Information Security Advisory A critical security vulnerability (CVE-2026-41940) has been identified in cPanel, Web Host Manager (WHM) and WP Squared which may allow unauthenticated attackers to completely compromise affected systems through an authentication bypass in the login process. Severity level: CVSS Score: 9.8/Critical. Description: CVE‑2026‑41940 is a critical authentication bypass vulnerability in cPanel, […]
Information Security Advisory A recently disclosed vulnerability (CVE-2026-3854) affects GitHub.com and GitHub Enterprise Server and may allow unauthenticated attackers to achieve remote code execution (RCE)on GitHub Infrastructure. Severity level CVSS Score: 8.8/High Description: CVE‑2026‑3854 is a sever security vulnerability caused by improper sanitization of user‑supplied git push options within GitHub’s internal Git processing […]
Information Security Advisory A recently disclosed vulnerability (CVE-2026-40372) affects a Windows-based application and may allow unauthenticated remote attackers to escalate privileges. Severity level CVSS Score: 9.1/Critical. Description: CVE‑2026‑40372 is a critical security vulnerability that arises from improper control of file names or file paths within a Windows-based application. The affected component processes user-supplied […]
Information Security Advisory A recently disclosed high‑severity vulnerability in Adobe Acrobat and Acrobat Reader (CVE‑2026‑34621) allows attackers to execute arbitrary code on affected systems by tricking users into opening a specially crafted PDF file. Severity level: CVSS Score: 8.6/High Description: Adobe Acrobat and Acrobat Reader contain an improperly controlled modification of object prototype […]
Information Security Advisory A recently disclosed critical vulnerability in the Ninja Forms – File Uploads plugin for WordPress (CVE‑2026‑0740) allows unauthenticated remote attackers to upload arbitrary files, potentially leading to remote code execution and full site compromise. Severity level: CVSS Score: 9.8/Critical Description: The Ninja Forms – File Uploads plugin for WordPress fails […]
Information Security Advisory A recently disclosed critical vulnerability in the Ninja Forms – File Uploads plugin for WordPress (CVE‑2026‑0740) allows unauthenticated remote attackers to upload arbitrary files, potentially leading to remote code execution and full site compromise. Severity level: CVSS Score: 9.8/Critical Description: The Ninja Forms – File Uploads plugin for WordPress fails […]
Service Advisory Please share the following with your teams. Service: Insight service has been restored Impact/Details: The service and system has been restored Our teams are continuing to monitor the system for stability Teams are investigating root cause We thank you for your continued cooperation and understanding. Contact IT Client Services at askIT@yorku.ca or […]
Service Advisory Please share the following with your teams. Service Outage: Insight is currently unavailable. UIT is investigating. Impact/Details: The system is unavailable and/or information is not displayed. We thank you for your continued cooperation and understanding. Contact IT Client Services at askIT@yorku.ca or 416 736 5800 PRIVACY POLICY | VISIT WWW.YORKU.CA This […]
Information Security Advisory A recently disclosed vulnerability in Zoom Workplace for Windows ( CVE‑2026‑30903) allows unauthenticated remote attackers to escalate privileges by exploiting improper control of file names or paths. Severity level: CVSS Score: 9.6/Critical Description: Zoom Workplace for Windows includes a Mail feature that processes user-supplied file references. In vulnerable versions, this […]
Service Advisory Please share the following with your teams. Service Outage: MyApps service hosts the classic SIS applications and allows designated staff community to launch them remotely. We had an unexpected service outage this morning, during which the classic SIS applications will not launch via the Launch Remote option. Outage Window: Start: Thursday March […]