Cyber Security Alerts
Blueteq Cyber Alerts
Latest High & Critical Vulnerabilities
Blueteq’s Cyber Alerts keep watch so you don’t have to. We continuously monitor newly published critical and high-risk vulnerabilities, analysing emerging threats as they appear. This page provides clear visibility of the issues that matter most, helping you stay protected.
CVE ID : CVE-2026-27975 Published : 26 Feb 2026, 3:16 a.m. | 6 hours, 1 minute ago Description : Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server....Read more
Date: 2026-02-26
CVE ID : CVE-2026-1779 Published : 26 Feb 2026, 3:16 a.m. | 6 hours, 1 minute ago Description : The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function....Read more
Date: 2026-02-26
CVE ID : CVE-2026-27969 Published : Feb. 26, 2026, 2:16 a.m. | 5 hours, 1 minute ago Description : Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket)...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27961 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27965 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27966 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27941 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27952 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27899 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27946 Published : Feb. 26, 2026, 1:16 a.m. | 1 hour, 59 minutes ago Description : ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27830 Published : Feb. 26, 2026, 1:16 a.m. | 1 hour, 59 minutes ago Description : c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually represents...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27976 Published : Feb. 26, 2026, 12:16 a.m. | 2 hours, 59 minutes ago Description : Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27812 Published : Feb. 26, 2026, 12:16 a.m. | 2 hours, 59 minutes ago Description : Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning...Read more
Date: 2026-02-26
CVE-2026-27818 - TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist
CVE ID : CVE-2026-27818 Published : Feb. 26, 2026, 12:16 a.m. | 2 hours, 59 minutes ago Description : TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27804 Published : Feb. 26, 2026, 12:16 a.m. | 59 minutes ago Description : Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google...Read more
Date: 2026-02-26
Latest Vulnerabilities
CVE ID : CVE-2026-27975 Published : 26 Feb 2026, 3:16 a.m. | 6 hours, 1 minute ago Description : Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server....Read more
Date: 2026-02-26
CVE ID : CVE-2026-1779 Published : 26 Feb 2026, 3:16 a.m. | 6 hours, 1 minute ago Description : The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function....Read more
Date: 2026-02-26
CVE ID : CVE-2026-27969 Published : Feb. 26, 2026, 2:16 a.m. | 5 hours, 1 minute ago Description : Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket)...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27961 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27965 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27966 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes `allow_dangerous_code=True`, which automatically exposes LangChain’s Python REPL tool...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27941 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the `pull_request_target` event while checking out and executing untrusted...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27952 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27899 Published : Feb. 26, 2026, 2:16 a.m. | 59 minutes ago Description : WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27946 Published : Feb. 26, 2026, 1:16 a.m. | 1 hour, 59 minutes ago Description : ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27830 Published : Feb. 26, 2026, 1:16 a.m. | 1 hour, 59 minutes ago Description : c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually represents...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27976 Published : Feb. 26, 2026, 12:16 a.m. | 2 hours, 59 minutes ago Description : Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27812 Published : Feb. 26, 2026, 12:16 a.m. | 2 hours, 59 minutes ago Description : Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning...Read more
Date: 2026-02-26
CVE-2026-27818 - TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist
CVE ID : CVE-2026-27818 Published : Feb. 26, 2026, 12:16 a.m. | 2 hours, 59 minutes ago Description : TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains...Read more
Date: 2026-02-26
CVE ID : CVE-2026-27804 Published : Feb. 26, 2026, 12:16 a.m. | 59 minutes ago Description : Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google...Read more
Date: 2026-02-26