{"vulnerability": "cve-2026-4223", "sightings": [{"uuid": "41420e10-bb25-4f29-bfa7-e1d323acd50a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42232", "type": "seen", "source": "https://bsky.app/profile/cyberlensai.bsky.social/post/3mkysuwbk3e2z", "content": "Fresh CVE alert: CVE-2026-42232 Security Alert: CRITICAL Vulnerability\n\nCVE-2026-42232 CRITICAL alert. Immediate action\u2026\n\nhttps://cyberlensai.com/news/security-alert-cve-2026-42232\n\n#CyberSecurity #AppSec #VulnerabilityManagement", "creation_timestamp": "2026-05-04T04:17:35.264830Z"}, {"uuid": "141e4ac8-5f5f-4451-b602-e63869d8cc08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4223", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mhiohd3eru2q", "content": "", "creation_timestamp": "2026-03-20T14:00:13.295815Z"}, {"uuid": "58d73408-d36e-431e-8efe-2ab156abb333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42231", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2kgiomm52p", "content": "CVE-2026-42231 - n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE\nCVE ID : CVE-2026-42231\n \n Published : May 4, 2026, 7:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and ...", "creation_timestamp": "2026-05-04T20:51:43.492861Z"}, {"uuid": "1d9505bf-9afd-409d-9a68-85f3ce54f27a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42236", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2kph5rca2h", "content": "CVE-2026-42236 - n8n: Unauthenticated Denial of Service via MCP Client Registration\nCVE ID : CVE-2026-42236\n \n Published : May 4, 2026, 7:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, an...", "creation_timestamp": "2026-05-04T20:56:41.255690Z"}, {"uuid": "895a79c7-ced5-4f09-b32d-11a04109e42c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42232", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2lbe4trm2t", "content": "CVE-2026-42232 - n8n: XML Node Prototype Pollution to RCE\nCVE ID : CVE-2026-42232\n \n Published : May 4, 2026, 7:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated...", "creation_timestamp": "2026-05-04T21:06:42.142325Z"}, {"uuid": "76d54b4c-b01c-44a8-8d0b-4092a67285d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42235", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2lkclquk2r", "content": "CVE-2026-42235 - n8n: XSS via MCP OAuth client\nCVE ID : CVE-2026-42235\n \n Published : May 4, 2026, 7:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker...", "creation_timestamp": "2026-05-04T21:11:42.192045Z"}, {"uuid": "3cf8a189-7afc-45bc-b212-62f55adfc699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42238", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2qxefyhg2p", "content": "CVE-2026-42238 - Unauthenticated Remote Code Execution via Backup Restore in nginx-ui\nCVE ID : CVE-2026-42238\n \n Published : May 4, 2026, 9:16 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx...", "creation_timestamp": "2026-05-04T22:48:29.253183Z"}, {"uuid": "53f28ad9-ea20-4ae5-a88b-79d7505ecaa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42238", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3ml2uyhgrmv2p", "content": "CRITICAL vuln in 0xJacky nginx-ui (<2.3.8): Unauthenticated backup restore on fresh start enables remote code execution as root. Upgrade to 2.3.8 ASAP! \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-42238-cwe-94-improper-control-of-generati-88b6fe8d #OffSeq #nginx #security", "creation_timestamp": "2026-05-05T00:00:41.488271Z"}, {"uuid": "48d92cb9-22ae-4191-9819-1657508ecda8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42238", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116519025945473134", "content": "\ud83d\udd25 CRITICAL: CVE-2026-42238 in 0xJacky nginx-ui (<2.3.8) lets remote attackers gain root by exploiting an unauthenticated backup restore endpoint in the first 10 min. Patch to 2.3.8 now! https://radar.offseq.com/threat/cve-2026-42238-cwe-94-improper-control-of-generati-88b6fe8d #OffSeq #nginx #infosec #vuln", "creation_timestamp": "2026-05-05T00:00:42.224154Z"}, {"uuid": "f6d122d7-3e1c-4466-9306-5ded465691c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42239", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlc25mkshw2c", "content": "\ud83d\udfe0 CVE-2026-42239 - High (8.1)\n\nBudibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42239/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-07T20:21:41.335403Z"}, {"uuid": "52892ae9-61e9-40b0-8e31-0be517de528e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42231", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-critical-vulnerabilities-n8n-patch-immediately-0", "content": "", "creation_timestamp": "2026-05-05T07:14:35.000000Z"}, {"uuid": "e5f61500-29ba-4adc-ad17-4b3a1414054f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42232", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-critical-vulnerabilities-n8n-patch-immediately-0", "content": "", "creation_timestamp": "2026-05-05T07:14:35.000000Z"}, {"uuid": "7f2b9704-8dbf-4db5-b4ea-3037a76fffea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42239", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlce3y55ga2k", "content": "CVE-2026-42239 - Budibase auth session cookies are set with httpOnly:false \u2014 any XSS can lead to full account takeover\nCVE ID : CVE-2026-42239\n \n Published : May 7, 2026, 8:16 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to...", "creation_timestamp": "2026-05-07T23:19:43.425425Z"}, {"uuid": "4f7d0e28-9e08-40ea-92b9-d955f8cea98e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42231", "type": "seen", "source": "https://www.acn.gov.it/portale/w/n8n-poc-pubblico-per-lo-sfruttamento-della-cve-2026-42231", "content": "", "creation_timestamp": "2026-05-11T03:41:08.000000Z"}, {"uuid": "617d3553-c111-4e8f-b574-5fee212a5d0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42236", "type": "seen", "source": "https://t.me/true_secator/8200", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n\n1. Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 FortiSandbox \u0438 FortiAuthenticator, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438\u043b\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0431\u0435\u0437 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u041f\u0435\u0440\u0432\u0430\u044f CVE-2026-44277 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 FortiAuthenticator \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0435\u0439 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (IAM) \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 FortiAuthenticator 6.5.7, 6.6.9 \u0438 8.0.3.\n\nFortinet \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 (CVE-2026-26083), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 FortiSandbox, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u0433\u0440\u043e\u0437\u044b \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445, \u043d\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b Fortinet \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 ransomware-\u0430\u0442\u0430\u043a\u0430\u0445\u00a0\u0438\u00a0\u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0430\u0436\u0435.\n\n2. Exim \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\nCVE-2026-45185 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Dead.Letter) \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0438\u043f\u0430 \u00ab\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f\u00bb \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0442\u0435\u043b\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f Exim \u043f\u0440\u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0435 \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (BDAT) \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 TLS-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e GnuTLS.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Exim, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 4.97 \u0438 \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u044f 4.99.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043e\u043d\u0430 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u0431\u043e\u0440\u043e\u043a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 USE_GNUTLS=yes, \u0442\u043e \u0435\u0441\u0442\u044c \u0441\u0431\u043e\u0440\u043a\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 TLS, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a OpenSSL, \u043d\u0435 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b.\n\n3. \u041f\u043e\u043b\u044c\u0441\u043a\u0438\u0439 CERT \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0434\u0432\u0435 XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u0431\u0443\u0447\u0435\u043d\u0438\u0435\u043c ATutor, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0431\u0443\u0434\u0443\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043f\u0440\u043e\u0435\u043a\u0442 \u0437\u0430\u0431\u0440\u043e\u0448\u0435\u043d \u0443\u0436\u0435 \u0432\u043e\u0441\u0435\u043c\u044c \u043b\u0435\u0442.\n\n4. Raelize \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 Claude \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0438 \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043e\u0448\u0438\u0431\u043e\u043a \u0438 \u043e\u0431\u0445\u043e\u0434\u0430 Secure Boot, \u0447\u0442\u043e, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u00ab\u043f\u0435\u0440\u0432\u043e\u0439 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u043e\u0439 \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043e\u0448\u0438\u0431\u043e\u043a, \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u0439 \u0418\u0418.\n\n5. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u041a\u0438\u043c \u0414\u0432\u0430\u0448 \u0440\u0430\u0441\u043a\u0440\u044b\u043b GhostLock - \u043d\u043e\u0432\u0443\u044e \u0442\u0435\u0445\u043d\u0438\u043a\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u043d\u0430 \u043d\u0435\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u0441\u0440\u043e\u043a \u0432\u043d\u0443\u0442\u0440\u0438 \u0441\u0435\u0442\u0435\u0439 Windows (\u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC).\n\n\u0422\u0435\u0445\u043d\u0438\u043a\u0430 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u0430 \u043d\u0430 API Windows \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0435\u0441\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0434\u043e\u043c\u0435\u043d\u0430 Windows \u0438\u043c\u0435\u0435\u0442 \u043d\u0438\u0437\u043a\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043e\u0431\u044b\u0447\u043d\u043e\u0439 \u043e\u0431\u0449\u0435\u0439 \u043f\u0430\u043f\u043a\u0435 SMB. GhostLock \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u0435, \u043d\u0435 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043d\u0430 \u0434\u0438\u0441\u043a \u0438 \u043d\u0435 \u0432\u044b\u0434\u0430\u0435\u0442 \u0441\u0438\u0433\u043d\u0430\u043b\u043e\u0432 \u0434\u043b\u044f \u043e\u0431\u044b\u0447\u043d\u044b\u0445 EDR.\n\n6. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 n8n AI \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0441\u0447\u0435\u0440\u043f\u0430\u0442\u044c \u0435\u0433\u043e \u043f\u0430\u043c\u044f\u0442\u044c \u0438 \u0437\u0430\u043f\u0440\u0435\u0442\u0438\u0442\u044c \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0435 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-42236 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043f\u0440\u043e\u0437\u0432\u0438\u0449\u0435 OverDoS.\n\n7. Microsoft \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u043d\u043e\u0432\u0443\u044e \u043c\u043d\u043e\u0433\u043e\u043c\u043e\u0434\u0435\u043b\u044c\u043d\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0418\u0418 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c\u00a0MDASH, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0443\u044e \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u041f\u0440\u0438\u0447\u0435\u043c MDASH \u0443\u0436\u0435 \u043f\u0440\u043e\u0448\u0435\u043b \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443, \u0432\u044b\u044f\u0432\u0438\u0432 16 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 Patch Tuesday \u044d\u0442\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430.\u00a0\n\n8. Palo Alto Networks \u043e\u0431\u044b\u0447\u043d\u043e \u043f\u0443\u0431\u043b\u0438\u043a\u0443\u0435\u0442 5-10 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0432 \u043c\u0435\u0441\u044f\u0446. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u0441\u0440\u0435\u0434\u0443 \u043e\u043d\u0430 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 26 \u043d\u043e\u0432\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 (\u0434\u043b\u044f 75 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439), \u0447\u0442\u043e \u0441\u0442\u0430\u043b\u043e \u0440\u0435\u043a\u043e\u0440\u0434\u043e\u043c \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c\u0443 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044e \u043f\u0435\u0440\u0435\u0434\u043e\u0432\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0418\u0418, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a Mythos.\n\nPalo Alto Networks \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0430 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u043c\u043e\u0434\u0435\u043b\u0438 \u0418\u0418 \u043d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0432 \u0436\u0438\u0437\u043d\u0435\u043d\u043d\u044b\u0439 \u0446\u0438\u043a\u043b \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u041f\u041e, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u043f\u043e\u043f\u0430\u0434\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0436\u0438\u0434\u0430\u044e\u0442 \u043a\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0443\u0432\u0435\u043b\u0438\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u043c\u0435\u0440\u0435 \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u044f \u0418\u0418-\u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u0437\u0430\u043c\u0435\u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0443 \u043d\u0438\u0445 \u0435\u0441\u0442\u044c \u0432\u0441\u0435\u0433\u043e 3-5 \u043c\u0435\u0441\u044f\u0446\u0435\u0432, \u0447\u0442\u043e\u0431\u044b \u043e\u043f\u0435\u0440\u0435\u0434\u0438\u0442\u044c \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u0438\u043a\u043e\u0432.", "creation_timestamp": "2026-05-13T18:30:06.000000Z"}, {"uuid": "8e12d262-0135-4b03-83bf-3239c5cac8d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42231", "type": "seen", "source": "https://social.tchncs.de/users/gborn/statuses/116560008049573466", "content": "Schwachstellen bei Apache und n8n\nhttps://borncity.com/blog/2026/05/11/schwachstellen-in-apache-cve-2026-23918-und-n8n-cve-2026-42231/", "creation_timestamp": "2026-05-12T05:42:57.328033Z"}, {"uuid": "138cbb0f-44be-475c-9d32-28853c2b4567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42239", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-4f9j-vr4p-642r", "content": "", "creation_timestamp": "2026-04-21T08:38:20.000000Z"}, {"uuid": "bbde21af-725e-4aac-8fae-25faf125cdf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42239", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnjekx7ogq25", "content": "\ud83d\udccc CVE-2026-42239 - Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly... https://www.cyberhub.blog/cves/CVE-2026-42239", "creation_timestamp": "2026-06-05T05:07:12.105720Z"}]}