PROBABLYPWNED
Home/Vulnerabilities

Vulnerabilities

363 articles

Oracle E-Business CVE-2026-46817 Under Active Attack—CVSS 9.8
Vulnerabilities3 min read

Oracle E-Business CVE-2026-46817 Under Active Attack—CVSS 9.8

Critical authentication bypass in Oracle Payments (CVE-2026-46817) is being actively exploited. Over 900 vulnerable instances exposed online, with attackers achieving system takeover via unauthenticated HTTP requests.

Marcus ChenJul 6, 2026
Adobe Patches 7 Max-Severity ColdFusion, Campaign Flaws
Vulnerabilities4 min read

Adobe Patches 7 Max-Severity ColdFusion, Campaign Flaws

Seven CVSS 10.0 vulnerabilities in Adobe ColdFusion and Campaign Classic enable unauthenticated RCE. Adobe shifts to twice-monthly security bulletins citing AI-accelerated discovery.

Marcus ChenJul 2, 2026
Curl Patches 18 Flaws Including 25-Year-Old mTLS Bypass
Vulnerabilities4 min read

Curl Patches 18 Flaws Including 25-Year-Old mTLS Bypass

Curl 8.21.0 addresses a record 18 CVEs, including CVE-2026-8932—an mTLS authentication bypass introduced in March 2001. AI tools discovered several of the vulnerabilities.

Marcus ChenJul 1, 2026
Cisco SD-WAN Zero-Day Exploited Since May—CVSS 10.0
Vulnerabilities3 min read

Cisco SD-WAN Zero-Day Exploited Since May—CVSS 10.0

CVE-2026-20182 allows unauthenticated attackers to inject rogue peers into Cisco SD-WAN fabrics. Active exploitation since May; no workaround available—patch immediately.

Marcus ChenJul 1, 2026
Chrome WebGL Flaw Enables Sandbox Escape on Android
Vulnerabilities4 min read

Chrome WebGL Flaw Enables Sandbox Escape on Android

CVE-2026-13028, a critical use-after-free in Chrome's WebGL component, scores CVSS 9.6 and allows remote code execution with sandbox escape on Android. Update immediately.

Marcus ChenJul 1, 2026
Chrome Ad Blocker with 10M Users Has Dormant Backdoor
Vulnerabilities4 min read

Chrome Ad Blocker with 10M Users Has Dormant Backdoor

Island researchers discover Adblock for YouTube extension contains remote-controlled script injection capability that could steal passwords with a single server-side change.

Marcus ChenJun 27, 2026
Fortra PAM Flaw Lets Attackers Run Commands Without Auth
Vulnerabilities4 min read

Fortra PAM Flaw Lets Attackers Run Commands Without Auth

CVE-2026-9862 (CVSS 9.8) in Fortra Core Privileged Access Manager (BoKS) enables unauthenticated command injection via the autoregistration service. Restrict port 6507 access immediately.

Marcus ChenJun 26, 2026
Airoha Bluetooth Flaw Turns Earbuds Into Wiretaps
Vulnerabilities3 min read

Airoha Bluetooth Flaw Turns Earbuds Into Wiretaps

CVE-2025-20701 lets attackers hijack unpaired Beats, Sony, JBL earbuds to eavesdrop via microphone. CVSS 8.8 flaw affects 29 products from 10 brands.

Marcus ChenJun 20, 2026