on affected systems.

Read the article
Booby-trapped GitHub repository: AI agents execute malware Best practices
29 juin 2026 ·BleepingComputer · 5 min

Booby-trapped GitHub repository: AI agents execute malware

An apparently healthy GitHub repository can push AI coding agents to execute malware during setup, with a risk of secret theft and CI/CD compromise.

Read the article
libssh2 CVE-2026-55200: Public PoC for a Critical Flaw CVE
29 juin 2026 ·The Hacker News · 4 min

libssh2 CVE-2026-55200: Public PoC for a Critical Flaw

A public PoC targets libssh2 via a malicious SSH server and can trigger client-side memory corruption. Update quickly.

Read the article
nghttp2/nghttpx: an HTTP/1.1 flaw can bring down the proxy Servers
3 juillet 2026 ·Ubuntu Security Notices · 4 min

nghttp2/nghttpx: an HTTP/1.1 flaw can bring down the proxy

A flaw in nghttp2/nghttpx allows a remote attacker to cause a denial of service via improperly handled HTTP/1.1 Upgrade requests.

Read the article
SharePoint: May RCE now actively exploited CVE
3 juillet 2026 ·BleepingComputer · 4 min

SharePoint: May RCE now actively exploited

CISA warns that a Microsoft SharePoint RCE flaw, patched in May, is now being actively exploited. Admins and CISOs should verify exposure and apply the patch.

Read the article
Oracle E-Business Suite: CVE-2026-46817 actively exploited CVE
30 juin 2026 ·The Hacker News · 4 min

Oracle E-Business Suite: CVE-2026-46817 actively exploited

Oracle E-Business Suite is targeted by CVE-2026-46817, a critical flaw actively exploited that could compromise the financial application.

Read the article
LoadMaster: Critical pre-auth root RCE to patch urgently Servers
30 juin 2026 ·The Hacker News · 4 min

LoadMaster: Critical pre-auth root RCE to patch urgently

A critical flaw in Progress Kemp LoadMaster could allow unauthenticated root command execution on the appliance.

Read the article
Citrix NetScaler fixes 6 critical flaws in ADC and Gateway Servers
1 juillet 2026 ·The Hacker News · 4 min

Citrix NetScaler fixes 6 critical flaws in ADC and Gateway

Citrix has released fixes for six flaws in NetScaler ADC and Gateway, including file read and denial-of-service issues on exposed appliances.

Read the article
Adobe ColdFusion: 7 critical vulnerabilities to patch urgently Frameworks
1 juillet 2026 ·BleepingComputer · 5 min

Adobe ColdFusion: 7 critical vulnerabilities to patch urgently

Adobe fixes seven maximum-severity flaws in ColdFusion and Campaign Classic, with risk of code execution and server compromise.

Read the article
SharePoint CVE-2026-45659: Active RCE, CISA Sounds the Alarm CVE
2 juillet 2026 ·The Hacker News · 4 min

SharePoint CVE-2026-45659: Active RCE, CISA Sounds the Alarm

The RCE flaw CVE-2026-45659 in Microsoft SharePoint Server is now being actively exploited. Admins and CISOs must patch without delay.

Read the article
Argo CD: an unpatched flaw threatens Kubernetes clusters Servers
July 2, 2026 ·The Hacker News · 6 min

Argo CD: an unpatched flaw threatens Kubernetes clusters

An unpatched flaw in the Argo CD repo-server could let an unauthenticated attacker compromise Kubernetes clusters.

Read the article