Netcrook
Vulnerabilities & Patch Management / Europe
Critical MISP Flaw Puts Shared Threat Intelligence Under Pressure
A critical vulnerability notice in MISP Project is a reminder that the systems defenders use to share intelligence can become high-value security targets themselves.
MariaDB’s Replication Layer Lands in the Hot Seat After Three Severe Flaws Surface
A critical bug and two high-severity issues in Galera turn a routine database update into a cluster trust problem, where one weak link can matter to every node.
A Cache Booster, a Serialization Trap, and a Magento Code-Execution Risk
A flaw in Mirasvit’s Full Page Cache Warmer extension shows how a performance add-on can become a security-sensitive entry point when untrusted PHP objects reach deserialization code.
Magento Cache Warmer Disclosure Puts a High-Trust Extension Under the Microscope
A critical pre-authentication code execution flaw tied to a Magento and Adobe Commerce cache extension shows how performance tooling can become a frontline security problem.
Inside Plesk’s Quietest Weak Spot: A Search Feature That Could Turn into Server Commands
A critical flaw tracked as CVE-2026-44962 shows how a low-privilege search path in a hosting control panel can cross a hard boundary and reach the operating system.
Plesk patches a privilege-escalation flaw inside APS Catalog
A security update closed a post-authentication weakness in a server-management component that handles packaged apps and sits close to the control plane.
When a Conference Console Turns Hostile: The pretalx XSS Patch That Matters
A cross-site scripting flaw in pretalx was patched in v2026.1.0, and the technical lesson is bigger than one event tool: privileged browser sessions remain a high-value target.
When a Speed Plugin Becomes the Weakest Link in a Magento Store
A critical flaw tied to CVE-2026-45247 shows how an optimization extension can become a pre-authentication execution path if it mishandles attacker-controlled input.
When a Search Box Can Reach the Kernel: The Plesk Bug That Turns Low Privilege into High Risk
A flaw in Plesk’s APS Catalog search shows how a control-panel feature can become a command-execution path when input handling breaks down.
JetBrains Fixes Expose a Sharper Truth: Developer Tools Are High-Value Attack Surfaces
Security updates for several JetBrains products include seven high-severity flaws, with possible outcomes ranging from security bypass to arbitrary code execution.
Inside a Building Gateway Bug: How a Session Flaw Can Turn Into Control-Plane Risk
ABB’s EIBPORT advisory is a reminder that in smart buildings, a web-session weakness can matter as much as a protocol flaw when management interfaces sit too close to untrusted networks.
A Patched Bug Still Burning: Why Active Exploitation Changes the Risk Picture
A notice about DAEMON Tools Lite and CVE-2026-8398 shows how a fixed vulnerability can still matter once attackers begin using it in the wild.
Roundcube’s Hidden Lookup Path Became the Weakest Link
A critical pre-authentication SQL injection in Roundcube’s database-backed lookup logic shows how an optional feature can widen the attack surface of a webmail platform before any login happens.
Notepad++ Patch Exposes a Quiet Windows Risk: When Settings Can Become Execution Paths
Version 8.9.6.1 closes three vulnerabilities in the Windows editor, including two that can lead to arbitrary code execution, and the case shows why configuration files deserve the same scrutiny as executable code.
When a Failed Symfony Login Turns Into a Security Boundary Test
A high-severity flaw in Symfony exposed a subtle truth: sometimes the danger is not the password check itself, but the way the framework handles failure.
Notepad++ Patch Turns a Familiar Editor Into a Lesson on Trust Boundaries
Version 8.9.6.1 closes three security flaws, including paths that could allow code execution under specific conditions if user-editable configuration files were manipulated.
Eight Fixes, Four High-Severity Bugs: Roundcube’s Patch Window Exposes Webmail’s Hidden Risk
Roundcube Webmail has shipped security updates for eight vulnerabilities, including four rated high severity, underscoring how quickly a mail interface can become a convergence point for content rendering, plugins, and backend trust.
PuTTY’s New Patch Draws a Hard Line Between Broken Handshakes and Fake Prompts
Version 0.84 closes two SSH key-exchange crash paths and a Telnet trust flaw that could blur who is actually asking for credentials.
The Hidden Parser Trap Inside 7-Zip That Turns a File into a Memory-Corruption Event
A critical bug in 7-Zip's NTFS handling shows how a specialized unpacker can become a code-execution surface when it trusts hostile structure and size fields.
PuTTY’s New Patch Quietly Closes a Dangerous Gap Between Handshakes and Trust
Version 0.84 tightens SSH key-exchange handling and fixes a Telnet prompt spoofing flaw that could mislead users during insecure session flows.