§Topic · CVE & Vulnerabilities
CVE & Vulnerabilities
Newly disclosed CVEs, actively exploited vulnerabilities, and critical patches you need to apply now.
All dispatches
Loading
§Topic · CVE & Vulnerabilities
Newly disclosed CVEs, actively exploited vulnerabilities, and critical patches you need to apply now.
All dispatchesApex One on-premise systems are under active exploitation for CVE-2026-34926. Patch immediately to reduce risk.
High-severity vulnerability in NGINX-related stack exposed services to DoS; ensure patches are applied and traffic is filtered from untrusted sources.
A critical unpatched vulnerability in ChromaDB allows unauthenticated attackers to execute code and take control exposed servers. Patch and rotate credentials immediately.
A stored XSS flaw in Open WebUI allows 1-click remote code execution when uploading a profile image. Patch status and mitigations required to protect AI workspaces.
Fortinet disclosed a critical remote code execution flaw in FortiSandbox (CVE-2026-26083) requiring urgent patching to prevent unauthenticated code execution. Prioritize affected deployments.
Microsoft released a broad May 2026 Patch Tuesday covering 120 vulnerabilities across Windows, Azure, and Office, including 29 critical RCE flaws. Patch management is essential to reduce exposure.
PoC demonstrates SYSTEM-level privilege escalation on patched Windows; rapid patching recommended.
Microsoft issues mitigations for a high-severity Exchange Server zero-day (CVE-2026-42897) exploited in the wild. Install mitigations promptly.
Mass patch Tuesday covering DNS, Netlogon, and privilege-escalation flaws; prioritize critical patches in risk mitigations.
Initial access via social engineering on Teams; rapid persistence emphasis for defenders to harden collaboration tools and training.
Dirty Frag zero-day enables root via PoC exploits across many distros; patch guidance issued.
CVE-2026-6973 exploited in targeted attacks; patches released to mitigate. Immediate patching recommended.
Three critical disclosures in Microsoft 365 Copilot and Copilot Chat were remediated; end-user action not required per advisories.
Ivanti Endpoint Manager Mobile 0-day vulnerabilities are being exploited; patch on-premises deployments immediately.
Pan-OS users face an actively exploited zero-day; apply patches urgently to mitigate potential RCE and persistence risk.
Chrome 148 closes 127 vulnerabilities, including critical overflow and use-after-free flaws. Update immediately to reduce exploitation risk.
ScarCruft trojanized a gaming platform to deploy backdoors on Windows and Android. Review supply chain and application trust.
New cPanel vulnerability exploited to target government and MSP networks. Patch immediately and audit exposure.
Critical unauthenticated RCE in Weaver E-cology is being actively abused in the wild. Organizations should patch affected builds and monitor for payloads.
Get these articles delivered to your inbox.
Subscribe free