Linux “ssh-keysign-pwn” Flaw Exposing Critical Authentication Files
A newly disclosed Linux kernel vulnerability, dubbed “ssh-keysign-pwn” by Qualys researchers, exposes millions of Linux systems to unauthorized access to sen...
CVE
20 articles
Critical vulnerability in Burst Statistics plugin allows admin takeover
The flaw, identified as CVE-2026-8181, was introduced in version 3.4.
VMware Fusion Flaw Could Allow Attackers to Gain Root Privileges
A newly disclosed vulnerability in VMware Fusion has raised serious security concerns after researchers confirmed it could allow attackers to escalate privil...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42897 Microsoft...
PraisonAI Vulnerability Actively Exploited Within Hours of Being Made Public
A high-severity vulnerability in PraisonAI is drawing urgent attention after security researchers observed exploitation attempts within hours of public discl...
Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursd...
Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks
Amazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbi...
Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access
Cisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administ...
Next.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin Interfaces
Next.js, one of the most widely used React frameworks, has been hit by a high-severity vulnerability that could allow attackers to extract sensitive cloud cr...
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the ...
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.
Two vulnerabilities found in popular WordPress plugin Avada Builder
The vulnerabilities, disclosed by Wordfence, include an arbitrary file read flaw (CVE-2026-4782) requiring subscriber-level access and a high-severity SQL in...
AI agent finds 18-year-old remote code execution flaw in Nginx
Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditio...
Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation
A new Linux kernel local privilege escalation exploit with a public proof-of-concept targets the same subsystem as Dirty Frag but requires a separate patch. ...
CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS
Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265, a signature verification vulnerability that facilitates authent...
U.S. CISA adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog
The U.S.
Linux Kernel bug Fragnesia allows local root access attacks
Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed...
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited ...
CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)
Overview While researching a critical authentication bypass vulnerability, CVE-2026-20127, which was exploited in-the-wild, Rapid7 Labs discovered a new auth...
Broadcom releases VMware Fusion security update for root access bug
Broadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges. Broadcom released a security update...