vulnerability 97
- FortiClient EMS Auth Bypass CVE-2026-35616 Actively Exploited to Deploy EKZ Credential Stealer
- Gogs Zero-Day RCE Lets Any Authenticated User Execute Arbitrary Code
- Gitea CVE-2026-27771: Unauthenticated Attackers Can Pull Private Container Images
- MuddyWater Uses DLL Side-Loading in Global Espionage Campaign Hitting 9 Countries
- KnowledgeDeliver LMS Zero-Day Exploited to Deploy Godzilla Web Shell and Cobalt Strike
- Anthropic's Project Glasswing Uncovers 10,000 High-Severity Vulnerabilities in Critical Software
- LiteSpeed cPanel Plugin CVE-2026-48172 Actively Exploited for Root Privilege Escalation
- BYOVD: Exploiting Vulnerable Windows Kernel Drivers Without Their Target Hardware
- Langflow CVE-2025-34291 (CVSS 9.4) Added to CISA KEV Under Active Exploitation
- Cisco Patches CVSS 10.0 Flaw in Secure Workload REST API
- Anthropic Silently Patches Claude Code Sandbox Bypass
- CISA Adds 7 Known Exploited Vulnerabilities Including Active Microsoft Defender Flaws
- ExifTool CVE-2026-3102: Malicious Image File Triggers macOS Compromise
- Windows Zero-Day Barrage: YellowKey, GreenPlasma, and MiniPlasma Disclosed Post-Patch Tuesday
- DirtyDecrypt PoC Published for Patched Linux Kernel LPE CVE-2026-31635
- ScadaBR 1.2.0 Hit by Four CVEs Including Unauthenticated RCE (CVSS 9.1)
- Drupal Warns of Critical Core Patch on May 20 — Exploits Expected Within Hours
- Critical SEPPMail Gateway Vulnerabilities Enable RCE and Full Mail Traffic Read
- MiniPlasma Windows Zero-Day Grants SYSTEM Privileges on Fully Patched Systems
- DirtyDecrypt: Public PoC Released for Linux Kernel Root Escalation Flaw
- Pwn2Own Berlin 2026: $1.3M Paid for 47 Zero-Days in Windows, Linux, VMware, and AI Products
- Pwn2Own Berlin 2026 Day 2: 15 Zero-Days in Windows 11, Exchange, and RHEL Earn $385K
- Microsoft Edge Will No Longer Load Saved Passwords in Cleartext at Startup
- Four OpenClaw Vulnerabilities Chain to Enable Data Theft, Privilege Escalation, and Backdoor Planting
- Microsoft Exchange CVE-2026-42897 Zero-Day Exploited via Crafted Email
- Cisco SD-WAN CVE-2026-20182 Added to CISA KEV; Sixth Exploited SD-WAN Zero-Day in 2026
- Researcher Drops YellowKey BitLocker Bypass and GreenPlasma Windows EoP Zero-Days
- Fragnesia Linux Kernel LPE (CVE-2026-46300) Grants Root via Page Cache Corruption
- 18-Year-Old NGINX Rewrite Module Bug Enables Unauthenticated RCE
- Critical Exim Mail Server Flaw Allows Unauthenticated Remote Code Execution
- May 2026 Patch Tuesday: 138 CVEs Including Critical Zero-Click Outlook Flaw CVE-2026-40361
- Google Project Zero Demonstrates 0-Click Exploit Chain for Pixel 10
- Fortinet Patches Critical RCE Flaws in FortiSandbox and FortiAuthenticator
- OpenAI Launches Daybreak: AI-Powered Vulnerability Detection and Automated Patch Validation
- GhostLock PoC: Legitimate Windows File API Abused to Block Local and SMB File Access
- Unit 42 Unpacks AD CS Escalation: Template Misconfigs, Shadow Credentials, and Detection Guidance
- Ollama "Bleeding Llama" CVE-2026-7482: Unauthenticated Remote Memory Leak
- cPanel and WHM Patch Three Vulnerabilities Including RCE and Privilege Escalation
- Cybercriminal Group Compromises Canvas LMS, Dozens of Universities Reschedule Finals
- CISA Adds BerriAI LiteLLM SQL Injection to Known Exploited Vulnerabilities
- Hackers Breach ICS at Five Polish Water Treatment Plants
- Dirty Frag Linux Zero-Day Gives Root on All Major Distributions
- Prompt Injection Flaw in Claude Chrome Extension Allows AI Agent Takeover
- Claude Chrome Extension Flaw Allows Prompt Injection and Agent Takeover
- Dozen Critical Vulnerabilities in vm2 Node.js Library Enable Sandbox Escape and RCE
- PAN-OS Zero-Day CVE-2026-0300 Enables Unauthenticated RCE via Captive Portal
- VoidStealer Trojan Bypasses Chrome App-Bound Encryption to Steal Credentials
- Oracle Shifts to Monthly Critical Security Patch Updates
- Palo Alto PAN-OS RCE Zero-Day CVE-2026-0300 Actively Exploited
- Ollama 'Bleeding Llama' Bug Exposes ~300,000 Deployments to Unauthenticated Info Theft
- MetInfo CMS CVE-2026-29014 Under Active Exploitation — Unauthenticated RCE (CVSS 9.8)
- Weaver E-cology CVE-2026-22679 Actively Exploited — CVSS 9.8 Unauthenticated RCE via Debug API
- 'Copy Fail' Linux Flaw Hits CISA KEV as Active Exploitation Begins
- Critical cPanel Flaw CVE-2026-41940 Mass-Exploited in "Sorry" Ransomware Attacks
- April Windows 11 Update KB5083769 Breaks Third-Party Backup Software on 24H2 and 25H2
- Critical Gemini CLI Flaw Enabled Host Code Execution and Supply Chain Attacks
- Critical cPanel and WHM Auth Bypass CVE-2026-41940 Exploited as Zero-Day Since February
- Linux 'Copy Fail' CVE-2026-31431 Enables Root on All Major Distros Since 2017
- Google Patches CVSS 10 Gemini CLI RCE Enabling Supply-Chain Code Execution
- Wiz Used AI Reverse Engineering to Uncover High-Severity GitHub Vulnerability
- GitHub RCE Flaw CVE-2026-3854 Exposed Millions of Private Repositories
- 38 Vulnerabilities in OpenEMR Allow Access to and Modification of Patient Data
- CISA Adds Actively Exploited ConnectWise ScreenConnect and Windows Flaws to KEV
- Critical GitHub RCE CVE-2026-3854 Exposed Millions of Repositories
- LiteLLM CVE-2026-42208 SQL Injection Exploited Within 36 Hours of Disclosure
- LiteLLM CVE-2026-42208 SQL Injection Under Active Exploit Within 36 Hours
- Microsoft Patches Entra ID AI Agent Role That Enabled Service Principal Takeover
- Incomplete Windows Patch Exposes Systems to Zero-Click APT28 Attack Vector
- 15-Year-Old OpenSSH Flaw Allowed Full Root Shell Access via Certificate Principal Parsing Bug
- Claude Mythos Accelerates Vulnerability Discovery—but Remediation Teams Aren't Keeping Pace
- CVE-2026-6770: Firefox Flaw Enables Fingerprinting and Deanonymization of Tor Browser Users
- Hackers Actively Exploiting Unauthenticated File Upload Bug in Breeze Cache WordPress Plugin
- LMDeploy CVE-2026-33626 SSRF Exploited in the Wild Within 13 Hours of Disclosure
- Cisco Discovers Memory Vulnerability in Anthropic AI Agent Framework
- Microsoft Defender Zero-Day Exploited to Dump NTLM Hashes and Gain SYSTEM Privileges
- Apple Patches iOS Bug That Let FBI Recover Deleted Signal Messages via Retained Notifications
- Microsoft Issues Emergency Out-of-Band Patches for Critical ASP.NET Core Privilege Escalation
- Over 1,300 SharePoint Servers Still Exposed to Actively Exploited Spoofing Zero-Day
- Claude Mythos Preview Found 271 Firefox Vulnerabilities in Anthropic-Mozilla Collaboration
- CVE-2026-1731: Critical Bomgar RMM RCE Actively Exploited to Spread Ransomware
- Google Antigravity AI IDE: Prompt Injection Chained to Sandbox Escape and Code Execution
- Splunk Enterprise Patches RCE Flaw Exploitable by Low-Privileged Users via File Upload
- Comment and Control: Claude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via Code Comments
- CVE-2026-33032 (MCPwn): Critical Nginx UI Authentication Bypass Actively Exploited
- Fortinet Patches Critical FortiSandbox Vulnerabilities Enabling Auth Bypass and RCE
- April 2026 Patch Tuesday: SharePoint Zero-Day Among 167 CVEs Fixed
- ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
- Critical wolfSSL Vulnerability Allows ECDSA Signature Forgery and Certificate Bypass
- Anthropic Restricts Mythos Preview After Model Autonomously Exploits Zero-Days in Major OS and Browsers
- Adobe Patches Actively Exploited Acrobat Reader RCE — CVE-2026-34621
- Apple Intelligence Guardrails Bypassed via Neural Exect and Unicode Manipulation
- Hardcoded Google API Keys in Android Apps Expose Gemini AI Endpoints
- Palo Alto Networks and SonicWall Patch High-Severity Privilege Escalation Bugs
- Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
- Russia's APT28 Conducts Malwareless Espionage via SOHO Router DNS Hijack
- Apache ActiveMQ Classic Carries 13-Year-Old RCE Risk via Unauthenticated Jolokia API
- CVE-2026-1337 — RCE in Widely-Used Python ORM