The PgBouncer team released version 1.25.2 on May 8, 2026, addressing four distinct security vulnerabilities, CVE-2026-6664, CVE-2026-6665,...
John
John is an independent cybersecurity researcher covering vulnerabilities, malware campaigns, and emerging threats in the cybersecurity landscape.
A critical authentication bypass vulnerability (CVE-2026-41070) has been discovered in the openvpn-auth-oauth2 plugin, allowing unauthenticated VPN clients to gain...
A critical pre-authentication SQL injection vulnerability in BerriAI’s LiteLLM AI gateway, tracked as CVE-2026-42208, has been actively...
A high-severity filter-expression injection vulnerability in Spring AI’s MilvusVectorStore allows unauthenticated attackers to execute arbitrary delete operations,...
A critical information disclosure vulnerability in Azure DevOps on May 7, 2026, tracked as CVE-2026-42826, carrying a maximum...
A critical information disclosure vulnerability, CVE-2026-33823, in the Microsoft Teams Events Portal, which is assigned a near-maximum...
A critical information disclosure vulnerability, CVE-2026-33111, in Copilot Chat integrated into Microsoft Edge, allowing unauthenticated attackers to...
A critical cross-site scripting (XSS) vulnerability in Azure Machine Learning on May 7, 2026, tracked as CVE-2026-32207,...
A high-severity code injection vulnerability (CVE-2026-42214) has been disclosed in NotepadNext, the popular open-source cross-platform reimplementation of...
Microsoft has patched a critical elevation-of-privilege vulnerability (CVE-2026-41105) in the Azure Monitor Action Group notification system, rooted...
