Rapid7 Cybersecurity Blog & Latest Vulnerability News

Vulnerabilities and Exploits

CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation

Douglas McKee, Director, Vulnerability Intelligence

Vulnerabilities and Exploits

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Stephen Fewer

Vulnerabilities and Exploits

Authenticated RCE via Argument Injection in Gogs (NOT FIXED)

Jonah Burgess

Vulnerabilities and Exploits

CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)

Jonah Burgess, Stephen Fewer

Vulnerabilities and Exploits

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

Christopher O’Boyle

Vulnerabilities and Exploits

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

Douglas McKee, Director, Vulnerability Intelligence

Vulnerabilities and Exploits

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Stephen Fewer

Vulnerabilities and Exploits

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

Rapid7

Vulnerabilities and Exploits

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

Ryan Emmons

Vulnerabilities and Exploits

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Ryan Emmons

Vulnerabilities and Exploits

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Rapid7

Vulnerabilities and Exploits

Securden Unified PAM: Multiple Critical Vulnerabilities (FIXED)

Aaron Herndon, Marcus Chang

Vulnerabilities and Exploits

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

Calum Hutton

Vulnerabilities and Exploits

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

Deral Heiland

Vulnerabilities and Exploits

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Brandon Fisher

Vulnerabilities and Exploits

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Stephen Fewer

Vulnerabilities and Exploits

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

Anna Katarina Quinn

Threat Research

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Ryan Emmons

Vulnerabilities and Exploits

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

Deral Heiland

Threat Research

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)

Stephen Fewer

Vulnerabilities and Exploits

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

Stephen Fewer

The Rapid7 Blog:
Your Signal in the Security Noise

Featured posts

Introducing Rapid7 MDR for Microsoft

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

How Modern SOCs are Fighting against Alert Fatigue

Introducing Rapid7 MDR for Microsoft

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

How Modern SOCs are Fighting against Alert Fatigue

Categories

Popular Tags

CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Authenticated RCE via Argument Injection in Gogs (NOT FIXED)

CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Securden Unified PAM: Multiple Critical Vulnerabilities (FIXED)

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Rapid7 Blog:Your Signal in the Security Noise

Featured posts

Introducing Rapid7 MDR for Microsoft

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

How Modern SOCs are Fighting against Alert Fatigue

Introducing Rapid7 MDR for Microsoft

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone

How Modern SOCs are Fighting against Alert Fatigue

Categories

Categories

Popular Tags

Popular Tags

CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Authenticated RCE via Argument Injection in Gogs (NOT FIXED)

CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)

CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)

The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)

Securden Unified PAM: Multiple Critical Vulnerabilities (FIXED)

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)

CVE-2025-6759: Citrix Virtual Apps and Desktops - Local Privilege Escalation (FIXED)

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Rapid7 Blog:
Your Signal in the Security Noise