<?xml version="1.0" encoding="utf-8"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>CVE Recipes on security-recipes.ai</title><link>https://security-recipes.ai/recipes/cve/</link><description>Recent content in CVE Recipes on security-recipes.ai</description><language>en-us</language><atom:link href="https://security-recipes.ai/recipes/cve/index.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2023-34362 - MOVEit Transfer unauthenticated SQL injection</title><link>https://security-recipes.ai/recipes/cve/cve-2023-34362-moveit-transfer-sql-injection/</link><guid>https://security-recipes.ai/recipes/cve/cve-2023-34362-moveit-transfer-sql-injection/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Known-exploited SQL injection in MOVEit Transfer&#39;s web application. Contain HTTP/S exposure, preserve evidence, assess compromise, and upgrade every node with a current Progress-supported release.</description></item><item><title>CVE-2024-3400 - PAN-OS GlobalProtect command injection</title><link>https://security-recipes.ai/recipes/cve/cve-2024-3400-pan-os-globalprotect-command-injection/</link><guid>https://security-recipes.ai/recipes/cve/cve-2024-3400-pan-os-globalprotect-command-injection/</guid><pubDate>Sun, 12 Jul 2026 00:00:00 GMT</pubDate><description>Critical unauthenticated PAN-OS GlobalProtect command injection. Upgrade every exposed firewall to a vendor-fixed release, apply the documented Threat Prevention containment while rollout is pending, and preserve evidence before reboot when compromise is suspected.</description></item><item><title>CVE-2025-60455 - Modular Max Serve unsafe deserialization</title><link>https://security-recipes.ai/recipes/cve/cve-2025-60455-modular-max-serve/</link><guid>https://security-recipes.ai/recipes/cve/cve-2025-60455-modular-max-serve/</guid><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><description>Critical unsafe deserialization in modular (&lt;25.6.0) when experimental kvcache agent is enabled.</description></item><item><title>CVE-2026-33116 - .NET System.Security.Cryptography.Xml DoS</title><link>https://security-recipes.ai/recipes/cve/cve-2026-33116-dotnet-crypto-xml-dos/</link><guid>https://security-recipes.ai/recipes/cve/cve-2026-33116-dotnet-crypto-xml-dos/</guid><pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate><description>High-severity DoS in System.Security.Cryptography.Xml with patched releases in .NET 8/9/10 trains.</description></item><item><title>CVE-2021-44228 — Log4Shell</title><link>https://security-recipes.ai/recipes/cve/cve-2021-44228-log4shell/</link><guid>https://security-recipes.ai/recipes/cve/cve-2021-44228-log4shell/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>JNDI-lookup RCE in Log4j 2.x. Upgrade to 2.17.1+, set `formatMsgNoLookups=true`, remove `JndiLookup.class` from vendored JARs.</description></item><item><title>CVE-2024-3094 — xz-utils backdoor</title><link>https://security-recipes.ai/recipes/cve/cve-2024-3094-xz-utils/</link><guid>https://security-recipes.ai/recipes/cve/cve-2024-3094-xz-utils/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>Maintainer-implanted backdoor in liblzma reachable through sshd. Roll back to 5.4.x; treat any network-exposed affected host as compromised.</description></item><item><title>CVE-2014-0160 — Heartbleed</title><link>https://security-recipes.ai/recipes/cve/cve-2014-0160-heartbleed/</link><guid>https://security-recipes.ai/recipes/cve/cve-2014-0160-heartbleed/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>OpenSSL heartbeat-extension memory disclosure. Patching is necessary but not sufficient — rotate every key and revoke every cert from the exposure window.</description></item><item><title>CVE-2014-6271 — Shellshock</title><link>https://security-recipes.ai/recipes/cve/cve-2014-6271-shellshock/</link><guid>https://security-recipes.ai/recipes/cve/cve-2014-6271-shellshock/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>Bash function-export parser RCE — and the five sibling CVEs that came with it. Upgrade Bash through every patch level; audit CGI / DHCP / SSH-hook surfaces.</description></item><item><title>CVE-2017-18342 — PyYAML default `load` resolves arbitrary tags</title><link>https://security-recipes.ai/recipes/cve/cve-2017-18342-pyyaml/</link><guid>https://security-recipes.ai/recipes/cve/cve-2017-18342-pyyaml/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>`yaml.load` resolved arbitrary Python tags by default. Replace with `safe_load` and pin PyYAML ≥ 6.0 where the unsafe default was finally removed.</description></item><item><title>CVE-2024-6387 — regreSSHion</title><link>https://security-recipes.ai/recipes/cve/cve-2024-6387-regresshion/</link><guid>https://security-recipes.ai/recipes/cve/cve-2024-6387-regresshion/</guid><pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate><description>OpenSSH signal-handler race RCE on glibc Linux. Upgrade to 9.8p1+; mitigate immediately via `LoginGraceTime 0` if the upgrade has to wait.</description></item></channel></rss>