News Security FFmpeg patches “PixelSmash” in MagicYUV: what users of media apps should know June 23, 2026 / June 23, 2026 by Alex Mira | Leave a Comment FFmpeg fixed “PixelSmash” (CVE-2026-8461) in the MagicYUV decoder, a flaw that can crash applications and, under specific conditions, enable RCE. A separate RASC decoder bug (CVE-2026-12706) can also cause crashes when parsing malicious AVI files. Read more » CVE-2026-12706 CVE-2026-8461 FFmpeg Jellyfin MagicYUV Media security Supply chain Vulnerabilities
News Critical auth bypass in Burst Statistics plugin puts 200,000 WordPress sites at risk June 2, 2026 / June 2, 2026 by Alex Mira | Leave a Comment A critical auth bypass in the Burst Statistics WordPress plugin (CVE-2026-8181) could let attackers impersonate admins via the REST API. A patch is available; update now. A separate low-severity bypass in Advanced Access Manager (CVE-2026-42674) is fixed in 7.1.1. Read more » Advanced Access Manager Authentication bypass Burst Statistics CVE-2026-8181 Patch management Vulnerabilities WordPress security
News Ubiquiti UniFi OS critical fixes: CVE-2026-33000 and related flaws May 22, 2026 / May 22, 2026 by Alex Mira | Leave a Comment Ubiquiti’s Security Advisory Bulletin 064 addresses multiple critical UniFi OS vulnerabilities, including CVE-2026-33000. Check your device model and update to the fixed versions listed by the vendor. Read more » cve Network Security Patching Ubiquiti UniFi OS Vulnerabilities
News Google briefly exposed details of an unfixed Chromium bug that can keep background scripts alive May 22, 2026 / May 22, 2026 by Alex Mira | Leave a Comment Reports indicate Google briefly exposed details—and even proof-of-concept code—about an unfixed Chromium issue that can keep JavaScript running in the background across Chromium-based browsers. Read more » Browser security Chromium Google Chrome Security news Service Workers Vulnerabilities
News SAP patches critical Commerce Cloud RCE and S/4HANA SQL injection (CVE-2026-34263, CVE-2026-34260) May 14, 2026 / May 14, 2026 by Alex Mira | Leave a Comment SAP’s May 2026 updates fix two critical issues: unauthenticated RCE in Commerce Cloud (CVE-2026-34263) and authenticated SQL injection in S/4HANA Enterprise Search (CVE-2026-34260). Read more » CVE-2026-34260 CVE-2026-34263 S/4HANA SAP SAP Commerce Cloud Security updates Vulnerabilities
News Ivanti EPMM updates address multiple flaws (CVE-2026-5786/5787/5788/6973/7821) May 10, 2026 / May 10, 2026 by Alex Mira | Leave a Comment Ivanti’s May 2026 advisory fixes five EPMM flaws spanning access control, certificate validation, and admin-level RCE prerequisites. Here’s what’s confirmed and what to do now. Read more » Access control Certificate validation CVE-2026-5786 EPMM Ivanti Security advisory Vulnerabilities
