SecuMom Threat Intelligence
Boletín Semanal
05/06/2026
Vulnerabilidades críticas, explotación activa y priorización basada en riesgo.
Resumen Ejecutivo
Este boletín semanal identificó 53 vulnerabilidades priorizadas.
De ellas, 25 son críticas y 28 son de severidad alta.
Asimismo, se identificaron 1 vulnerabilidades incluidas en el catálogo CISA KEV,
51 con capacidad potencial de ejecución remota de código (RCE)
y 1 con evidencia pública de explotación (PoC).
Top Vendors
Top Technologies
Top 5 Vulnerabilities
CriticalCISA KEVRCEBrowser
26.5
Priority Score
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEPublic PoCWeb/Application
23.08
Priority Score
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been pa
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
22.49
Priority Score
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker can achieve Arbitrary File Write, leading directly to Remote Code Execution (RCE) on the server. This issue has been patched in versions 6.8.156, 25.0
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCECloud/IAM
19.31
Priority Score
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCETech N/D
18.6
Priority Score
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
Critical CVEs
CriticalCISA KEVRCEBrowser
26.5
Priority Score
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEPublic PoCWeb/Application
23.08
Priority Score
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been pa
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
22.49
Priority Score
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker can achieve Arbitrary File Write, leading directly to Remote Code Execution (RCE) on the server. This issue has been patched in versions 6.8.156, 25.0
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCECloud/IAM
19.31
Priority Score
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCETech N/D
18.6
Priority Score
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
18.55
Priority Score
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
17.66
Priority Score
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCETech N/D
17.49
Priority Score
TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
17.48
Priority Score
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
16.62
Priority Score
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
High CVEs
HighRCETech N/D
15.64
Priority Score
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
HighRCEWeb/Application
14.42
Priority Score
Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/upload) passes the user-supplied filename directly to createTempFolder() without sanitizing path traversal sequences. An attacker with Global Builder privileges can craft a multipart upload with a filename containing ../ to delete arbitrary directories via rmSync and write arbitrary files via tarball extraction to any filesystem path the Node.js process can access. This issue
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
HighRCETech N/D
14.02
Priority Score
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a logic flaw in the backend design, account state changes are enforced only during authentication (login), not for already-established sessions. The system implicitly assumes that authenticated users remain trusted for the life
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
HighRCEDatabase
13.98
Priority Score
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti (Updates) module in OpenSTAManager contains a database conflict resolution feature (op=risolvi-conflitti-database) that accepts a JSON array of SQL statements via POST and executes them directly against the database without any validation, allowlist, or sanitization. An authenticated attacker with access to the Aggiornamenti module can execute arbitrary SQL stat
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
HighRCEWeb/Application
13.73
Priority Score
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any path traversal validation. The FILTER_SANITIZE_SPECIAL_CHARS filter only encodes HTML special characters (&, ', ", <, >) and characters with ASCII value < 32, and does not prevent directory traversal se
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
HighRCEDatabase
13.5
Priority Score
Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patched in version 3.79.1.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
HighRCEDatabase
13.31
Priority Score
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the options[stato] GET parameter. The user-supplied value is read from $superselect['stato'] and concatenated directly into SQL WHERE clauses as a bare expression, without any sanitization, parameterization, or allowlist validation. An authenticated attacker can inject arbitra
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
HighRCEBrowser
13.23
Priority Score
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in the admin panel. An authenticated user with write access to a collection could save content that, when viewed by another user, would execute in their browser. This issue has been patched in version 3.78.0.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
HighRCEWeb/Application
13.2
Priority Score
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resource
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
HighRCEBrowser
13.19
Priority Score
Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CISA KEV
CriticalCISA KEVRCEBrowser
26.5
Priority Score
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
Remote Code Execution
CriticalCISA KEVRCEBrowser
26.5
Priority Score
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEPublic PoCWeb/Application
23.08
Priority Score
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been pa
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
22.49
Priority Score
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker can achieve Arbitrary File Write, leading directly to Remote Code Execution (RCE) on the server. This issue has been patched in versions 6.8.156, 25.0
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCECloud/IAM
19.31
Priority Score
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCETech N/D
18.6
Priority Score
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
18.55
Priority Score
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
17.66
Priority Score
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCETech N/D
17.49
Priority Score
TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
17.48
Priority Score
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
CriticalRCEWeb/Application
16.62
Priority Score
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
Public PoC
CriticalRCEPublic PoCWeb/Application
23.08
Priority Score
llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPH_COMPUTE messages. Combined with pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE, this gives full ASLR bypass and remote code execution. No authentication required, just TCP access to the RPC server port. This issue has been pa
Acción recomendada:
Validar exposición, identificar activos afectados, revisar las recomendaciones oficiales del fabricante
y priorizar la remediación considerando criticidad del activo, explotación activa, EPSS, PoC pública y contexto de negocio.
SecuMom Threat Intelligence
by Carla Moreno
Generated from CVE enrichment, CISA KEV, EPSS and risk-based prioritization data.