Welcome To CVE Radar
Discover trending vulnerabilities, explore attack vectors, exploits, and security details
CVE Radar is a free vulnerability intelligence platform by SOCRadar that goes beyond raw CVSS scores to provide actionable threat context for each CVE. Security engineers, vulnerability managers, and SOC analysts can search any CVE identifier or product name to instantly see exploit availability, active exploitation evidence, patch status across major vendors, and attribution to known ransomware groups or APT actors weaponizing the flaw. The database refreshes hourly from the National Vulnerability Database, public proof-of-concept repositories, dark web exploit markets, and SOCRadar's proprietary threat intelligence feeds. The trending CVEs view highlights which vulnerabilities are gaining attack momentum week-over-week, enabling teams to prioritize patching based on real adversary behavior rather than severity scores alone. No account or API key is required for lookups.
Top CVE Trend (Last 30 Days)
CVE-2026-42945
8.1/ 10
CVSS Score
97/ 100
SVRS Score
3.71M
Audience
135
Social Media
27
News
11
Repos
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
broadfield-dev@broadfield_dev
2 days ago@EddCoates update your NGINX to greater than 1.30.2
NGINX Rift (CVE-2026-42945)
araintel.com@araintelhacking
4 days agoNGINX Rift (CVE-2026-42945): cuando una vulnerabilidad en el proxy se convierte en un problema de plataforma | Juan Almodóvar | Lee esta publicación y más en la web de Araintel https://t.co/4yg0eUXzkC
E.T.I.D.O of K.A.D.U.N.A💙🧡🤍@GoodnessEdet16
5 days agoI just completed CVE-2026-42945: Nginx Rift room on TryHackMe! Exploit NGINX Rift, an unauthenticated heap overflow RCE in NGINX's rewrite module since 2008. https://t.co/1Bhc2Izz3d #tryhackme via @tryhackme
Lyrie.ai@lyrie_ai
12 days ago05:09 UTC: Lyrie Sentinel flagged it.
0day Intel: ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffe
Lyrie.ai@lyrie_ai
12 days ago08:06 UTC: First exploit attempt in the wild.
0day Intel: ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffe
Lyrie.ai@lyrie_ai
12 days ago05:20 UTC: Thread live on @lyrie_ai.
0day Intel: ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffe
Lyrie.ai@lyrie_ai
12 days agoVendor.
Source: X search for CVE-2026 critical
Posted: 2026-05-19T20:34:16.000Z
Likes: 24
Heads up if you run NGINX:⚠️
A critical flaw (CVE-2026-42945) is being actively exploited right now.
Roman@mrBr4un
14 days agoI just completed CVE-2026-42945: Nginx Rift room on TryHackMe! Exploit NGINX Rift, an unauthenticated heap overflow RCE in NGINX's rewrite module since 2008. https://t.co/9A0VRuDMHC #tryhackme через @tryhackme
AlmaLinux@AlmaLinux
14 days agonginx has a critical vuln (CVE-2026-42945).
Patched packages are live for AlmaLinux 8, 9, 10 & Kitten 10.
Two commands and a restart and you're done. Don't sleep on this one! https://t.co/VYOqD5SumV
N_{Dario Fadda}@nuke86
15 days ago✨ CVE-2026-42945 (NGINX Rift): vulnerabilità critica attivamente sfruttata — aggiornare subito
Leggi il blog: https://t.co/ldVK76htgC https://t.co/wjBCDnXylw
CVE-2026-0257
9.1/ 10
CVSS Score
87/ 100
SVRS Score
3.21M
Audience
208
Social Media
54
News
10
Repos
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.
Panorama and Cloud NGFW are not impacted by these issues.
CiberPlaneta@CiberPlanetaOrg
1 day ago🛡️ Alerta de Seguridad: Palo Alto Networks PAN-OS Authentication Bypass en VPN (CVE-2026-0257)
Vulnerabilidad crítica en PAN-OS (CWE-565) permite bypass de autenticación y establecimiento de conexiones VPN no autorizadas. Incluida en el catálogo KEV de CISA. Plazo FCEB:
DFIR Radar@DFIR_Radar
18 days agoPalo Alto GlobalProtect CVE-2026-0257 auth bypass now actively exploited via forged authentication override cookies. CISA added to KEV catalog with June 1 federal deadline. Patch immediately or disable authentication override feature.
#DFIR_Radar https://t.co/i5houPL3ES
CiberBaur@BotBauR
18 days ago🚨 Acaba de confirmarse: la vulnerabilidad CVE-2026-0257 permite a atacantes forjar cookies de autenticación de VPN y bypassar el inicio de sesión de VPN en Palo Alto GlobalProtect.
Rapid7 ha detectado la explotación activa de esta vulnerabilidad en múltiples entornos de https://t.co/i1MXR6nKQ4
Cyber Security News@CyberSecNews663
18 days agoPalo Alto Networks has confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability affecting PAN-OS and Prisma Access deployments using specific GlobalProtect configurations.
The flaw allows attackers to establish unauthorized VPN connections, https://t.co/2Nd2Bdw5AL
Gray Hats@the_yellow_fall
18 days agoLearn about the active CVE-2026-0257 authentication bypass in PAN-OS. Discover how attackers exploit GlobalProtect VPNs and find key mitigations.
#CVE20260257 #PaloAltoNetworks #GlobalProtect #Cybersecurity #Infosec #ThreatIntel
https://t.co/uaiEdFCABp https://t.co/YE1KKciRgu
DFIR Radar@DFIR_Radar
18 days agoCVE-2026-0257 in Palo Alto GlobalProtect allows auth bypass via forged VPN cookies. Rapid7 confirms active exploitation since May 17 across multiple customers. Patch immediately or disable auth override feature.
#DFIR_Radar https://t.co/AVphR9nvN3
Yusuf Nuh 🍉@SenseWave_
18 days agoAttackers began actively exploiting a vulnerability of Palo Alto Networks’ widely used GlobalProtect VPN platform.
The flaw, tracked CVE-2026-0257 It affects PAN-OS software used in Palo Alto Networks and enables attackers to bypass authentication protections.
#cyber #security https://t.co/NNwenFgUTs
CyberSecurity Insight@CyberSecuriUS
18 days agoRapid7 Uncovers Campaign Leveraging Forged VPN Cookies in CVE-2026-0257 Attacks https://t.co/XsxUaZucP1
Techgines@nxtgen579255
18 days agoCVE-2026-0257 is now an active-priority GlobalProtect issue. Palo Alto says the PAN-OS / Prisma Access flaw can let attackers bypass security restrictions and establish unauthorized VPN connections in affected configurations.
https://t.co/44fSlrQTFC https://t.co/QG8KzWwvbJ
Nicolas Krassas@Dinosn
18 days agoCVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers https://t.co/GF24mhxyN2
CVE-2026-50751
9.3/ 10
CVSS Score
88/ 100
SVRS Score
3M
Audience
141
Social Media
54
News
6
Repos
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
CiberPlaneta@CiberPlanetaOrg
1 day ago🛡️ CVE-2026-50751: Vulnerabilidad crítica en Check Point Security Gateway permite bypass de autenticación VPN
Análisis técnico de CVE-2026-50751, vulnerabilidad crítica (CVSS 9.3) en Check Point Security Gateway que permite bypass de autenticación en VPN IKEv1.
CiberPlaneta@CiberPlanetaOrg
1 day ago🛡️ Alerta de Seguridad: Check Point Security Gateway Autenticación Incorrecta en IKEv1 VPN (CVE-2026-50751)
Vulnerabilidad crítica (CVSS 9.3) en Check Point Security Gateway permite a atacantes remotos no autenticados eludir la autenticación VPN mediante IKEv1 sin credenciales
Dr.Philippe Vynckier, CISSP - Influencer@PVynckier
5 days agoResearchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) - Help Net Security https://t.co/8IocuTv4Cd
Threat Signal@ThreatSignal_IN
5 days agoFor those diving into the repo: The bypass (CVE-2026-50751) exploits a certificate validation logic flaw in deprecated IKEv1. Critically, this is actively being leveraged by Qilin ransomware affiliates. Check your edge logs starting May26. Full detection engineering logic above👆
Centro Ciberseguridad Andalucía. CIAN@CentroCiberAND
9 days ago🚨 #AlertaSOC
Vulnerabilidades críticas con explotación activa en Check Point VPN.
⚠️ El fallo CVE-2026-50751 permite a un atacante remoto no autentificado conexión VPN en remoto sin credenciales en Mobile y Remote Access.
Actualiza tus sistemas 🔗 https://t.co/0V674l9IQR https://t.co/oNKPZZvyHO
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥☭⃠🅇@YourAnon_irc
9 days agoCritical #Cybersecurity threats: Check Point VPN zero-day (CVE-2026-50751) actively exploited, HTTP/2 "Bomb" (CVE-2026-49160) DoS impacts web servers. Redis RCE & Cisco UC RCE threaten data privacy/integrity in transit. Patch now! #News #Vulnerabilities
DFIR Radar@DFIR_Radar
9 days agoCVE-2026-50751 authentication bypass in Check Point VPN exploited by Qilin ransomware affiliates since May 7. Affects gateways using deprecated IKEv1 with legacy clients. Disable IKEv1 and audit VPN logs from May immediately.
#DFIR_Radar https://t.co/B3ixHwgICO
Daily CyberSecurity@the_yellow_fall
9 days agoDiscover the critical Check Point VPN vulnerability (CVE-2026-50751). Learn how Qilin ransomware actors bypass auth gates and how to patch.
#CheckPoint #VPNSecurity #CVE202650751 #QilinRansomware #InfoSec #Cybersecurity #TechNews
https://t.co/4bw29U9CHa https://t.co/S0bvlwHRPR
Aviatrix Threat Research Center@aviatrixtrc
9 days agoQilin ransomware affiliates exploited CVE-2026-50751 to bypass Check Point VPN authentication, establishing unauthorized remote access through deprecated IKEv1 protocols. Attackers moved laterally through internal systems before deploying encryption payloads. Runtime segmentation
Elusive@ElusivePrivacy
9 days agoCheck Point VPN zero-day
Check Point VPN auth bypass is being exploited in the wild. CVE-2026-50751, CVSS 9.3.
Unauthenticated attackers can establish a Remote Access VPN session with no valid password. Affects only IKEv1-configured gateways (Mobile Access/SSL VPN, Remote Access
CVE-2026-10520
10.0/ 10
CVSS Score
95/ 100
SVRS Score
2.64M
Audience
69
Social Media
30
News
3
Repos
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
NEWSTECNICAS | Tecnología, IA y Gaming.@newstecnicas
5 days ago🛡️ Manual Técnico de Mitigación: #Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry https://t.co/BT3gmR1LIw
DFIR Radar@DFIR_Radar
9 days agoCVE-2026-10520 (CVSS 10.0) enables unauthenticated RCE as root on Ivanti Sentry via command injection. CVE-2026-10523 (CVSS 9.9) bypasses authentication to create admin accounts. Public PoC available — patch immediately to versions 10.7.1, 10.6.
#DFIR_Radar https://t.co/5i5ze1n6gt
Rishi@rxerium
9 days ago🚨 CVE-2026-10520, a critical (CVSS 10.0) OS Command Injection vulnerability in Ivanti Sentry is now under active exploitation as reported by @DefusedCyber
Scan infrastructure to see if you're vulnerable:
https://t.co/jcr7SLj5FO
Patches are available as per Ivanti's advisory: https://t.co/oQvdAKKfiY
VulDB 🛡@vuldb
9 days agoSome increased actor activities are shown targeting Ivanti Sentry (CVE-2026-10520) https://t.co/0PPyoSgF6T
ThreatCluster@threatcluster
9 days agoIvanti released fixes for Sentry flaws CVE-2026-10520 (pre-auth root RCE) and CVE-2026-10523 (admin auth bypass) affecting versions before R10.5.2, R10.6.2 and R10.7.1, BleepingComputer reported.
https://t.co/ZnYJRKA5uZ
Defused@DefusedCyber
9 days ago🚨 CVE-2026-10520 (Pre-auth OS Command Injection in Ivanti Sentry) is now under active exploitation
Attackers have been exploiting Ivanti systems with the recently released vulnerability since this morning
Track Ivanti exploitation live 👉 https://t.co/GXFaqggV8a https://t.co/nylXVUWcfq
Cybersecurity News Everyday@TweetThreatNews
9 days agoIvanti patched two critical Sentry flaws, including CVE-2026-10520, a max-severity command injection that could allow root code execution, and CVE-2026-10523, an auth bypass for rogue admin access. #Ivanti #Sentry #CVE202610520
https://t.co/ajFnF8yJmq
SecAlerts@SecAlertsCo
9 days agoIvanti Sentry: unauthenticated RCE as root. CVE-2026-10520 is a CVSS 10 OS command injection flaw. Patch to R10.5.2, R10.6.2 or R10.7.1 now. https://t.co/C0231EQTnD
Nicolas Krassas@Dinosn
9 days agoMore Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) - watchTowr Labs https://t.co/rEpMJX7q1n
DFIR Radar@DFIR_Radar
9 days agoIvanti Sentry pre-auth OS command injection (CVE-2026-10520) achieves perfect 10.0 CVSS with unauthenticated root RCE. Watchtowr Labs demonstrates exploitation using hardcoded XML format leaked in patch analysis.
Technical breakdown:
• CVE-2026-10520 affects Sentry versions https://t.co/5H4Zcn6K9Q
CVE-2026-46333
5.5/ 10
CVSS Score
64/ 100
SVRS Score
2.61M
Audience
36
Social Media
25
News
0
Repos
In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dumpable()' logic
The 'dumpability' of a task is fundamentally about the memory image of
the task - the concept comes from whether it can core dump or not - and
makes no sense when you don't have an associated mm.
And almost all users do in fact use it only for the case where the task
has a mm pointer.
But we have one odd special case: ptrace_may_access() uses 'dumpable' to
check various other things entirely independently of the MM (typically
explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for
threads that no longer have a VM (and maybe never did, like most kernel
threads).
It's not what this flag was designed for, but it is what it is.
The ptrace code does check that the uid/gid matches, so you do have to
be uid-0 to see kernel thread details, but this means that the
traditional "drop capabilities" model doesn't make any difference for
this all.
Make it all make a *bit* more sense by saying that if you don't have a
MM pointer, we'll use a cached "last dumpability" flag if the thread
ever had a MM (it will be zero for kernel threads since it is never
set), and require a proper CAP_SYS_PTRACE capability to override.
Enigma-Global@EnigmaGlobalSW
10 days agoMultiple critical Linux kernel vulnerabilities are under active exploitation, posing severe privilege escalation risks across enterprise environments worldwide. CVE-2026-46333, nicknamed "ssh-keysign-pwn," exploits a race...
https://t.co/AsiSr2h0c5
AlmaLinux@AlmaLinux
13 days agoPatched kernels for CVE-2026-46333 are now in production repos.
A single dnf upgrade and reboot gets you patched kernels for ssh-keysign-pwn and Fragnesia 👇 https://t.co/BdTyfPA9z1
ThreatCluster@threatcluster
15 days agoOracle issued advisories for Oracle Linux 7, 8 and 9 fixing CVE-2026-46300 and CVE-2026-46333 that allow denial of service and privilege escalation in kernels 5.4, 5.15 and 6.12, according to Oracle.
https://t.co/cMIsksTcuc
Linux Kernel Security@linkersec
16 days agoLogic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333)
Article about a logical bug in ptrace implementation that allows getting access to file descriptors of other processes and thus escalating privileges in certain scenarios.
https://t.co/s5jkzBpV36 https://t.co/GgwEtmnIP5
Flatcar Container Linux@flatcar
17 days ago📦 Package updates: Linux 6.12.91 (Alpha/Beta/Stable), Linux 6.6.141 (LTS), ca-certificates 3.124
🔒 Security maintenance release for the recently disclosed kernel LPEs Fragnesia (CVE-2026-46300) and ssh-keysign-pwn (CVE-2026-46333), plus the usual kernel CVE roll-up
IntegSec@integ_sec
18 days agoCVE-2026-46333: Linux Kernel Local Privilege Escalation Bug - What It Means for Your Business and How to Respond
https://t.co/B90MSy7C1B
WindowsForum@windowsforum
23 days ago🪲 MSRC dropped another Linux kernel ptrace grenade (CVE-2026-46333). “get_dumpable” sounds harmless—until your Azure Linux boxes can be pried open. Patch fast, IT. #Windows #Security #Azure #Linux
https://t.co/p5B5n6pSX7
#AzureLinux #LinuxKernelSecurity #PtraceVulnerability https://t.co/7A0nFJ6nSq
Canonical@Canonical
2026-05-19Mitigations for "ssh-keysign-pwn" (CVE-2026-46333) Linux kernel vulnerability are available in Ubuntu.
Read the blog for details: https://t.co/woaA6Jsfjg https://t.co/HodyPMhRFi
Ubuntu@ubuntu
2026-05-19Mitigations for "ssh-keysign-pwn" (CVE-2026-46333) Linux kernel vulnerability are available in Ubuntu.
Read the blog for details: https://t.co/Abz34ZwPN3 https://t.co/4wAtbVXEHB
Chris Short@ChrisShort
2026-05-19AI Discovers CVE-2026-46333 Linux Kernel Vulnerability #devopsish https://t.co/8ElwqTsKFi https://t.co/itQsFI8TS9
CVE-2026-42271
8.8/ 10
CVSS Score
85/ 100
SVRS Score
2.29M
Audience
49
Social Media
17
News
0
Repos
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.
CiberPlaneta@CiberPlanetaOrg
1 day ago🛡️ Alerta de Seguridad: BerriAI LiteLLM Command Injection de Ejecución Remota de Comandos (CVE-2026-42271)
Inyección de comandos en BerriAI LiteLLM permite a usuarios autenticados con privilegios bajos ejecutar comandos arbitrarios en el host. Incluida en catálogo KEV de CISA.
DCI CyberSec News@DCICyberSecNews
8 days agoLiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE https://t.co/clwIRSPaut via @TheHackersNews
elorri_79@456c6f727269
8 days ago🚨 New critical LiteLLM flaw is being exploited in the wild.
CVE-2026-42271 (CVSS 8.7) — command injection via two MCP preview endpoints.
Chained with CVE-2026-48710 (Starlette host header bypass) → unauthenticated RCE (CVSS 10.0).
If you run litellm-proxy: read this thread.
Bill Schroeder@bill__schroeder
9 days agoLiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) - Help Net Security https://t.co/Jpe2GXXJSk
Marcus Lenngren@lenngrenm
9 days ago⚠️ CRITICAL: LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
A critical command injection vulnerability (CVE-2026-42271) in LiteLLM AI gateway versions 1.74.2 through 1.83.7 is being actively exploited in the wild. Researchers have chained t
Bryan@so_sthbryan
9 days agoLiteLLM just hit CISA's known exploited list.
CVE-2026-42271 chains to unauthenticated RCE, CVSS 8.7, and attackers are already using it in the wild.
Patch LiteLLM instances now if you run them.
https://t.co/qnDLiSAzkO
GoCocoaAI@GoCocoaAI
9 days agoSources for this post:
Bitdefender Global Scam Intelligence Report 2026, via Help Net Security (published 2026-06-10): https://t.co/UtbUBSjhjV
Sidebar flag from the same page: CVE-2026-42271 (LiteLLM, active exploitation, CISA warning) — an AI-stack vulnerability worth a https://t.co/u8SoizhoOs
ThreadLinqs@threadlinqs
9 days agoAn AI gateway flaw lets attackers run code unauthenticated - CISA says CVE-2026-42271 is being exploited now. https://t.co/f1B9nmqR4p #ThreatIntel #CVE https://t.co/2vyhCPKq1t
ThreadLinqs@threadlinqs
9 days agoAn AI gateway flaw lets attackers run code unauthenticated - CISA says CVE-2026-42271 is being exploited now. https://t.co/f1B9nmqR4p #ThreatIntel #CVE https://t.co/hkve0nxplM
Horizon3.ai@Horizon3ai
18 days agoThe chain combines:
• CVE-2026-42271 (LiteLLM)
• CVE-2026-48710 (Starlette BadHost)
Extended Threat IntelligenceFree Trial
Stay ahead with proactive cyber threat warnings
Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.
CVE-2026-20262
6.5/ 10
CVSS Score
67/ 100
SVRS Score
2.25M
Audience
47
Social Media
16
News
2
Repos
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.
This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.
Jayson Jose@Jayson_security
2 days agoLa explotación activa de CVE-2026-20262 en Cisco SD-WAN Manager subraya la necesidad de gestión de parches rigurosa. Priorizar estas actualizaciones es crucial para proteger nuestra infraestructura de red.
Qualys@qualys
2 days agoCISA has officially issued a warning regarding the active exploitation of a critical Cisco Catalyst SD-WAN Manager vulnerability tracked as CVE-2026-20262.
This security flaw enables remote attackers with valid credentials to create or overwrite arbitrary files on the https://t.co/EUdBP1w5MQ
SecAlerts@SecAlertsCo
2 days agoCisco warns of actively exploited zero-day vuln in SD-WAN product.
Info, incl. fix info, at vulnerability alert service, SecAlerts:
CVE-2026-20262, CVSS 6.5: https://t.co/fg78o4yvWy
#ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #secalerts #CVE202620262 #cisco https://t.co/4buLXDTc7f
HACKLIDO@hacklido
2 days agoCisco Catalyst SD-WAN Manager Vulnerability (CVE-2026-20262): Attackers Could Gain Root Access Through File Write Flaw https://t.co/g6CadzXEuo
Merge News@mergenewsapp
2 days agoCritical arbitrary file write vuln (CVE-2026-20262) in Cisco Catalyst SD-WAN Manager allows root access & is actively exploited. Update now!
#cisco #sdwan #vulnerability #zeroday
VulDB 🛡@vuldb
2 days agoSome increased actor activities are shown targeting Cisco Catalyst SD-WAN Manager (CVE-2026-20262) https://t.co/VwZd4kMoZw
Mabior Agau@_CyberMaster
3 days ago🚨 CVE-2026-20262 is being actively exploited in the wild.
Cisco SD-WAN Manager — arbitrary file write via crafted HTTP request to the web UI API.
If you're running Cisco SD-WAN, patch NOW. This isn't a theoretical one.
#Cybersecurity #Cisco #Infosec
GoCocoaAI@GoCocoaAI
3 days agoThe floor opens up under Cisco SD-WAN Manager — again. CVE-2026-20262, an arbitrary file write via crafted HTTP request to the web UI API, was already under active exploitation before Cisco shipped the fix today. CISA KEV-listed it within hours. Federal agencies have until June
America's Pick@nims213
4 days agoCisco fixes SD-WAN vManage flaw exploited in zero-day attacks https://t.co/L20M8RqlQ4
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges.
Forme…
Daily CyberSecurity@the_yellow_fall
4 days agoCisco warns CVE-2026-20262, a Cisco SD-WAN vulnerability enabling arbitrary file write, is exploited in the wild. Patch SD-WAN Manager now.
#Cisco #SDWAN #CVE202620262 #ArbitraryFileWrite #InfoSec
https://t.co/8na0EmGQIl https://t.co/g06TjhufIx
CVE-2025-48595
8.4/ 10
CVSS Score
89/ 100
SVRS Score
2.25M
Audience
78
Social Media
44
News
0
Repos
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
SHORT INFO@ShortInfoNews
1 day agoAnyone on Android 14, 15 or 16 should install June's security update now. Google $GOOGL says CVE-2025-48595, a flaw in the Android framework, is already under targeted attack and lets a malicious app seize control of a phone with no user action. The update fixes 124 bugs.
CiberPlaneta@CiberPlanetaOrg
1 day ago🛡️ CVE-2025-48595: Desbordamiento de Entero en Android Framework con Escalada de Privilegios Local
Análisis técnico de CVE-2025-48595, vulnerabilidad de integer overflow en Android Framework explotada activamente que permite escalada de privilegios local.
https://t.co/XzeKJugSBE
CiberPlaneta@CiberPlanetaOrg
1 day ago🛡️ Alerta de Seguridad: Desbordamiento de Enteros en Android Framework con Escalada Local de Privilegios (CVE-2025-48595)
Vulnerabilidad de desbordamiento de enteros (CWE-190) en Android Framework permite ejecución de código y escalada local de privilegios (LPE). Explotación
BetterMSSP@bettermssp
5 days ago🚨 Your staff approves MFA into your RMM on #Android. #CVE-2025-48595 needs zero clicks to own that device. If you haven't told clients to patch today, you just inherited their breach. Audit your team's Android patch level in the next 4 hours. #mssp #zerocliclick https://t.co/XTh28KHRYT
Wes DeVault, CISSP@wvipersg
16 days agoGoogle Patches Android Zero-Day CVE-2025-48595 Exploited in Targeted Attacks https://t.co/bnDL5kPrEB
Cyber Edition@CyberEdition
16 days ago🛡️Google confirmed active exploitation of Android zero-day CVE-2025-48595. The flaw allows remote privilege escalation with no user interaction, making silent device takeovers possible. Install the June 2026 Android security update ASAP.
https://t.co/aEJNj4jUVF
#Android
PurpleOps@PurpleOps_io
16 days ago124 Android flaws patched this month and the number that matters is 1: CVE-2025-48595, already exploited in the wild. It is a Framework bug, remote, unauthenticated, no privilege needed - the profile that gets weaponised fast. Batch size is noise, this is the signal. https://t.co/Es01LvzKvc
Nikhil N@thecyberjim
16 days agoGoogle just patched 124 Android flaws. But one matters: CVE-2025-48595. Integer overflow in Framework. Attackers can execute code on your phone without you doing anything. No clicks. No downloads. Just runs. Affects Android 14, 15, 16. Already being exploited in the wild. Update
TheFactumAI@TheFactumAI
16 days ago@TraffAlex CVE-2025-48595 Framework integer overflow enables silent privilege escalation in persistent spyware pipelines targeting high-value users. Standard bulletins understate the scope and repeat actor patterns that prior patches failed to disrupt. [SENTINEL]
Cybersecurity News Everyday@TweetThreatNews
16 days agoGoogle's June 2026 Android update patches 124 flaws, including CVE-2025-48595, a high-severity Framework bug already seeing limited targeted exploitation. Fixes span System, kernel, and chipset issues. #Android #Google #CVE202548595
https://t.co/qQTSccF89s
CVE-2026-26980
7.5/ 10
CVSS Score
81/ 100
SVRS Score
2.19M
Audience
89
Social Media
23
News
0
Repos
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
Cloudflare Changelog@CFchangelog
3 days agoWAF release 2026-06-15 is here. We added managed rules to block the Ghost CMS SQLi vulnerability CVE-2026-26980. Protect your installations at the edge.
https://t.co/VQ7FthHpn2
Lyrie.ai@lyrie_ai
11 days agoFull Tweet
Heads up about a critical SQL injection vuln in Ghost CMS affecting Harvard, Oxford, and DuckDuckGo among others
CVE-2026-26980
Source: X search for CVE-2026 critical
Posted: 2026-05-28T21:50:58.000Z
Likes: 14
Lyrie.ai@lyrie_ai
11 days agoSource: X search for CVE-2026 critical
Posted: 2026-05-28T21:50:58.000Z
Likes: 14
Heads up about a critical SQL injection vuln in Ghost CMS affecting Harvard, Oxford, and DuckDuckGo among others
CVE-2026-26980 https://t.co/rRbYE1mcNX
Lyrie.ai@lyrie_ai
11 days agoCVE-2026-26980: Heads up about a critical SQL injection vuln in Ghost CMS affecting Harvard, Oxford, and DuckDuckGo among others CVE-2026-26980
Source: X search for CVE-2026 critical
Posted: 2026-05-28T21:50:58.000Z
Likes: 14
Lyrie.ai@lyrie_ai
11 days agoCVE-2026-26980.
0day Intel: 🚨 Hackers breached 700+ Ghost CMS websites to serve ClickFix malware attacks.
Wordfence@wordfence
14 days ago700+ Ghost CMS Sites Hit By Click Fix Attack
Wordfence Security News Clip | May 25, 2026
Over 700 Ghost CMS sites are compromised via a critical SQL injection flaw (CVE-2026-26980) in the content API.
Attackers extract admin API keys, inject JavaScript loaders into articles, https://t.co/PtAIPHnBGn
INFOSEC.WATCH@InfosecDotWatch
15 days agoGhost CMS CVE-2026-26980 was reportedly used to compromise hundreds of sites and inject malicious JavaScript loaders. https://t.co/5OtBUZVUq1
Asta@astasolutions
16 days agoA critical Ghost CMS vulnerability (CVE-2026-26980) is being actively exploited worldwide, impacting universities, fintechs, media, and AI platforms. Strengthen your cybersecurity posture with proactive monitoring and threat detection.
Learn more at https://t.co/aH9WSJOqn8 https://t.co/kYjDrw7Zqe
Cyber Netsec IO@NetSecIO
17 days ago📢 GHOST CMS HACKED: A critical SQL injection flaw (CVE-2026-26980) is being mass-exploited to hack Ghost sites. Attackers steal API keys to inject malware that targets visitors. Over 700 sites hit. Patch and rotate keys NOW! #GhostCMS #CVE #SQLi
🌐 cyber[.]netsecops[.]io https://t.co/8GiFzawFLK
Tim Wilson@TimWilsonAtDxc
17 days agoThe attacks that XLab observed begin by exploiting CVE-2026-26980 to steal the admin API keys, and then use the elevated rights to inject malicious JavaScript into articles https://t.co/eIy9YQPKAf
CVE-2024-21182
7.5/ 10
CVSS Score
76/ 100
SVRS Score
2.13M
Audience
47
Social Media
20
News
2
Repos
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
SHORT INFO@ShortInfoNews
1 day agoInternet-facing Oracle $ORCL WebLogic Server is under active attack. CISA added CVE-2024-21182 to its Known Exploited Vulnerabilities catalog: an unauthenticated attacker can hit it remotely over T3 or IIOP and read sensitive data. US federal patch deadline: June 4.
CiberPlaneta@CiberPlanetaOrg
1 day ago🛡️ Alerta de Seguridad: Oracle WebLogic Server - Acceso No Autorizado a Datos vía T3/IIOP (CVE-2024-21182)
Vulnerabilidad crítica en Oracle WebLogic Server permite a atacantes no autenticados acceder a datos sensibles mediante protocolos T3/IIOP. Explotación activa confirmada por
Vivek | Cybersecurity@VivekIntel
16 days agoOracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/JRQ4LTNfLp
ねこさん⚡(ΦωΦ)@catnap707
16 days agoTwo-year old Oracle WebLogic Server vulnerability is being exploited | CSO Online https://t.co/KbiPyZmeG9
"The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog,…"
Nicolas Krassas@Dinosn
16 days agoOracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/2nY1LHpVOA
Yusuf Nuh 🍉@SenseWave_
16 days agoAttackers are now actively exploiting a vuln in Oracle WebLogic Server. @CISAgov issued an urgent directive ordering federal agencies to secure systems vulnerable to it.
Thursday, CISA added this vuln (CVE-2024-21182) to its Known Exploited Vulnerabilities (KEV) Catalog, https://t.co/4uekO4ADqj
Brian Teater@bteater51
16 days agoOracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/lHNOivjDul via @TheHackersNews
Tobibur Rahman@tobi8ur
16 days agoCISA warned agencies to patch Oracle WebLogic flaw CVE-2024-21182 after attackers began exploiting the two-year-old bug in the wild.
Nothing says enterprise software like a critical bug returning for a reunion tour. #AppSec #Cybersecurity https://t.co/vLO1huIdhx
ThreadLinqs@threadlinqs
18 days agoNEW THREAT INTEL: Oracle WebLogic CVE-2024-21182 - unauth T3/IIOP flaw added to CISA KEV, actively exploited. 9 detections. https://t.co/my7YEGayFz #ThreatIntel #WebLogic https://t.co/jYqvdJv9Je
CISA Cyber@CISACyber
18 days ago🛡️ We added Oracle WebLogic Server unspecified vulnerability CVE-2024-21182 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSec https://t.co/acHwGfqgDW
CVE-2026-54420
8.5/ 10
CVSS Score
83/ 100
SVRS Score
2.11M
Audience
22
Social Media
8
News
0
Repos
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
Cybersecurity News Everyday@TweetThreatNews
2 days agoJoomla JCE CVE-2026-48907 and LiteSpeed cPanel CVE-2026-54420 are being actively exploited, enabling file uploads, PHP execution, and possible root escalation on shared hosting servers. #Joomla #LiteSpeed #CISA
https://t.co/o3etmdvGBO
The Hacker News@TheHackersNews
3 days ago🚨 A shared hosting flaw just landed on CISA’s exploited list.
CVE-2026-54420 affects the LiteSpeed cPanel Plugin and can let a user with FTP or web shell access gain root on CloudLinux/CageFS servers.
Federal agencies must patch by June 18, 2026.
Read: https://t.co/KEaqsStI2D https://t.co/G7GZjG2BwE
Daily CyberSecurity@the_yellow_fall
3 days agoCVE-2026-54420, a LiteSpeed cPanel privilege escalation flaw, is exploited in the wild to gain root on shared hosting. Patch to plugin v2.4.8 now.
#LiteSpeed #cPanel #CVE202654420 #PrivilegeEscalation #InfoSec
https://t.co/rOiebScACs https://t.co/7zHLiwvUk9
SecAlerts@SecAlertsCo
3 days ago🔗 Actively exploited: CVE-2026-54420 in LiteSpeed cPanel Plugin. Symlink attack lets unprivileged FTP/web shell users on shared hosting escalate to full compromise. CISA KEV-listed. Patch to 2.4.8 / WHM Plugin 5.3.2.0 now. #LiteSpeed #infosec https://t.co/h9vQW3mJjs https://t.co/e3j6ZmVz5D
University of ZERO@zerotalktoai
4 days agoOh cPanel servers about to be hacked? Update asap or remove LiteSpeed cPanel Plugin.
CVE-2026-20262
Cisco Catalyst SD-WAN
Manager Directory or Path Traversal Vulnerability
CVE-2026-54420
LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
LiteSpeed Tech@litespeedtech
4 days agoThe CVE that was published today for LiteSpeed's WHM plugin prior to v2.4.8 refers to the same vulnerability we disclosed (and patched) two weeks ago. CVE-2026-54420: https://t.co/1xR8NH6Yvy
CISA Cyber@CISACyber
4 days ago🛡️ We added Cisco Catalyst SD-WAN Manager vulnerability CVE-2026-20262 and LiteSpeed cPanel Plugin vulnerability CVE-2026-54420 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity https://t.co/rAEee4kpx6
Marcus Lenngren@lenngrenm
5 days ago⚠️ CRITICAL: ‼️ CVE-2026-54420: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn b...
CVE-2026-54420 is a critical symlink mishandling vulnerability in LiteSpeed cPanel plugin versions before 2.4.8 and LiteSpeed WHM Plugin versions before 5.3.2.0.
Dark Web Informer@DarkWebInformer
5 days ago‼️ CVE-2026-54420: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
CVSS: https://t.co/hQCWaFNk8B
Upwind Security MDR@UpwindMDR
5 days ago🚨High - LiteSpeed cPanel Plugin Symlink Mishandling / CageFS Bypass (CVE-2026-54420)
A symlink-following flaw (CWE-61) in the LiteSpeed cPanel plugin lets an attacker who already holds FTP or web shell access to a user account on a shared hosting server plant crafted symbolic
CVE-2026-45659
8.8/ 10
CVSS Score
87/ 100
SVRS Score
2.07M
Audience
58
Social Media
19
News
2
Repos
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
IntegSec@integ_sec
7 days agoCVE-2026-45659: Microsoft SharePoint Deserialization Bug - What It Means for Your Business and How to Respond
https://t.co/BYYpTgPLQT
Xavier Rivera@XavierRiveraX
10 days agoMicrosoft June 2026 Patch Tuesday is live. Exchange CVE-2026-42897 (CVSS 8.1, actively exploited OWA spoofing): permanent patch replaces the EMES temporary mitigation. SharePoint CVE-2026-45659 (CVSS 8.8 RCE) also drops today. Secure Boot legacy UEFI certs expire June 24.
B2B Cyber Security.de@B2bCyber
10 days agohttps://t.co/2yqUGs8mZO
Microsoft SharePoint with a highly dangerous security vulnerability
Microsoft and CERT-Bund are warning of a highly dangerous vulnerability in Microsoft SharePoint. The flaw, CVE-2026-45659, is rated CVSS 8.8 and allows an authorized attacker to execut… https://t.co/ezgNedgS85
NEWSTECNICAS | Tecnología, IA y Gaming.@newstecnicas
10 days ago🚨 Guía de remediación urgente: #Vulnerabilidad RCE en SharePoint (CVE-2026-45659) https://t.co/ZiQr2jUmXG
SharkStriker@TheSharkStriker
11 days agoThrough the blog, we will dissect a major RCE flaw CVE-2026-45659 in Microsoft SharePoint from a security POV, understanding how exploitation happens and what enterprises need to do to defend.
https://t.co/ao3KsEjgJD
.
.
.
#CVE202645659 #sharkstriker
UNDERCODE TESTING@UndercodeUpdate
23 days ago🚨 #Microsoft SharePoint Server Flaw Enables Remote Code Execution Attacks – #CVE-2026-45659 Exploit Analysis & Hardening + Video
https://t.co/YK84FYxIIO
Educational Purposes!
VulnTracker@vuln_tracker
23 days ago@TheHackersNews You don't need to be an admin to own SharePoint anymore.
CVE-2026-45659 - any Site Member can trigger RCE on SharePoint Server 2016, 2019, and Subscription Edition. CVSS 8.8.
Every employee with a SharePoint login is now a potential threat vector.
Track it. Patch it.
Joel Domenech@Joel_DAA
23 days agoMicrosoft parchea la vulnerabilidad crítica CVE-2026-45659 en SharePoint que permitía ejecución remota de código. ¡Actualiza ya para proteger tus sistemas! #Ciberseguridad #Microsoft #SharePoint #SeguridadTI
DCI CyberSec News@DCICyberSecNews
23 days agoMicrosoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions https://t.co/R1qtcuESdf via @TheHackersNews
DFIR Lab@DFIR_Lab
23 days ago🚨 HIGH SEVERITY: CVE-2026-45659 (CVSS 8.8)
Deserialization flaw in Microsoft SharePoint allows authenticated attackers to execute remote code over network.
Patch immediately.
#CVE #Vulnerability #PatchNow #ThreatIntel #DFIR https://t.co/62V8Mrbba0
CVE-2026-45247
9.8/ 10
CVSS Score
92/ 100
SVRS Score
2.01M
Audience
40
Social Media
16
News
0
Repos
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.
CiberPlaneta@CiberPlanetaOrg
1 day ago🛡️ Alerta de Seguridad: Deserialización de datos no confiables en Mirasvit Full Page Cache Warmer permite RCE no autenticado (CVE-2026-45247)
RCE no autenticado en Mirasvit Full Page Cache Warmer via cookie CacheWarmer maliciosa con objeto PHP serializado. Incluida en CISA KEV.
Lyrie.ai@lyrie_ai
9 days ago03:00 UTC: First exploit attempt in the wild.
CVE-2026-45247 added to CISA KEV: Mirasvit Mirasvit Full Page Cache Warmer
The Daily Tech Feed@dailytechonx
14 days agoCritical RCE vulnerability (CVE-2026-45247) in Magento's Mirasvit Cache Warmer extension actively exploited. Immediate update to version 1.11.12 recommended. Link: https://t.co/Ia2G5ywP8g #Magento #Mirasvit #RCE #Vulnerability #Exploit #Security #Cyberattack #Patch #Update https://t.co/7KnxZxi7m8
AlexAImaginator@TraffAlex
14 days ago🔒 CYBERSECURITY, PRIVACY & OPEN SOURCE DAILY — June 05, 2026
1️⃣ CISA ADDS CVE-2026-45247 TO KNOWN EXPLOITED VULNERABILITIES CATALOG
CISA has added a critical deserialization vulnerability in Mirasvit Full Page Cache Warmer (CVE-2026-45247) to its Known Exploited
Elusive@ElusivePrivacy
14 days ago🔓 CVE-2026-45247, CVSS 9.8. Unauthenticated PHP object injection in Mirasvit Full Page Cache Warmer for Magento 2 enables remote code execution.
Actively exploited in the wild to deploy web shells and create admin accounts. Thousands of Adobe Commerce storefronts affected.
Silent Vector@gh0st_V3ctbrv
14 days ago🚨-4- CISA Adds Mirasvit Cache Warmer Flaw to Exploited Vulnerabilities Catalog
🎯 Attack: The U.S. CISA added a Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS 9.3), to its Known Exploited Vulnerabilities (KEV) catalog.
👤 Threat Actor: Unknown
💥 Impact:
DFIR Radar@DFIR_Radar
14 days agoCISA adds CVE-2026-45247 (CVSS 9.3) to KEV catalog - critical PHP object injection in Mirasvit Cache Warmer for Magento allows unauthenticated RCE via crafted CacheWarmer cookie. Federal agencies must patch by June 6.
#DFIR_Radar https://t.co/FHGU3rGtss
ねこさん⚡(ΦωΦ)@catnap707
14 days agoCISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks https://t.co/SPpYeBrNEf"CISA has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247"
The Hacker News@TheHackersNews
15 days ago🚨 Attackers are actively exploiting CVE-2026-45247, a critical Magento RCE flaw in Mirasvit Cache Warmer.
CISA added it to KEV. The bug scores 9.8 CVSS and allows unauthenticated PHP code execution via crafted CacheWarmer cookies.
Patch before June 6.
Read: https://t.co/8Mi4jPebwq
CISA Cyber@CISACyber
16 days ago🛡️ We added Mirasvit Full Page Cache Warmer deserialization of untrusted data vulnerability CVE-2026-45247 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/nSR71c2CvX
CVE-2026-20253
9.8/ 10
CVSS Score
92/ 100
SVRS Score
2.01M
Audience
51
Social Media
18
News
2
Repos
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
ﮩ٨ـﮩ𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥 𝕏ﮩ٨ــ@AnonNews_irc
5 days agoUS-Iran peace talks advance, but Beirut attack raises tensions. Meanwhile, a critical Splunk RCE flaw (CVE-2026-20253) and Oracle PeopleSoft zero-day exploited by ShinyHunters demand urgent attention. #Cybersecurity #Geopolitics #News
CiberBaur@BotBauR
5 days ago🚨 Acaba de confirmarse: una vulnerabilidad crítica en Splunk Enterprise permite a los atacantes ejecutar código sin autenticación, con una puntuación de 9.8 en el sistema de puntuación CVSS.
La vulnerabilidad, CVE-2026-20253, afecta a versiones de Splunk Enterprise por debajo
Upwind Security MDR@UpwindMDR
5 days ago🚨Critical - Splunk Enterprise PostgreSQL Sidecar Arbitrary File Create/Truncate (CVE-2026-20253)
An unauthenticated remote attacker can create or truncate arbitrary files on the server through the PostgreSQL sidecar service endpoint due to missing authentication controls.
This
SecureChap@SecureChap
5 days agoCVE-2026-20253 scores 9.8 because Splunk Enterprise versions below 10.2.4 and 10.0.7 ship a PostgreSQL sidecar whose recovery endpoints require no authentication.
The endpoints /v1/postgres/recovery/backup and /v1/postgres/recovery/restore accept unauthenticated requests over
Joel Domenech@Joel_DAA
5 days agoSplunk corrige una falla crítica (CVE-2026-20253) que permitía ejecución remota de código sin autenticación. La vulnerabilidad tiene una severidad de 9.8 CVSS. ¡Actualiza tu sistema ya! #Ciberseguridad #Splunk #Vulnerabilidad #SeguridadTI https://t.co/Nu3oyKzvSs
Marcell Ujlaki@UjlakiMarci
5 days ago🟥 CVE-2026-20253, CVSS: 9.8 (#Critical)
Splunk Enterprise and Cloud Platform
a missing authentication for a PostgreSQL sidecar service endpoint
an unauthenticated user can invoke file operations to create or truncate arbitrary files on the system
https://t.co/mGBAclSo14 https://t.co/hDrdChj0yo
CyDhaal@CyberDhaal
5 days agoSplunk Enterprise Pre-Auth RCE Chain Exposed https://t.co/MYmGs46LBc
#SOC #Splunk @RCE #CVE-2026-20253 #CVSS #9.8 https://t.co/CjBztrQZ17
Eyal Estrin ☁️@eyalestrin
5 days agoWhy Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://t.co/F1sx5I50MU #patchmanagement
YogSotho@YogSoth0
5 days agoCVE-2026-20253 — Splunk Enterprise/Cloud PostgreSQL
Sidecar Service Exploitation Framework
Military-grade multi-stage RCE exploitation:
Stage 1: /backup endpoint with hostaddr injection
→ dump attacker DB to arbitrary file
Stage 2: /restore endpoint with passfile
Zero Day Wire@zerodaywire
5 days ago🚨 Splunk Enterprise CVE-2026-20253: PostgreSQL Sidecar Flaw Enables Unauthenticated RCE
🔗 https://t.co/uOOXBGkH2a
#cybersecurity #infosec #threatintel https://t.co/YD2X3HKCpk
CVE-2026-48172
9.8/ 10
CVSS Score
90/ 100
SVRS Score
1.93M
Audience
73
Social Media
22
News
2
Repos
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.
PreventCyber@Prevent_Cyber
2 days agoCISA has warned of another actively exploited cPanel plugin flaw. The vulnerability (CVE-2026-48172) affects LiteSpeed cPanel Plugin version 2.3 to 2.4.4 and can allow attackers to gain root-level access and execute arbitrary scripts. #CyberSecurity #CISA #VulnerabilityManagement https://t.co/k3Qgufg4Ob
Aviatrix Threat Research Center@aviatrixtrc
2 days agoAttackers exploited CVE-2026-48172 to escalate privileges from cPanel user to root on shared hosting servers. The LiteSpeed plugin flaw enabled arbitrary script execution, leading to full system compromise and potential lateral movement across hosting infrastructure. Runtime
Kerry Allan@kallan4446
6 days agoHSC Industry Digest - June 01, 2026
A critical privilege escalation vulnerability in LiteSpeed's cPanel plugin (CVE-2026-48172, CVSS 10.0) is actively being exploited, allowing shared hosting customers to take complete control of ser……
https://t.co/Dxk9bMFIwS https://t.co/QR4gOq3S1X
Kerry Allan@kallan4446
8 days agoHSC Industry Digest - May 28, 2026
A critical zero-day vulnerability in LiteSpeed's cPanel plugin (CVE-2026-48172, CVSS 10.0) is being actively exploited, allowing unprivileged users to gain root access on shared hosting servers—an …
R…
https://t.co/flAjUuQnrj https://t.co/3yuPQrEwDj
Lyrie.ai@lyrie_ai
9 days ago00:00 UTC: CVE-2026-48172 disclosed.
CISA: CVE-2026-48172 added to Known Exploited Vulnerabilities — LiteSpeed cPanel Plugin
Status: ✅ Confirmed exploited in the wild
Date added: 2026-05-26
Required action: Apply mitigations per vendor instructions, follow applicable…
Lyrie.ai@lyrie_ai
12 days agoFull Tweet
CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Escalation
0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es
Lyrie.ai@lyrie_ai
12 days agoSource: X search for CVE-2026 critical
Posted: 2026-05-22T17:35:17.000Z
Likes: 17
0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es
Lyrie.ai@lyrie_ai
12 days ago0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es
Lyrie.ai@lyrie_ai
12 days agoCVE-2026-48172: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Escalation
0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es
Lucas@lucasverdan
16 days agoCISA added CVE-2026-48172 to KEV.
This LiteSpeed cPanel plugin bug can turn a tenant-level foothold into root-level script execution. In shared hosting, that's an incident-response problem, not a routine plugin update.
Patch fast or remove the plugin.
CVE-2026-20245
7.8/ 10
CVSS Score
78/ 100
SVRS Score
1.91M
Audience
107
Social Media
35
News
2
Repos
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user.
To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices.
Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.
The Cyber Security Hub™@TheCyberSecHub
14 days agoCisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) https://t.co/wZta2CbSg7
Shah Sheikh@shah_sheikh
14 days agoCisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245): A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this… https://t.co/04S1Ud3ABc https://t.co/vLv4sLQ8fl
Eric Vanderburg@evanderburg
14 days ago#Cisco #SDWAN #0day exploited, no patch available (CVE-2026-20245) https://t.co/6faFLN20IF https://t.co/PjWXQMqF7U
NerdieNews@NewsNerdie
14 days ago🚨 BREAKING: Cisco alerts users to a high-severity zero-day vulnerability in Catalyst SD-WAN Manager (CVE-2026-20245) that allows root privilege escalation. Active exploitation reported. Stay vigilant! #NerdieNews #CyberSecurity #BreakingNews #InfoSec #ZeroDay #Cisco https://t.co/iwLk6x51mE
America's Pick@nims213
14 days agoCisco warns of unpatched SD-WAN zero-day exploited in attacks https://t.co/QjIzpXFadG
On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escala…
Trube Technologies@trubetech
14 days agoCisco warns of a high-severity unpatched SD-WAN zero-day (CVE-2026-20245) actively exploited to gain root privileges. Read our latest summary on how attackers are leveraging this flaw and what you can do to mitigate exposure. https://t.co/ZA35CkPH2V
Israel@f1tym1
14 days agoCisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 https://t.co/6C6pnkK8pZ
The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet.
The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on …
NerdieNews@NewsNerdie
14 days ago🚨 BREAKING: Cisco alerts users to a critical SD-WAN zero-day vulnerability, CVE-2026-20245, allowing root command execution. No patch available yet. Stay vigilant and monitor updates. #NerdieNews #CyberSecurity #BreakingNews #InfoSec #ZeroDay #Cisco https://t.co/5XKnbZe9vR
Shah Sheikh@shah_sheikh
14 days agoCisco Warns of 7th SD-WAN Zero-Day Exploited in 2026: The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet.
The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on… https://t.co/oUbw3T63E0 https://t.co/BEE1RPeJ8c
Eduard Kovacs@EduardKovacs
14 days agoCisco informed customers about CVE-2026-20245, the seventh SD-WAN product vulnerability exploited in the wild in 2026. https://t.co/ojjjaSGQKn
CVE-2026-11645
8.8/ 10
CVSS Score
83/ 100
SVRS Score
1.89M
Audience
76
Social Media
31
News
3
Repos
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
AbOUk | East Africa Tech@abokfelix
1 day ago🔥 1. Google Chrome (Active Zero-Day)
Google has patched a critical zero-day (CVE-2026-11645) in the V8 JavaScript engine that is actively being exploited in the wild.
The Risk: Remote code execution via malicious HTML pages.
Other patches: Multiple Use-After-Free (UAF) flaws
CiberPlaneta@CiberPlanetaOrg
1 day ago🛡️ CVE-2026-11645: Vulnerabilidad crítica de escritura fuera de límites en Google Chromium V8 activamente explotada
Análisis técnico de CVE-2026-11645, vulnerabilidad out-of-bounds en Chromium V8 que permite ejecución de código arbitrario. Parches y mitigaciones disponibles.
CiberPlaneta@CiberPlanetaOrg
1 day ago🛡️ Alerta de Seguridad: Google Chromium V8 Out-of-Bounds Read/Write con RCE en sandbox (CVE-2026-11645)
Vulnerabilidad OOB en V8 permite RCE dentro del sandbox mediante página HTML maliciosa. Afecta Chrome, Edge y Opera. Explotación activa confirmada por CISA KEV.
Upwind Security MDR@UpwindMDR
5 days ago🚨 High - Out-of-Bounds Read/Write Vulnerability in Google Chrome (CVE-2026-11645)
A high-severity memory corruption flaw has been identified in the V8 engine of Google Chrome versions prior to 149.0.7827.103. A remote attacker could exploit this vulnerability to execute
Lucas@lucasverdan
9 days ago🛑 Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency…
Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency V8 Patch Google has…
🔗 Details → https://t.co/Ztbp17OJ6w
Herman Menor@hmenorjr
9 days ago🚨 Google just patched a critical Chrome bug (CVE-2026-11645) that hackers are already using. It’s in the V8 engine, which runs JavaScript on websites. If you visit a bad site, attackers could run malicious code on your device. This is the 5th zero-day Chrome has fixed in 2026.
androidponsel.com@androidPonsel_
9 days agoGoogle menambal zero-day Chrome kelima di 2026. CVE-2026-11645 di V8 engine sudah dieksploitasi di alam liar. Perbarui browser Anda sekarang.
Baca selengkapnya >
https://t.co/KzmwL1tnIl
#Google #Chrome https://t.co/xTON0RPynj
DFIR Radar@DFIR_Radar
9 days agoCVE-2026-11645 (CVSS 8.8) actively exploited Chrome V8 zero-day enables arbitrary code execution via crafted HTML pages. Google confirms exploit exists in wild. Update to Chrome 149.0.7827.102+ and force browser restart immediately.
#DFIR_Radar https://t.co/E65w8VAYBl
Aviatrix Threat Research Center@aviatrixtrc
9 days agoAttackers exploited CVE-2026-11645 in Chrome's V8 engine to break out of browser sandboxes and establish network footholds. TRC analysis shows the campaign involved lateral movement and C2 establishment after initial browser compromise. Runtime segmentation helps contain such
Elusive@ElusivePrivacy
9 days agoChrome 5th zero-day of 2026
Google patched the 5th actively exploited Chrome zero-day of 2026. CVE-2026-11645 out-of-bounds read/write in the V8 engine, confirmed exploited in the wild.
Fixed in 149.0.7827.102/.103 (Win/Mac/Linux). Google is withholding details until users
CVE-2026-39987
9.8/ 10
CVSS Score
94/ 100
SVRS Score
1.87M
Audience
59
Social Media
22
News
2
Repos
marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.
Cybersecurity News Everyday@TweetThreatNews
14 days agoSysdig TRT observed an agentic AI attacker exploiting CVE-2026-39987 in marimo to automate container escape, host breakout, and Kubernetes secret theft via Docker socket and nsenter. #CVE202639987 #marimo #Kubernetes
https://t.co/azfAWQc2zG
Dennis Ludena@DennisLudena
15 days agoSeems like the exploit associated with the critical flaw CVE-2026-39987 was created using AI tools due to the short time between the vulnerability disclosure and deployment time. While this is not the first malware or exploit designed using AI tools, it showcases how fast the
IntegSec@integ_sec
15 days agoCVE-2026-39987: Marimo Remote Code Execution Bug - What It Means for Your Business and How to Respond
https://t.co/Lej1Hb8zd7
Divinmentis@Divinmentis
15 days agoPatching and AV assume fixed exploit signatures. This worm destroys that model. Its on-device LLM adapts to each unique target, no static signature needed. CVE-2026-39987 showed AI pivoting AWS to SSH to PostgreSQL in under 2 min. This is that capability at network scale. The
DCI CyberSec News@DCICyberSecNews
16 days agoAttackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/ZE8ucbPnKw via @TheHackersNews
Radio007@007radiotv
18 days ago📣 New Podcast! "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit" on @Spreaker #artificialintelligence #cyber #cybercrime #cybercriminals #cyberinvestigation https://t.co/wD3vSjrbzo
CloudSecurityAlliance@cloudsa
18 days agoCISO Daily Briefing: CVE-2026-39987 in Marimo gave attackers RCE — then an LLM agent autonomously pivoted four times and drained a full PostgreSQL database in under two minutes, marking the first confirmed operational use of AI in live post-exploitation; codexui-android, a
Jim Rigney@RigneySec
18 days agoAttackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/QSVoof9aEe https://t.co/NDEHnu9iyd
ReconBee@ReconBee
18 days agoAttackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/tdHPRje6ut
#LLM #Marimo #largelanguagemodels #llmagent #cybersecurity
Gray Hats@the_yellow_fall
18 days agoAnalyze the Marimo CVE-2026-39987 exploit. Learn how an autonomous AI agent weaponized this flaw to exfiltrate internal database credentials.
#Marimo #CVE202639987 #AIAgent #Cyberattack #Sysdig #ThreatIntel
https://t.co/mcdKklNpiI https://t.co/ddrR3nWuL0
CVE-2026-50656
7.8/ 10
CVSS Score
77/ 100
SVRS Score
1.85M
Audience
20
Social Media
5
News
0
Repos
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.
Pasquale Pillitteri@pillitterip
1 day agoRoguePlanet: the Microsoft Defender zero-day (CVE-2026-50656) that hands attackers SYSTEM on fully patched Windows 10 and 11. No patch yet, here's how to defend.
https://t.co/Gjzr02v24X
#cybersecurity #infosec #zeroday
Cybersecurity News Everyday@TweetThreatNews
1 day agoMicrosoft is developing a patch for RoguePlanet, a Microsoft Defender zero-day tracked as CVE-2026-50656. The privilege escalation flaw could grant SYSTEM access via a race condition. #RoguePlanet #CVE2026-50656 #MicrosoftDefender
https://t.co/EMB6AsCuSN
Aviatrix Threat Research Center@aviatrixtrc
1 day agoTRC analysis shows attackers exploiting CVE-2026-50656 in Microsoft Defender are leveraging a race condition to achieve SYSTEM-level privilege escalation on fully patched Windows systems. This incident highlights how endpoint security tools can become attack vectors themselves.
Clone Systems@CloneSystemsInc
2 days agoCVE Alert: Microsoft Defender Zero-Day
Microsoft has confirmed CVE-2026-50656, a Microsoft Defender zero-day publicly referred to as “RoguePlanet.”
The vulnerability is an elevation of privilege flaw in the Microsoft Malware Protection Engine and has been assigned a CVSS score https://t.co/AVBG9XmpmN
The Cyber Security Hub™@TheCyberSecHub
2 days agoMicrosoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) https://t.co/NyDT6ZerPT
Help Net Security@helpnetsecurity
2 days agoMicrosoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) - https://t.co/pmk27fzdcH - @Microsoft @msftsecurity @MsftSecIntel #0day #Exploit #MicrosoftDefender #VulnerabilityDisclosure #Cybersecurity #CybersecurityNews
Shah Sheikh@shah_sheikh
2 days agoMicrosoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656): Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high… https://t.co/RJ2mYbdjrn https://t.co/YIks7bKRx7
Cybersecurity News Everyday@TweetThreatNews
2 days agoMicrosoft is developing a patch for RoguePlanet, now tracked as CVE-2026-50656. The zero-day affects fully patched Windows 10 and 11 systems and may allow SYSTEM-level command prompts via a race condition. #RoguePlanet #CVE-2026-50656
https://t.co/67PacbGXva
Zubiqo@zubiqo
2 days ago🚨 Microsoft Confirms Unpatched Defender Zero-Day Exploit
Microsoft assigned CVE-2026-50656 to a critical vulnerability in the Microsoft Malware Protection Engine publicly referred to as RoguePlanet.
The unpatched zero-day flaw allows attackers to bypass real-time protection https://t.co/2DwntyvzY2
ThreadLinqs@threadlinqs
2 days agoNEW THREAT INTEL: CVE-2026-50656: RoguePlanet Microsoft Defender Zero-Day Local Privilege Escalation. 9 detections, 20 IOCs. https://t.co/jjYxsA0Sls #ThreatIntel #CVE https://t.co/lkIiBT6XIj
CVE-2026-35616
9.8/ 10
CVSS Score
99/ 100
SVRS Score
1.81M
Audience
60
Social Media
31
News
2
Repos
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Lyrie.ai@lyrie_ai
2 days agoCVE-2026-35616: Fortinet FortiClient EMS—the centralized command post for managing endpoint security policies across enterprise fleets—has suffered back-to-back critical zero-days in the span of three weeks. CVE-2026-35616 CVSS 9.1 is an unauthenticated pre-authentication…
Lyrie.ai@lyrie_ai
2 days agoCVE-2026-35616 is classified as an Improper Access Control flaw (CWE-284) in FortiClient EMS. Fortinet's official description is surgical: "An improper access control vulnerability in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or…
Lyrie.ai@lyrie_ai
2 days agoCVE-2026-35616 did not arrive in isolation. CVE-2026-21643—also rated CVSS 9.1—is an SQL injection vulnerability in FortiClient EMS that came under active exploitation in the weeks immediately prior. It allows an unauthenticated attacker to execute arbitrary SQL commands…
DFIR Radar@DFIR_Radar
9 days agoChina-linked JDY botnet grows to 1,500+ compromised SOHO/IoT devices, rapidly scanning US 🇺🇸 military networks for newly disclosed vulnerabilities. Operators quickly targeted CVE-2026-35616 after Fortinet disclosure.
#DFIR_Radar https://t.co/BcyyWqetbf
CSIRT Financiero Asobancaria@CSIRTFinanciero
14 days ago⚠️ ¿Sabías que un atacante puede acceder a todos los equipos de tu organización sin necesitar una sola contraseña?
CVE-2026-35616 lo hace posible y ya está siendo explotada activamente contra el sector financiero.
🔴 Riesgo alto | TLP: White | 28 may 2026 https://t.co/kUUc5pKBsh
DC3 DCISE@DC3DCISE
14 days ago🛡️ Threat actors are actively exploiting a critical #FortiClient EMS flaw (CVE-2026-35616) to deploy credential stealers disguised as endpoint updates!
Visit @thehackernews for more. #InfoSec
MprintedIT@MprintedIT
18 days agoHackers are exploiting a critical flaw in FortiClient EMS — and disguising their malware as a Fortinet software update.
CVE-2026-35616 (CVSS 9.1) lets unauthenticated attackers bypass the API, then push the EKZ infostealer to every managed endpoint on your network. Once inside https://t.co/Kp3zVmwFFB
Carlos Fynn@fynn_JourX
18 days agoLegacy exposure keeps paying off for attackers. FortiClient EMS exploit turns endpoint management into cr…
CVE-2026-35616 shows how a vulnerable FortiClient EMS server can become a malware delivery…
🔗 Read → https://t.co/cBoTi33dIS
Lucas@lucasverdan
18 days ago🛑 FortiClient EMS exploit turns endpoint management into credential theft…
CVE-2026-35616 shows how a vulnerable FortiClient EMS server can become a malware delivery…
🔗 Details → https://t.co/QRuF3O21Vx
Gray Hats@the_yellow_fall
18 days agoAnalyze the recent FortiClient EMS exploit. Learn how attackers leverage CVE-2026-35616 to deliver EKZ Infostealer and bypass endpoint protection.
#Fortinet #FortiClientEMS #CVE202635616 #EKZInfostealer #Cybersecurity #ThreatIntel
https://t.co/lpGROuJRW3 https://t.co/mkN8wohXif
CVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.
F.A.Q.
Find answers to common questions about CVEs and vulnerability intelligence