127 articles
CVE-2026-1603 allows unauthenticated attackers to steal credential vaults from Ivanti Endpoint Manager. CISA added it to KEV catalog after exploitation detected.
Microsoft's March 2026 Patch Tuesday addresses 83 vulnerabilities including two publicly disclosed zero-days in SQL Server and .NET. Eight flaws rated Critical.
CVE-2026-3823 allows unauthenticated attackers to execute code on Atop Technologies industrial switches. Firmware 3.36 patches the critical buffer overflow.
Two critical vulnerabilities in Delta Electronics COMMGR2 enable remote code execution without authentication. ICS operators should patch to v2.11.1 immediately.
CVE-2026-30851 in Caddy's forward_auth module enables identity injection and privilege escalation. Any valid user can impersonate administrators. Update to 2.11.2.
Critical command injection and SQL bypass vulnerabilities in Tencent's WeKnora LLM framework allow unauthenticated RCE. Patch to versions 0.2.10 and 0.2.12 now.
Cisco confirms active exploitation of two more SD-WAN Manager vulnerabilities. Attackers deploying web shells through arbitrary file overwrite and credential exposure flaws.
Cisco confirmed CVE-2026-20122 and CVE-2026-20128 in Catalyst SD-WAN Manager are under active exploitation, with attackers deploying web shells globally.
Federal agencies must patch CVE-2017-7921 and CVE-2021-22681 by March 26. Hikvision cameras face active exploitation; Rockwell PLCs at risk.
CVE-2026-28289 allows unauthenticated attackers to achieve full server compromise by sending a single crafted email. CVSS 10.0—patch to 1.8.207 now.
CVE-2025-20265 in Cisco Secure Firewall Management Center allows unauthenticated attackers to execute commands as root via RADIUS authentication. Patch immediately.
CISA adds CVE-2026-22719 to Known Exploited Vulnerabilities catalog after confirming active exploitation of VMware Aria Operations command injection flaw.
CVE-2026-22886 exposes Eclipse OpenMQ to remote takeover via default admin/admin credentials. CVSS 9.8 critical vulnerability requires immediate attention from Java messaging users.
Google's March 2026 Android security update patches 129 vulnerabilities including CVE-2026-21385, a Qualcomm graphics flaw affecting 234 chipsets under active exploitation.
Critical insecure deserialization vulnerability in U-Office Force allows remote attackers to execute arbitrary code without authentication. CVSS 9.8, no patch available yet.
WordPress plugin wpForo 2.4.14 contains unauthenticated SQL injection, PHP object injection, and multiple authorization bypass flaws. Over 80,000 sites at risk.
Critical CVE-2026-21902 in Junos OS Evolved allows remote attackers to gain root access on PTX routers via exposed anomaly detection service. Patch now.
CVE-2026-28408 and related vulnerabilities allow unauthenticated attackers to bypass security, inject data, and execute code on WeGIA servers. Patch to version 3.6.5 immediately.
CVE-2026-2749 enables unauthenticated attackers to write or delete arbitrary files on Centreon Central Servers. Patches now available for all supported versions.
CVE-2026-27575 combines weak password enforcement with persistent sessions in Vikunja, enabling attackers to retain access even after victims change credentials.
CVE-2026-20781 exposes OCPP WebSocket endpoints to unauthenticated station impersonation, enabling attackers to manipulate EV charging infrastructure and steal energy.
CVE-2026-2251 is a CVSS 9.8 path traversal vulnerability in Xerox FreeFlow Core that enables unauthenticated remote code execution. Upgrade to version 8.1.0 now.
Check Point found CVE-2025-59536 and CVE-2026-21852 in Anthropic's Claude Code. Opening a cloned repo could execute code and leak API credentials.
CVE-2026-27941 (CVSS 9.9) lets attackers execute code via pull requests to OpenLIT, stealing GITHUB_TOKEN and cloud secrets. Patch to 1.37.1 now.
CVE-2026-20127 gives attackers full admin access to Cisco SD-WAN infrastructure. CISA emergency directive requires federal patches by Feb 27.
Microsoft confirms Copilot bug bypassed DLP policies, reading confidential emails without authorization. European Parliament blocked Copilot over concerns.
CISA flags FileZen command injection flaw (CVE-2026-25108, CVSS 8.7) as actively exploited. Federal agencies must patch by March 17, 2026.
Serv-U 15.5.4 fixes four CVSS 9.1 bugs including type confusion and access control flaws. Admin access required, but file transfer platforms remain high-value targets.
CVE-2025-40540 is a critical type confusion vulnerability in SolarWinds Serv-U with CVSS 9.1. Attackers with admin access can execute arbitrary code.
CISA adds CVE-2025-49113 (CVSS 9.9) and CVE-2025-68461 to KEV catalog after attackers weaponized the deserialization flaw within 48 hours. Federal agencies must patch by March 13.
CVE-2026-26119 lets attackers escalate from standard user to domain admin via improper authentication. Microsoft rates exploitation 'more likely.'
CVE-2026-26030 in Microsoft's Semantic Kernel Python SDK enables unauthenticated RCE through InMemoryVectorStore. Upgrade to 1.39.4 immediately.
Federal agencies must patch CVE-2026-22769 by Saturday after CISA confirms Chinese hackers exploited the Dell RecoverPoint vulnerability since 2024.
CVE-2026-2329 (CVSS 9.3) enables unauthenticated RCE on Grandstream GXP1600 VoIP phones. Attackers can intercept calls, steal credentials. Patch to 1.0.7.81.
Critical CVE-2026-1490 (CVSS 9.8) in CleanTalk anti-spam plugin allows unauthenticated attackers to install malicious plugins via DNS spoofing. Update to 6.72 now.
Cisco Talos researcher uses 'good enough' emulation to fuzz Socomec DIRIS M-70 energy gateway, discovering CVE-2025-54848 through CVE-2025-55222 in Modbus protocol handling.
CISA confirms active exploitation of Chrome CVE-2026-2441, Zimbra SSRF, Windows ActiveX CVE-2008-0015, and ThreatSonar flaws. Federal agencies face March 10 deadline.
CVE-2026-2441 is a high-severity CSS use-after-free in Chrome being exploited in the wild. Update to version 145.0.7632.75 immediately.
New n8n RCE flaw bypasses December patch through type confusion. CVSS 9.4 vulnerability enables unauthenticated command execution via malicious workflows.
CVE-2026-20700 memory corruption flaw in dyld exploited against targeted individuals. Google TAG credited with discovery. Patch now for iOS, macOS, watchOS.
GreyNoise traces Ivanti EPMM exploitation to bulletproof hosting on PROSPERO network. Defenders find dormant webshells—signs of initial access broker activity.
CVE-2025-20359 and CVE-2025-20360 affect Cisco FTD, Meraki, and open-source Snort 3. No workarounds exist—patches rolling out through February.
CVE-2026-21643 allows unauthenticated attackers to chain SQL injection with command execution in FortiClient EMS. CVSS 9.8 affects version 7.4.4—upgrade to 7.4.5 immediately.
CVE-2026-1731 allows unauthenticated remote code execution on BeyondTrust Remote Support and Privileged Remote Access products. CVSS 9.9 vulnerability affects 11,000+ exposed instances.
Microsoft's February 2026 Patch Tuesday fixes 59 flaws including six actively exploited zero-days. CrowdStrike confirmed CVE-2026-21533 was used in attacks targeting US and Canada since December.
CVE-2026-22778 chains a heap leak and buffer overflow in vLLM's video processing to achieve full RCE on AI inference servers. Patch to 0.14.1 now.
CVE-2025-22225 sandbox escape now confirmed as a ransomware attack vector. Exploitation toolkit predates Broadcom's patch by a full year.
CVE-2026-24423 lets unauthenticated attackers execute OS commands on SmarterMail servers. CISA confirms active ransomware exploitation and sets a February 26 patch deadline.