New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw o...
20 articles
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw o...
A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, is exposing instances to potential full database co...
Synology has has fixed critical vulnerabilities in MailPlus Server, a software package used to run private email infrastructure on Synology NAS devices.
U.S.
Hackers have weaponized a WinRAR path-traversal flaw tracked as CVE-2025-8088 to silently plant a Startup shortcut and run a multi-stage PowerShell loader th...
CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog. The post First-Ever Exploitation of PTC Windchil...
The U.S.
ManageEngine has disclosed a critical account takeover vulnerability, tracked as CVE-2026-11374, affecting various integrated products within its AD360 ident...
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-12569 PTC Win...
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project. The post Lantronix Serial-...
A critical unauthenticated remote code execution (RCE) vulnerability in Langflow, tracked as CVE-2026-33017, is being actively exploited in the wild within h...
A newly disclosed vulnerability in the Microsoft Windows Recovery Environment (WinRE) could allow attackers to bypass UEFI and BIOS password protections, exp...
The U.S.
The vulnerability stems from a race condition within the kernel's process integrity validation.
Attackers exploit Cisco Unified CM flaw (CVE-2026-20230) allowing unauth HTTP requests to trigger SSRF, write files, and gain root access Cisco Unified Commu...
CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop ...
A proof-of-concept exploit has been released for CVE-2026-45502, a server-side request forgery (SSRF) vulnerability in the Microsoft Exchange Server’s Exchan...
A newly disclosed stored cross-site scripting (XSS) vulnerability in Webmin has raised significant security concerns, as it allows attackers with limited pri...
Cisco has disclosed a critical server-side request forgery (SSRF) vulnerability affecting its Unified Communications Manager (Unified CM) and Unified Communi...
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Commu...