⚠️ Microsoft SharePoint – Remote Code Execution (CVE-2026-45659, CVSS 8.8, CISA KEV)
CISA has added CVE-2026-45659 to its KEV catalogue following evidence of active exploitation. The vulnerability is a deserialization of untrusted data flaw in Microsoft SharePoint that allows an authenticated attacker to execute code remotely over the network. According to Microsoft, an attacker needs only Site Member permissions, with no elevated privileges and no user interaction required, and the flaw is remotely exploitable from the internet.
Affected: SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition.
Mitigation: Apply Microsoft's security updates released on May 21, 2026. Federal agencies must remediate by July 4, 2026 per BOD 26-04. Evaluate each server's internet exposure and prioritise patching for publicly reachable instances.
Modat Magnify Query: technology="Microsoft SharePoint"
The platform: https://t.co/0WNqTHqKre
Reference: https://t.co/xkeL5nIJmG
#Modat #ModatMagnify #CyberSecurity #ThreatIntelligence #InternetIntelligence #vulnerability #CVE202645659 #Microsoft #SharePoint #RCE #infosec #KEV
PSA-2026-05-18
⚠️ Drupal – Upcoming Highly Critical Security Release
The Drupal has issued PSA-2026-05-18 warning of a highly critical core vulnerability affecting all supported Drupal 10 and 11 branches. Technical details remain undisclosed, but exploits may emerge within hours or days after release.
Emergency patching is advised for May 20, 2026 (17:00–21:00 UTC).
Affected branches include: • 11.3.x / 11.2.x • 10.6.x / 10.5.x
End-of-life Drupal 8.9 and 9.5 branches will also receive best-effort patches due to the potential severity of the issue.
Mitigation: Update to the latest supported Drupal patch release and prepare for emergency patching during the security window.
Modat Magnify Query: technology="Drupal"
The platform:
https://t.co/qJfEh7giE9
Reference: https://t.co/esH2uw4f4i
#threatintel #vulnerability #Drupal #infosec #Critical #zeroday #ModatMagnify
CVE-2026-42945
⚠️ NGINX – Heap Overflow / Possible RCE Actively Exploited in the Wild (CVSS 9.2)
A heap-based buffer overflow in ngx_http_rewrite_module affects NGINX Open Source and NGINX Plus ≤1.30.0. Crafted HTTP requests can trigger worker crashes and potentially lead to remote code execution on systems with ASLR disabled.
The flaw requires specific rewrite/if/set directives using unnamed PCRE captures ($1, $2) with replacement strings containing “?”. The vulnerability is actively being exploited in the wild.
Mitigation: Patch immediately to Nginx 1.31.0 or 1.30.1.
Modat Magnify Query:
technology="Nginx"
The platform:
https://t.co/qJfEh7giE9
#threatintel #vulnerability #CVE202642945 #NGINX #RCE #DoS #infosec #Critical #ModatMagnify
CVE-2026-44578
⚠️ Next.js – WebSocket Upgrade SSRF (CVSS 8.6)
A server-side request forgery vulnerability in Next.js allows unauthenticated attackers to force self-hosted instances to make internal HTTP requests via the WebSocket upgrade handler.
By sending a crafted absolute-form HTTP request with Upgrade: websocket headers, attackers can access internal services, cloud metadata endpoints, admin panels, and internal APIs reachable from the Next.js server on port 80. Successful exploitation may expose cloud credentials, API keys, secrets, and configuration data.
Affected: Next.js 13.4.13+, 14.x, 15.x <15.5.16, 16.0.0–16.2.4
Mitigation: Upgrade immediately to 15.5.16 or 16.2.5.
Modat Magnify Query:
technology="Next.js"
The platform:
https://t.co/qJfEh7giE9
#threatintel #vulnerability #CVE202644578 #Nextjs #SSRF #WebSocket #CloudSecurity #infosec #Critical #ModatMagnify
New Research – Global Impact: Over 1.2 million internet-connected healthcare devices and systems with exposure that endanger patient data.
Findings across 70+ different types of medical devices & systems including: MRI, CT, X-rays, DICOM viewers, Blood test systems, hospital management systems, and others 👉 Read the full blog and see how this could impact your organisation: https://t.co/1LSuE3NWvp
New Device DNAs just dropped on Modat Magnify: 🖥️ KVM over IP (NanoKVM, JetKVM, PiKVM) 🛠️ BMC (e.g. Supermicro) Available for Pro+ users. → https://t.co/m6KhXiXF9n
#Cybersecurity#ThreatHunting#ModatMagnify#DFIR
Modat Magnify Alert: We’ve identified ~2,500 exposed CrushFTP instances worldwide.
According to @Shadowserver ~1,800 may be vulnerable to CVE-2025-2825 (CVSS 9.8) — an auth bypass via HTTP(S) that can be exploited.
https://t.co/TYQQbwss1F
#ModatMagnify#crushftp#infosec#cve
🚨 New Series: Feature Findings 🚨 We’re launching a new series showcasing what Modat Magnify can do, and to share findings and our extended research following our results.
Up first: How we used the ‘Device DNA’ tag Case Management to get results and further research to uncover data highly relevant to National & Government CSIRTs.
See our findings & further research: https://t.co/7OCHPo3xjh
We will continue to share different Feature Findings that highlight a real world scenarios and how Modat Magnify can help with proactive efforts.
Built by researchers, for researchers. For Researchers & Ethical Hackers, you can use the platform to make your own discoveries. If you find something worth sharing—tag us using #ModatMagnify on 🔗 X: https://t.co/ulOiXWwN7L 🔗 BlueSky: https://t.co/911ySJ7qCq 🔗 LinkedIn: https://t.co/YjynvPp4hZ
Also, right now when you sign up for FREE you will also get full access to the Practitioner Plan features included until July 1st.
➡️ https://t.co/0WNqTHqKre
Next Feature Finding drops soon. Stop Searching, Start Finding. #CyberSecurity #ThreatIntelligence #ModatMagnify #CTI #EthicalHacking #CyberSec #CSIRT #CERT #Infosec #OSINT #CyberResearch #research #ResponsibleDisclosure #resilience
🚨 Critical RCE Alert: CVE-2025-30406
A new vulnerability in Gladinet CentreStack & Triofox software is being exploited in the wild — with 7 orgs already compromised since March 2025.
CVSS Score: 9.0 Affected: Triofox ≤ v16.4.10317.56372 Exploit: Remote code execution due to a hard-coded cryptographic key Fix: Update to CentreStack v16.4.10315.56368 or later
This is live exploitation, not just a theoretical risk. Don't delay patching.
🔍 Try this query in Modat Magnify:
➡️ https://t.co/0WNqTHqKre web.headers~"Set-Cookie: y-glad-state"
to check exposure across the internet and spot compromised infrastructure.
#CyberSecurity #ThreatIntelligence #RCE #CVE202530406 #ModatMagnify #CentreStack #Triofox #VulnerabilityAlert #PatchNow #ThreatHunting
🚨 RCE Alert – CVE-2025-3616: Greenshift WordPress Plugin 🚨
Websites using the popular Greenshift – animation and page builder blocks plugin are at risk of full compromise due to a critical vulnerability with a CVSS score of 8.8.
Even subscriber-level users can upload malicious PHP files and execute arbitrary code.
Root of the flaw:
• Found in gspb_make_proxy_api_request() (introduced in v11.4)
• Insufficient MIME-type check, no file extension validation
• Allows uploading .php shells to /wp-content/uploads/api_upload/
Affected Versions: 11.4 – 11.4.5 Update immediately to v11.4.6 or later
Admins should:
• Audit /uploads/api_upload/ for unknown .php files
• Monitor low-privilege user activity
Run this query in Modat Magnify to check exposed instances: technology="WordPress" web.html~"greenshift"
🔗 https://t.co/0WNqTHqKre Try for free until July 1
#WordPress #RCE #CVE-2025-3616 #CyberSecurity #VulnerabilityAlert #ModatMagnify #ThreatIntelligence #BugBounty #Infosec #WPPlugin
🚨 Threat Alert: CVE-2025-31324 – Critical SAP NetWeaver RCE Vulnerability 🚨
A newly disclosed flaw in SAP NetWeaver Visual Composer’s Metadata Uploader allows unauthenticated remote code execution via file upload—CVSS score:
10.0 (Critical).
This vulnerability is already under active exploitation, with multiple incidents reported. Attackers can upload and execute malicious binaries, leading to complete system compromise.
What you need to know:
•Attack vector: CWE-434 – Unrestricted File Upload
•MITRE tactic: T1190 – Exploit Public-Facing Application
•Impact: Total loss of confidentiality, integrity, and availability
•Exploitation: No auth required
SAP recommends:
•Patch immediately
•Disable or restrict the Visual Composer component
Exploits linked to this or a related flaw have already been observed in the wild. Don’t wait.
Try with Modat Magnify → Run this query to check for exposed assets:
product="SAP NetWeaver"
Start now with upgraded platform access – free until July 1:
https://t.co/0WNqTHqKre
#CVE-2025-31324 #SAPNetWeaver #RemoteCodeExecution #RCE #CyberSecurity #ModatMagnify #VulnerabilityAlert #Infosec #ThreatIntel #CWE434
CVE is shutting down. Introducing: vendor-led CVE - coming soon to a news article near you.
MITRE has been a force in cyber security for some years, and I’d like to take a moment to thank the person who made CVE happen - @SushiDude. Thank you for all your work.
🚨 New CVE Alert: CVE-2025-22457
@Mandiant confirms active exploitation of a critical Ivanti Connect Secure RCE vulnerability by suspected China-nexus actor UNC5221.
Involves custom malware (TRAILBLAZE, BRUSHFIRE) and the SPAWN ecosystem.
📌 CVE: https://t.co/5ipAJcmSdR
📊 136K+ services found on https://t.co/0WNqTHrigM
Basic Query
https://t.co/i9FKCKbsOG
Device DNA
https://t.co/fS0osVUk8E
#ModatMagnify #Ivanti #ThreatIntel #UNC5221 #CyberSecurity #APT #DFIR #CVE202522457