6 articles tagged with "Cve"
CVE-2026-42208, a CVSS 9.3 pre-auth SQL injection in the LiteLLM LLM gateway, was weaponized within 36 hours of disclosure. CISA added it to KEV with a May 11 federal deadline.
Oracle's April 2026 CPU addresses 450 CVEs across 28 product families. Over 300 flaws are remotely exploitable without authentication, with Communications leading at 139 patches.
NIST will only enrich CVEs in CISA KEV, federal software, or critical infrastructure. Pre-March 2026 backlog moved to 'Not Scheduled.' Here's what security teams need to know.
Fortinet's March 2026 security advisory addresses 11 vulnerabilities including auth bypass, SQL injection, and buffer overflow flaws affecting enterprise management products.
GreyNoise researchers uncover coordinated campaign exploiting 767 CVEs across 47 technology stacks. Hong Kong-based infrastructure generated 98% of attack traffic on Christmas Day.
Beyond CVSS scores, these vulnerabilities caused the most damage in 2025—from nation-state exploitation to mass ransomware campaigns and breaches affecting millions.