Cyber Security Alerts

  1. Home
  2. »
  3. Cyber Alerts

Blueteq Cyber Alerts

Latest High & Critical Vulnerabilities

Blueteq’s Cyber Alerts keep watch so you don’t have to. We continuously monitor newly published critical and high-risk vulnerabilities, analysing emerging threats as they appear. This page provides clear visibility of the issues that matter most, helping you stay protected.

CVE ID :CVE-2026-53727 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and the @import-following branch of add_block!, issued HTTP and...Read more
Date: 2026-07-17
CVE ID :CVE-2026-54159 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module rebuilds selected search filters from the request URL,...Read more
Date: 2026-07-17
CVE ID :CVE-2026-48062 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the ext_in upload validation rule in system/Validation/StrictRules/FileRules.php checked the MIME-derived guessed extension instead of the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-13445 Published : July 17, 2026, 8:44 p.m. | 36 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying...Read more
Date: 2026-07-17
CVE ID :CVE-2026-13446 Published : July 17, 2026, 8:43 p.m. | 36 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8505 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8635 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8859 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-7755 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files. ...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8056 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8476 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads() function...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8481 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python...Read more
Date: 2026-07-17
CVE ID :CVE-2026-7667 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted...Read more
Date: 2026-07-17
CVE ID :CVE-2026-60137 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parameter of WP_Query, which could allow SQL Injection...Read more
Date: 2026-07-17
CVE ID :CVE-2026-50289 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces() on Linux is vulnerable to OS command injection through the Debian/Ubuntu...Read more
Date: 2026-07-17

Latest Vulnerabilities

CVE ID :CVE-2026-53727 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parser#read_remote_file in lib/css_parser/parser.rb, and therefore load_uri! and the @import-following branch of add_block!, issued HTTP and...Read more
Date: 2026-07-17
CVE ID :CVE-2026-54159 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module rebuilds selected search filters from the request URL,...Read more
Date: 2026-07-17
CVE ID :CVE-2026-48062 Published : July 17, 2026, 9:17 p.m. | 2 hours, 3 minutes ago Description :CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the ext_in upload validation rule in system/Validation/StrictRules/FileRules.php checked the MIME-derived guessed extension instead of the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-13445 Published : July 17, 2026, 8:44 p.m. | 36 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying...Read more
Date: 2026-07-17
CVE ID :CVE-2026-13446 Published : July 17, 2026, 8:43 p.m. | 36 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8505 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8635 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8859 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-7755 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files. ...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8056 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8476 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads() function...Read more
Date: 2026-07-17
CVE ID :CVE-2026-8481 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python...Read more
Date: 2026-07-17
CVE ID :CVE-2026-7667 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted...Read more
Date: 2026-07-17
CVE ID :CVE-2026-60137 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parameter of WP_Query, which could allow SQL Injection...Read more
Date: 2026-07-17
CVE ID :CVE-2026-50289 Published : July 17, 2026, 8:17 p.m. | 1 hour, 3 minutes ago Description :systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces() on Linux is vulnerable to OS command injection through the Debian/Ubuntu...Read more
Date: 2026-07-17

Blueteq provides remote IT support to many organisations, so even if your business falls outside this mapped area for a free IT assessment, we’d still welcome you getting in touch. We’re always here to help.

Blueteq Ltd
Unit A5,
Endeavour Business Park, Penner Road,
Havant,
PO9 1QN

Free IT assessment map

Blueteq provides remote IT support to many organisations, so even if your business falls outside this mapped area for a free IT assessment, we’d still welcome you getting in touch. We’re always here to help.

Blueteq Ltd
Unit A5,
Endeavour Business Park, Penner Road,
Havant,
PO9 1QN