MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests. The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.
Threat actors have separately started exploiting two critical-severity vulnerabilities in MetInfo and Weaver E-cology that allow them to execute arbitrary code remotely, without authentication.
MetInfo is an enterprise content management system (CMS) that relies on PHP and MySQL and provides various SEO optimization capabilities.
Tracked as CVE-2026-29014 (CVSS score of 9.8) and disclosed in early April, the now-exploited critical flaw in MetInfo is described as an unauthenticated PHP code injection issue.
Source: https://www.securityweek.com/metinfo-weaver-e-cology-vulnerabilities-in-attackers-crosshairs/
Related breach coverage
- Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server2026-05-05
The most severe of these security defects could allow remote attackers to execute arbitrary code. The post Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server appeared first on SecurityWeek.
- Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking2026-05-07
Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms. The post Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking appeared first on SecurityWeek.
- WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities2026-05-05
The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year. The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities appeared first on SecurityWeek.
- Cisco Patches High-Severity Vulnerabilities in Enterprise Products2026-05-07
Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Products appeared first on SecurityWeek.