LiveThreat Vulnerabilities
// VULNERABILITY TRACKING

VULNERABILITY TRACKER

CVE tracking, CISA KEV alerts, and zero-day disclosures with third-party risk impact analysis.

Breaches Advisories Vulnerabilities 📡 RSS
Time: Severity: 1466 items
🛡️
High VulnerabilityLT BRIEFJul 10
‘Squidbleed’ Vulnerability in Squid Proxy Allows HTTP Request Leakage
A long‑standing bug in the Squid proxy (dubbed “Squidbleed”) can leak full HTTP request data to unauthenticated observers, posing a compliance risk for SOC 2 controls around data in transit and log protection.
Schneier on Security
🔧
Critical VulnerabilityLT BRIEFJul 10
Critical Stored XSS Flaw in Zimbra Classic Web Client Could Expose Mailboxes
Zimbra patched a critical stored XSS vulnerability in its Classic Web Client (v10.1.19) that could let malicious emails execute code and steal mailbox data. The flaw highlights the need for rapid patching and evidence‑dr…
Security Affairs
🛡️
High VulnerabilityLT BRIEFJul 10
AI Coding Assistants Can Be Tricked into Overwriting Sensitive Files via Fake Approval Prompts
Wiz researchers showed that six AI coding assistants can be duped into writing to privileged files like SSH keys while showing a harmless‑file name in the approval dialog. The flaw highlights a control‑gap that SOC 2 aud…
DataBreachToday
🛡️
High VulnerabilityLT BRIEFJul 10
Six New U‑Boot Flaws Enable Device Crashes or Code Execution at Boot
Binarly researchers disclosed six U‑Boot vulnerabilities that can crash devices or let attackers run code before the OS loads. The issue highlights the need for firmware‑integrity controls and SOC 2‑ready evidence of sec…
The Hacker News
🛡️
Critical VulnerabilityLT BRIEFJul 10
Critical Auth Bypass (CVE-2026-20896) in Gitea Docker Image Allows Unauthenticated User Impersonation
A critical authentication bypass (CVE-2026-20896) in the official Gitea Docker image enables attackers to impersonate any user, including admins, by exploiting default reverse‑proxy settings. This highlights the need for…
BleepingComputer
🛡️
High VulnerabilityLT BRIEFJul 10
Three Critical OpenClaw AI Assistant Flaws Enable Credential Theft and Host‑Side Code Execution
Researchers disclosed three high‑severity OpenClaw AI assistant vulnerabilities that could be chained to steal credentials, elevate privileges, and run arbitrary code. The issues highlight the need for continuous control…
The Hacker News
🔧
High VulnerabilityLT BRIEFJul 10
Zero‑Day XRING Flaw in Alibaba’s XQUIC Library Enables Remote Denial‑of‑Service of HTTP/3 Servers
A coding error in Alibaba’s XQUIC QUIC/HTTP‑3 library lets any remote client crash a server with a short burst of legitimate traffic, exposing a denial‑of‑service risk. For SOC 2‑ready organizations, the incident undersc…
The Hacker News
Critical VulnerabilityLT BRIEFJul 10
Zimbra Issues Critical Stored XSS Flaw in Classic Web Client – Patch Required Immediately
Zimbra disclosed a stored XSS vulnerability in its Classic Web Client that can steal session data when a malicious email is opened. The flaw underscores the need for robust SOC 2 access‑control and patch‑management evide…
BleepingComputer
🔧
Critical VulnerabilityLT BRIEFJul 10
Google Releases Two Chrome Updates in Two Days to Patch 27 Vulnerabilities, Including Two Critical Use‑After‑Free Flaws
Google issued back‑to‑back Chrome updates that close 27 security flaws, two of them critical use‑after‑free bugs. The rapid patch cycle illustrates why SOC 2‑ready organizations must maintain documented, continuously‑mon…
Malwarebytes Labs
🔧
High VulnerabilityLT BRIEFJul 10
Zero‑Day Race‑Condition Privilege Escalation (CVE‑2026‑50656) Discovered in Microsoft Defender
Researcher Nightmare‑Eclipse disclosed CVE‑2026‑50656, a race‑condition privilege‑escalation flaw in Microsoft Defender that can yield a system‑level shell. The vulnerability underscores the need for robust patch‑managem…
Help Net Security
🛡️
Critical VulnerabilityLT BRIEFJul 10
June 2026 CVE Landscape Reveals 60 High‑Impact Vulnerabilities, 23 in CISA KEV Catalog
Insikt Group reported 60 high‑impact CVEs for June 2026, including 23 listed in CISA’s KEV catalog. The breadth of affected vendors underscores the need for continuous vulnerability management as a SOC 2 control.
Recorded Future Feed
💥
High VulnerabilityLT BRIEFJul 09
Zero-Day Exploit in Windows Defender (RoguePlanet) Exposes Enterprises to Remote Code Execution
A researcher released a PoC for a critical Windows Defender vulnerability (RoguePlanet) that enables remote code execution. The flaw impacts any Windows 10/11 endpoint with Defender enabled, making it a prime SOC 2 contr…
Dark Reading
🛡️
High VulnerabilityLT BRIEFJul 09
Cisco Talos Discloses 18 New CVEs in WolfSSL, GeoVision, and VTK‑DICOM
Cisco Talos reported 18 new vulnerabilities affecting WolfSSL, GeoVision, and VTK‑DICOM, all of which have been patched. The breadth of flaws underscores the need for continuous control mapping and audit‑ready evidence i…
Cisco Talos Intelligence
🛡️
Critical VulnerabilityLT BRIEFJul 09
Critical Backdoor (CVE‑2026‑11405) in Tenda Router Firmware Allows Unauthenticated Admin Access
A hidden backdoor (CVE‑2026‑11405) in Tenda router firmware grants unauthenticated administrative access, and researchers have observed active exploitation. The flaw bypasses standard login checks, enabling full device a…
DataBreachToday
🛡️
CVE-2026-50656HighLT BRIEFJul 09
Local Privilege Escalation in Microsoft Defender (CVE‑2026‑50656) Enables SYSTEM Access on Windows 10/11
A newly disclosed Windows Defender flaw (CVE‑2026‑50656) lets authenticated attackers gain SYSTEM privileges on Windows 10/11. The vulnerability is patched, but compliance teams must prove timely remediation to satisfy S…
Help Net Security
🛡️
CVE-2026-14480CriticalLT BRIEFJul 09
Authenticated Arbitrary File Write in OpenPLC v3 (CVE‑2026‑14480) Enables Code Execution
OpenPLC Runtime v3 allows an authenticated attacker to write arbitrary files via its web UI, leading to native code execution. For SOC 2‑ready organizations, the flaw highlights a control‑mapping gap that must be documen…
CISA Advisories
🛡️
CVE-2026-2399MediumLT BRIEFJul 09
Path Traversal & Multiple Input Validation Flaws in Schneider Electric PowerChute Serial Shutdown (CVE‑2026‑2399) Threaten Critical Infrastructure
Schneider Electric PowerChute Serial Shutdown versions ≤1.4 contain a path‑traversal and several input‑validation bugs (CVE‑2026‑2399) that could let attackers overwrite files, inject log data, or cause denial‑of‑service…
CISA Advisories
💥
Critical VulnerabilityLT BRIEFJul 09
Zero‑Day Elevation‑of‑Privilege Vulnerability in Microsoft Defender (CVE‑2026‑50656) Patched
Microsoft released an update that fixes CVE‑2026‑50656, an elevation‑of‑privilege bug in Defender that could let a standard user obtain SYSTEM rights. The fix underscores the need for continuous patch‑management evidence…
Malwarebytes Labs
🛡️
High VulnerabilityLT BRIEFJul 09
Symlink Flaws in GhostApproval Feature Allow AI Coding Assistants to Write Outside Designated Workspaces
Wiz identified symlink vulnerabilities in the GhostApproval component of leading AI coding assistants that can bypass approval checks and write to arbitrary files, potentially exposing sensitive code or credentials. For …
HackRead
🛡️
CVE-2026-50656HighLT BRIEFJul 09
Local Privilege Escalation in Microsoft Defender (CVE‑2026‑50656) Enables RoguePlanet Attack
Microsoft disclosed CVE‑2026‑50656, a race‑condition flaw in the Malware Protection Engine that allows local attackers to obtain SYSTEM‑level privileges. The vulnerability underscores the need for robust access‑control m…
Security Affairs
⬆️
CVE-2026-50656HighLT BRIEFJul 09
Privilege Escalation in Microsoft Defender (CVE-2026-50656) Allows SYSTEM-Level Access
Microsoft released patches for the RoguePlanet flaw (CVE‑2026‑50656), a privilege‑escalation bug in Defender’s mpengine.dll that can grant SYSTEM privileges. The CVSS score is 7.8. For SOC 2‑compliant organizations, time…
The Hacker News
🛡️
Critical VulnerabilityJul 09
Hidden Backdoor in Tenda Router Firmware
Unauthenticated Flaw Allows Full Router, Network Takeover A hidden backdoor, disclosed by CERT/CC and found in multiple firmware versions made by Chinese manufacturer Tenda, bypasses authentication and could grant attac…
DataBreachToday
💥
Critical VulnerabilityLT BRIEFJul 09
Microsoft Patches Critical Defender Zero‑Day (CVE‑2026‑50656) Allowing SYSTEM‑Level Code Execution
Microsoft released a patch for CVE‑2026‑50656, a Defender race‑condition that grants SYSTEM privileges on Windows 10/11. The fix is a core SOC 2 audit requirement for endpoint security and continuous compliance.
BleepingComputer
🛡️
High VulnerabilityLT BRIEFJul 09
AI Coding Agents Claude Code & Codex Vulnerable to “Friendly Fire” Exploit That Executes Malicious Code
Researchers proved that Anthropic’s Claude Code and OpenAI’s Codex can be tricked into executing malicious code when run in autonomous mode. The flaw highlights the need for robust third‑party risk and SOC 2 controls aro…
The Hacker News
🛡️
Critical VulnerabilityLT BRIEFJul 09
Symlink Flaws in Six AI Coding Assistants Enable Malicious Code Execution
Wiz researchers uncovered a symlink vulnerability in six AI coding assistants that can redirect benign file edits to sensitive system files, enabling arbitrary code execution on developers' machines. The issue highlights…
The Hacker News
Page 1 of 59