Vulnerability Intelligence Archives - Page 20 of 22

Taiwan CERT warns of critical unauthenticated API flaw in GCB/FCB government-finance security audit software (CVE-2026-4312)

TWCERT/CC disclosed a critical “Missing Authentication” vulnerability in Chunghwa Long Network’s GCB/FCB government/financial cybersecurity configuration audit software. The issue allows a remote, unauthenticated attacker to use an API function to create a new administrator-privileged account. Affected deployments are versions prior to 20260108; users are advised to upgrade to 20260108 or later. Read more

May 13, 2026 AI Security Cloud Security Incidents & Breaches Vulnerability Intelligence

Microsoft May 2026 Patch Tuesday: 137 Microsoft CVEs disclosed; 13 flagged as likely exploitation targets

Microsoft’s May 12, 2026 Patch Tuesday release disclosed 137 CVEs across Microsoft products (down from 165 the prior month, per iThome). Including third‑party component fixes Microsoft shipped, the total reaches 265 vulnerabilities. iThome highlights 13 vulnerabilities Microsoft assessed as more likely to be targeted by attackers; most are elevation-of-privilege issues across Windows components, plus two Word remote code execution bugs. Four of the 13 are rated Critical, and the highest CVSS score called out is 9.1 for a Microsoft Single Sign-On (SSO) plugin used with Jira and Confluence. Read more

May 13, 2026May 13, 2026 AI Security Cloud Security Identity & Governance Vulnerability Intelligence

Claude Chrome Extension Vulnerability Permits Unauthorized AI Hijacking

Security researchers at LayerX have identified a design flaw dubbed 'ClaudeBleed' in the Claude in Chrome extension. The vulnerability allows malicious extensions with zero permissions to inject commands and hijack the Claude AI agent, potentially leading to unauthorized data exfiltration and sensitive cross-site operations. Read more

May 13, 2026May 13, 2026 AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

Dual High-Severity Vulnerabilities Identified in SunNet Corporate Training and Performance Management Systems

Taiwan's TWCERT/CC has disclosed two high-severity security vulnerabilities affecting SunNet's Corporate Training Management System (CTMS) and Corporate Appraisal Performance System (CAPS). These flaws include a SQL injection vulnerability and an arbitrary file upload weakness that could lead to full system compromise. Read more

May 13, 2026 AI Infrastructure Risk Cloud Security Identity & Governance Vulnerability Intelligence

Taiwan CERT warns of two high-severity flaws in Galaxia Info’s Vitals ESP (≤ 6.3)

TWCERT/CC published a Taiwan Vulnerability Note (TVN-202603007) describing two high-severity vulnerabilities affecting Galaxia Information’s Vitals ESP up to and including version 6.3. One issue could allow an authenticated remote attacker to perform some admin functions and escalate privileges (CVE-2026-4639, CVSS 8.8). The other could allow an unauthenticated remote attacker to access some functions and obtain sensitive information (CVE-2026-4640, CVSS 7.5). TWCERT/CC advises customers to contact the vendor for a patch. Read more

May 13, 2026May 13, 2026 AI Infrastructure Risk Identity & Governance Incidents & Breaches Vulnerability Intelligence

Adobe Issues May Security Updates for 52 Vulnerabilities, Prioritizes Commerce Platforms

Adobe released its May routine security updates addressing 52 vulnerabilities across 10 application systems, with a particular emphasis on critical patches for the Adobe Commerce (Magento) e-commerce platform and high-risk flaws in Adobe Connect. Read more

May 13, 2026May 13, 2026 AI Infrastructure Risk Identity & Governance Vulnerability Intelligence

IDOR Vulnerability in Sun Rise School Management App Exposes Student and User Data

A high-severity Insecure Direct Object Reference (IDOR) vulnerability has been identified in the 'App好校通' (App School Link) mobile application developed by Sun Rise Technology, potentially allowing authenticated users to access and modify unauthorized records. Read more

May 13, 2026 Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

Taiwan CERT warns of two medium-severity a+HRD flaws enabling authenticated database read via SQL injection and missing authorization

TWCERT/CC published a Taiwan Vulnerability Note (TVN-202604004) for two vulnerabilities affecting Yuqi Digital Technology’s a+HRD product in versions 7.1 and earlier. The issues—SQL injection (CVE-2026-6833) and missing authorization (CVE-2026-6834)—could allow an authenticated remote attacker to read database contents. TWCERT/CC advises upgrading to a patched release referenced by the vendor’s security notice. Read more

May 13, 2026 AI Infrastructure Risk Identity & Governance Vulnerability Intelligence

Taiwan CERT warns of high-severity arbitrary file write in Gigabyte Control Center (CVE-2026-4415)

TWCERT/CC published a Taiwan Vulnerability Note for a high-severity arbitrary file write flaw in Gigabyte Control Center. The advisory says that when the product’s pairing function is enabled, an unauthenticated remote attacker could write arbitrary files to any OS path, potentially enabling code execution or privilege escalation. Gigabyte Control Center versions up to 25.07.21.01 are listed as affected, and upgrading to 25.12.10.01 or later is recommended. Read more

May 13, 2026 AI Infrastructure Risk Identity & Governance Vulnerability Intelligence

Taiwan CERT warns of arbitrary file upload flaw in a+HCM (CVE-2026-6835) enabling unauthenticated uploads

TWCERT/CC published a vulnerability note for an arbitrary file upload issue in Digiwin (育碁數位科技) a+HCM affecting versions up to and including 8.1. The note states an unauthenticated remote attacker could upload arbitrary files to arbitrary paths, including HTML files that could produce XSS-like effects. TWCERT/CC rates the issue CVSS 6.1 (Medium) and points users to the vendor’s security notice and patches. Read more