Published threat advisories for May 11, 2026

Vaultwarden, a password manager, has a critical flaw where attackers can bypass login protections and guess passwords, even if you don't use 2FA. Update immediately to protect your accounts.

NVD published: May 11, 2026

DeepChat AI has a critical flaw allowing attackers to run malicious code on your systems by tricking users into viewing a specially crafted image. This impacts internet-facing systems and requires immediate attention.

NVD published: May 11, 2026

An external attacker can exploit a security flaw in the DeepChat AI platform to run unauthorized commands on a user's computer. This could result in a full system compromise when a user interacts with a malicious link generated by an untrusted AI response.

NVD published: May 11, 2026

An authentication bypass in oxyno-zeta/s3-proxy lets attackers read or change your sensitive S3 data from anywhere on the internet. Upgrade immediately.

NVD published: May 11, 2026

SOCFortress CoPilot has a critical flaw allowing attackers to gain full admin control and manage all your security tools without any credentials by forging login tokens.

NVD published: May 11, 2026

An external attacker could exploit a flaw in FireFighter to trick the system into revealing sensitive cloud credentials. This could lead to unauthorized access to your organization's cloud environment and stored data.

NVD published: May 11, 2026

HireFlow v1.2 has a critical flaw allowing anyone to log in or steal all your data by exploiting how it handles search and login requests. This means private information could be exposed.

NVD published: May 11, 2026

An internal attacker could gain admin access to Grav CMS by exploiting a flaw in the API plugin, allowing them to control the entire system and access sensitive data.

NVD published: May 11, 2026

An external attacker could execute commands on your system by exploiting a flaw in pgAdmin 4, potentially leading to the compromise of sensitive database credentials.

NVD published: May 11, 2026

An internal attacker exploiting pgAdmin 4 could read sensitive files or access internal systems. This matters to the business as it could lead to unauthorized access or compromise of the system.

NVD published: May 11, 2026

An internal attacker with a pgAdmin 4 account can exploit this flaw to steal sensitive database credentials and view private server data. This could allow unauthorized access to database systems and facilitate a full compromise of internal business information.

NVD published: May 11, 2026

A serious flaw in Angular Expressions, used by many web applications, lets attackers run any code on your system. Update now to prevent complete takeover.

NVD published: May 11, 2026

An attacker can gain full administrative control of Grav websites by exploiting a flaw in the registration process. This allows anyone to become an administrator, putting your website's security at risk.

NVD published: May 11, 2026

An internal attacker with administrative access can exploit the Grav platform's installation tool to run malicious code on the server. This could allow them to take full control of the system and access sensitive site data.

NVD published: May 11, 2026

An external attacker could exploit WSO2 Identity Server to gain unauthorized access to other organizations' accounts by manipulating authentication logic. This matters because it could lead to account takeover and access to sensitive information.

NVD published: May 11, 2026

WSO2 Identity Server can be taken offline by attackers sending too many bad login attempts. This vulnerability directly impacts service availability for users, especially for those relying on the Magic Link authentication method.

NVD published: May 11, 2026

An external attacker can exploit a flaw in Dell ECS and ObjectScale by injecting malicious strings into data that the application includes in reports. If a user opens these generated files, the attacker could gain unauthorized command execution, potentially compromising stored data and credentials.

NVD published: May 11, 2026