CVE Radar
Welcome To CVE Radar

Discover trending vulnerabilities, explore attack vectors, exploits, and security details

CVE Radar is a free vulnerability intelligence platform by SOCRadar that goes beyond raw CVSS scores to provide actionable threat context for each CVE. Security engineers, vulnerability managers, and SOC analysts can search any CVE identifier or product name to instantly see exploit availability, active exploitation evidence, patch status across major vendors, and attribution to known ransomware groups or APT actors weaponizing the flaw. The database refreshes hourly from the National Vulnerability Database, public proof-of-concept repositories, dark web exploit markets, and SOCRadar's proprietary threat intelligence feeds. The trending CVEs view highlights which vulnerabilities are gaining attack momentum week-over-week, enabling teams to prioritize patching based on real adversary behavior rather than severity scores alone. No account or API key is required for lookups.

Top CVE Trend (Last 30 Days)
2026-06-082026-06-122026-06-162026-06-202026-06-242026-06-282026-07-040650000130000019500002600000Mentions
CVE-2026-20230
8.6/ 10
CVSS Score
81/ 100
SVRS Score
3.05M
Audience
137
Social Media
46
News
0
Repos
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
avatar
TECHEPAGES@techepages
2 days ago
🚨 Cisco has finally confirmed active exploitation of CVE-2026-20230 in Unified Communications Manager — an unauthenticated SSRF flaw patched back in June 3. Attackers are using crafted file:// payloads to create files on targeted devices, with PoC exploit code publicly
avatar
Sudarshana@Sudarshana_io
2 days ago
CUCM CVE-2026-20230: WebDialer trusts an unauth HTTP request. Pull the hostname from Version.jws?wsdl, SSRF into installClusterStatusExecute, traverse dirs to drop a rogue Axis descriptor. It deploys a JSP file-writer. Stage-two shell lands as root. #CUCM #SSRF
avatar
SQ Magazine@sqmagazine_news
2 days ago
Alert! 🚨 Cisco's Unified CM vulnerability CVE-2026-20230 is being actively exploited. Only systems with WebDialer enabled are at risk. Patch now! 👉🏻 https://t.co/sXsEzmodkB #CyberSecurity #Cisco #VulnerabilityWarning
avatar
Stanislav Klevtsov@stansecure
2 days ago
Top #CVE to #patch this week 👀 - @Ubiquiti UniFi OS (CVE-2026-34908, 34909, 34910) critical flaws - @Cisco UCM (CVE-2026-20230) SSRF to root - Another two @Linux Privesc pedit COW(CVE-2026-46331), DirtyClone - @Linux kernel — new DirtyFrag family privesc, JFrog published
avatar
Silent Vector@gh0st_V3ctbrv
29 days ago
🚨-3- Critical Cisco Unified CM Flaw Patched Amidst Public Exploit Release 🎯 Attack: Cisco issued a patch for a critical vulnerability, CVE-2026-20230, in its Unified CM and Unified CM SME that allows unauthenticated Server-Side Request Forgery (SSRF) attacks. 👤 Threat Actor:
avatar
CCB Alert@CCBalert
29 days ago
Warning: High severity vulnerability in #Cisco Unified Communications Manager #CVE-2026-20230 CVSS: 8.6. Exploit PoC available. More info: https://t.co/GaxDCSeJ8Q. #Patch #Patch #Patch
avatar
White Rabbitx 🏴‍☠️@TheRabbitPy
29 days ago
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public https://t.co/Enl1BM7oCE
avatar
Cyber Edition@CyberEdition
30 days ago
🔥A public PoC is now available for Cisco Unified CM flaw CVE-2026-20230. The SSRF bug can lead to file writes and root-level compromise when WebDialer is enabled. Cisco admins should patch immediately or disable WebDialer. #CyberSecurity #Cisco Read more: https://t.co/5Cd65ILpMs
avatar
Jedi Security •|• OSS@JedisecX
30 days ago
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public https://t.co/HfKodpre5L
avatar
DeepBlue Security & Intelligence@DeepBlueInfoSec
30 days ago
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public https://t.co/XZRhuKgXOh
CVE-2026-50751
9.3/ 10
CVSS Score
83/ 100
SVRS Score
3.01M
Audience
152
Social Media
61
News
6
Repos
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
avatar
Arctic Wolf@AWNetworks
18 days ago
CVE-2026-50751 is a critical vulnerability (CVSS 9.3) in Check Point Remote Access VPN, Mobile Access, and Spark Firewall products using the deprecated IKEv1 key exchange protocol. Learn more in our latest security bulletin: https://t.co/SdKjaxfgEn
avatar
White Knight Labs@WKL_cyber
18 days ago
.@CheckPointSW patched a critical VPN authentication bypass, CVE-2026-50751, that was exploited by a Qilin ransomware affiliate. Entry point: deprecated IKEv1, no machine cert enforcement. One legacy config. That's all it took. https://t.co/1YE4IIj0B6 via @BleepinComputer
avatar
Proven Data@Proven_Data
18 days ago
Qilin hit manufacturing, healthcare, and aviation across 2025-2026. Entry: CVE-2026-50751 exploitation. No public decryptor. Full attack chain + MITRE TTPs: https://t.co/psqO2rY9CU #CyberSecurity #Ransomware #DFIR #IncidentResponse #ThreatIntel #Qilin
avatar
Threat Signal@ThreatSignal_IN
18 days ago
1/4 Edge infrastructure is the primary battleground of 2026. The weaponization of CVE-2026-50751 on @checkpointsw VPNs by Qilin ransomware operators shows exactly why perimeter-focused defense is failing. They aren't just scanning; they're operating with terrifying speed.
avatar
Threat Signal@ThreatSignal_IN
18 days ago
@watchtowrcyber CVE-2026-50751 on Check Point VPNs isn't a theoretical edge case-Qilin is already weaponizing the auth bypass in the wild for Rclone data exfil. Unauthenticated, zero-password tunnel creation is exactly how perimeter-focused security architectures completely collapse.
avatar
Threat Signal@ThreatSignal_IN
18 days ago
@rapid7 CVE-2026-50751 on Check Point VPNs isn't a theoretical edge case-Qilin is already weaponizing the auth bypass in the wild for Rclone data exfil. Unauthenticated, zero-password tunnel creation is exactly how perimeter-focused security architectures completely collapse.
avatar
Threat Signal@ThreatSignal_IN
18 days ago
@TheHackersNews CVE-2026-50751 on Check Point VPNs isn't a theoretical edge case-Qilin is already weaponizing the auth bypass in the wild for Rclone data exfil. Unauthenticated, zero-password tunnel creation is exactly how perimeter-focused security architectures completely collapse.
avatar
Threat Signal@ThreatSignal_IN
18 days ago
@DFIR_Radar CVE-2026-50751 on Check Point VPNs isn't a theoretical edge case-Qilin is already weaponizing the auth bypass in the wild for Rclone data exfil. Unauthenticated, zero-password tunnel creation is exactly how perimeter-focused security architectures completely collapse.
avatar
Threat Signal@ThreatSignal_IN
18 days ago
@DarkWebInformer CVE-2026-50751 on Check Point VPNs isn't a theoretical edge case-Qilin is already weaponizing the auth bypass in the wild for Rclone data exfil. Unauthenticated, zero-password tunnel creation is exactly how perimeter-focused security architectures completely collapse.
avatar
TheNu11Sector@Nu11Sector
18 days ago
1.🧵 CVE-2026-50751 on Check Point VPN is exploited via IKEv1. If your gateway still accepts legacy connections, anyone can authenticate without credentials. Here's how to detect and close it in 10 minutes. #CheckPoint #VPN #Cybersecurity https://t.co/IEaZ1K4P0U
CVE-2026-48558
10.0/ 10
CVSS Score
88/ 100
SVRS Score
2.76M
Audience
90
Social Media
28
News
0
Repos
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.
avatar
CyberTLDR@CyberTLDR
3 days ago
3/3 Patch SimpleHelp now. CVE-2026-48558 is CVSS 10.0 and actively exploited. Audit Technician sessions for forged tokens. Monitor for node.exe running scripts named jquery.js in unexpected locations on your systems. #PatchNow #cybersecurity
avatar
NEWSTECNICAS | Tecnología@newstecnicas
3 days ago
🚨 #Alerta Crítica: #Parchea ya el CVE-2026-48558 en servidores #SimpleHelp (+MITIGACIÒN) https://t.co/8v6EEAWWZ5
avatar
Carlos Fynn@fynn_JourX
3 days ago
SimpleHelp CVE-2026-48558 exploitation turns RM… is the kind of management-plane bug defenders should move on fast. It combines active exploitation with credential theft and auth bypass risk in FortiClient EMS. When endpoint management infrastructure is exposed, the bl…
avatar
Lucas@lucasverdan
3 days ago
SimpleHelp CVE-2026-48558 exploitation turns RM… is already being exploited, and Fortinet says the FortiClient EMS flaw carries credential theft and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.
avatar
Carlos Fynn@fynn_JourX
3 days ago
Legacy exposure keeps paying off for attackers. SimpleHelp CVE-2026-48558 exploitation turns RMM into a c… Attackers are exploiting CVE-2026-48558, a critical SimpleHelp OIDC authentication bypass… 🔗 Read → https://t.co/WzgrOAlnGU
avatar
Lucas@lucasverdan
3 days ago
🛑 SimpleHelp CVE-2026-48558 exploitation turns RMM into a credential-thef… Attackers are exploiting CVE-2026-48558, a critical SimpleHelp OIDC authentication bypass… 🔗 Details → https://t.co/R3wvH8Rb3J
avatar
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥☭⃠🅇@YourAnon_irc
3 days ago
Recent threats: SimpleHelp auth bypass (CVE-2026-48558) allows MFA bypass for technician sessions. Fluentd RCE/SSRF (July 1, 2026) endangers backend data. Patch now! #Cybersecurity #Vulnerabilities #News
avatar
newsoft332@newsoft33292530
3 days ago
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer https://t.co/6S9mUfOcxy via @TheHackersNews
avatar
ChrisUK2026@chris_uk2026
3 days ago
SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558) - https://t.co/WIQ3jZfhUv… - @BlackpointUS @Horizon3ai @CISACyber @CISAgov #Credentials #DataTheft #Malware #MSP #RemoteManagement #Vulnerability #Cybersecurity #CybersecurityNews
avatar
Israel@f1tym1
4 days ago
CVE-2026-48558, a critical authentication bypass in SimpleHelp, is being exploited to deliver malware. https://t.co/GL5FQN3Mn6
CVE-2026-20253
9.8/ 10
CVSS Score
87/ 100
SVRS Score
2.72M
Audience
117
Social Media
41
News
4
Repos
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
avatar
DFIR Radar@DFIR_Radar
8 days ago
CVE-2026-20253 (CVSS 9.8): Unauthenticated RCE in Splunk Enterprise is under active exploitation. Attackers reach an internal PostgreSQL sidecar recovery endpoint through the Splunk Web proxy with no credentials required. Key findings: - The root cause is Splunk Web proxying https://t.co/1jpdwMPZ5R
avatar
ALL IT Services@ALLITAustralia
13 days ago
Critical Splunk flaw (CVE-2026-20253) is being exploited — unauth RCE. Running Splunk? Patch to 10.0.7/10.2.4 today. #CyberSecurity #AusIT https://t.co/Zbxvdh0a0W
avatar
CloudSecurityAlliance@cloudsa
13 days ago
CISO Daily Briefing: Splunk CVE-2026-20253 KEV remediation deadline is today; NGINX CVE-2026-42530/42055 (CVSS 9.2) and Chrome V8 CVE-2026-11645 zero-day both under active exploitation. OMB M-26-14 mandates federal logging posture change; U.S. restricts Anthropic's Fable 5/Mythos
avatar
Alethean Group@AletheanGroup
13 days ago
Splunk's June 18 CVE-2026-20253 update is a reminder: when the security tool is the target, patching is only part of the response. Preserve admin actions, ingest gaps, config changes, alerts, and log custody. Support: https://t.co/gSCxBAWVLo #DFIR #IncidentResponse
avatar
Dr.Philippe Vynckier, CISSP - Influencer@PVynckier
13 days ago
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) - Help Net Security https://t.co/bt9uPoY7Hx
avatar
@pedri77@pedri77
13 days ago
CVE-2026-20253 is a CVSS 9.8 pre-auth flaw in Splunk Enterprise's PostgreSQL sidecar service. An unauthenticated attacker can write files and chain the primitive to RCE. A public PoC exists; no workaround, patch onl... https://t.co/dZ5zCozCgm
avatar
c7m@0xc7m
18 days ago
#CVE-2026-20253 Splunk Enterprise Unauthenticated Arbitrary File Operations / RCE. This vulnerability allows any network-reachable attacker to create or overwrite files on the server without credentials. 🎇
avatar
Aviatrix Threat Research Center@aviatrixtrc
18 days ago
TRC analysis shows attackers can exploit CVE-2026-20253 to achieve unauthenticated RCE in Splunk Enterprise through PostgreSQL sidecar manipulation. The vulnerability enables lateral movement across monitored systems. Runtime segmentation can help limit blast radius when central
avatar
Jeff Hall - PCI Guru - #StandWithUkraine@jbhall56
18 days ago
The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. https://t.co/0avUMyvNkC
avatar
Ryan Dewhurst@ethicalhack3r
18 days ago
🚨 CVE-2026-20253 is not yet in CISA KEV. But KEVIntel honeypots are already seeing sustained attacker activity targeting Splunk Enterprise. - 80 exploitation attempts - 17 attacker IPs - 8 countries If Splunk is exposed in your environment, this should be on the radar. Full https://t.co/2pdSU2nxkr
CVE-2026-10520
10.0/ 10
CVSS Score
88/ 100
SVRS Score
2.64M
Audience
74
Social Media
32
News
3
Repos
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
avatar
ThreatCluster@threatcluster
2 days ago
Multiple trojanized proof-of-concept exploits on GitHub delivered the ChocoPoC Python RAT exploiting CVE-2025-64446 and CVE-2026-10520, targeting security researchers, Sekoia and BleepingComputer reported. https://t.co/PgfdgQv4IX
avatar
RedLegg@RedLegg
23 days ago
Critical Ivanti Sentry Alert (CVE-2026-10520, CVE-2026-10523): Two critical flaws enable unauthenticated attackers to bypass authentication and execute commands with root privileges. While exploitation hasn’t been observed in the wild, a public pro... https://t.co/U6VsatAWP9
avatar
Rishi@rxerium
24 days ago
🚨 CVE-2026-10520, a critical (CVSS 10.0) OS Command Injection vulnerability in Ivanti Sentry is now under active exploitation as reported by @DefusedCyber Scan infrastructure to see if you're vulnerable: https://t.co/jcr7SLj5FO Patches are available as per Ivanti's advisory: https://t.co/oQvdAKKfiY
avatar
VulDB 🛡@vuldb
24 days ago
Some increased actor activities are shown targeting Ivanti Sentry (CVE-2026-10520) https://t.co/0PPyoSgF6T
avatar
ThreatCluster@threatcluster
24 days ago
Ivanti released fixes for Sentry flaws CVE-2026-10520 (pre-auth root RCE) and CVE-2026-10523 (admin auth bypass) affecting versions before R10.5.2, R10.6.2 and R10.7.1, BleepingComputer reported. https://t.co/ZnYJRKA5uZ
avatar
Defused@DefusedCyber
24 days ago
🚨 CVE-2026-10520 (Pre-auth OS Command Injection in Ivanti Sentry) is now under active exploitation Attackers have been exploiting Ivanti systems with the recently released vulnerability since this morning Track Ivanti exploitation live 👉 https://t.co/GXFaqggV8a https://t.co/nylXVUWcfq
avatar
Cybersecurity News Everyday@TweetThreatNews
24 days ago
Ivanti patched two critical Sentry flaws, including CVE-2026-10520, a max-severity command injection that could allow root code execution, and CVE-2026-10523, an auth bypass for rogue admin access. #Ivanti #Sentry #CVE202610520 https://t.co/ajFnF8yJmq
avatar
SecAlerts@SecAlertsCo
24 days ago
Ivanti Sentry: unauthenticated RCE as root. CVE-2026-10520 is a CVSS 10 OS command injection flaw. Patch to R10.5.2, R10.6.2 or R10.7.1 now. https://t.co/C0231EQTnD
avatar
Nicolas Krassas@Dinosn
25 days ago
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) - watchTowr Labs https://t.co/rEpMJX7q1n
avatar
DFIR Radar@DFIR_Radar
25 days ago
Ivanti Sentry pre-auth OS command injection (CVE-2026-10520) achieves perfect 10.0 CVSS with unauthenticated root RCE. Watchtowr Labs demonstrates exploitation using hardcoded XML format leaked in patch analysis. Technical breakdown: • CVE-2026-10520 affects Sentry versions https://t.co/5H4Zcn6K9Q
CVE-2026-45659
8.8/ 10
CVSS Score
85/ 100
SVRS Score
2.63M
Audience
55
Social Media
23
News
0
Repos
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
avatar
ThreadLinqs@threadlinqs
2 days ago
SharePoint RCE CVE-2026-45659 hits CISA KEV: a Site Member login is all Storm-2603 needs for on-prem code exec. https://t.co/4HUa7nf6CB #ThreatIntel #CVE https://t.co/nUdCWYOmki
avatar
Nicolas Krassas@Dinosn
2 days ago
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation https://t.co/yXkdbmIUpb
avatar
Wes DeVault, CISSP@wvipersg
2 days ago
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation https://t.co/ebcVfw9bIs
avatar
Todd Pigram@pigram86
2 days ago
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation https://t.co/xn5uzVXGEo
avatar
The Daily Tech Feed@dailytechonx
2 days ago
CISA has added the SharePoint RCE vulnerability CVE-2026-45659 to its Known Exploited Vulnerabilities catalog following active exploitation. Organizations using affected SharePoint Server versions should apply patches immediately to prevent unauthorized code execution and https://t.co/gv7K6WlffZ
avatar
The Hacker News@TheHackersNews
2 days ago
⚠️ CISA added CVE-2026-45659 to KEV following active exploitation. The SharePoint Server RCE was patched in May 2026. Microsoft says an authenticated Site Member can execute code remotely — no admin rights required. FCEB agencies have until July 4 to patch. Details: https://t.co/ohEP3oJ3H3
avatar
Daily CyberSecurity@the_yellow_fall
3 days ago
CISA flags an actively exploited SharePoint vulnerability (CVE-2026-45659) enabling remote code execution. Patch SharePoint Server 2016 now. #SharePoint #Microsoft #CVE202645659 #CISAKEV #RCE #ExploitedInTheWild #Vulnerability https://t.co/NavQvumhfo https://t.co/bX5oLznm5r
avatar
CiberPlaneta@CiberPlanetaOrg
3 days ago
🛡️ CVE-2026-45659: Vulnerabilidad Crítica de Deserialización en Microsoft SharePoint Server Explotada Activamente Análisis técnico del CVE-2026-45659 en Microsoft SharePoint Server: deserialización de datos no confiables con CVSS 8.8 explotada activamente. Mitigaciones urge
avatar
ChrisUK2026@chris_uk2026
3 days ago
🛡️ @CISACyber added Microsoft SharePoint Server deserialization of untrusted data vulnerability CVE-2026-45659 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/Hr1Rpw9Skf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec
avatar
CISA Cyber@CISACyber
3 days ago
🛡️ We added Microsoft SharePoint Server deserialization of untrusted data vulnerability CVE-2026-45659 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/mfEzA2Kp8m
SOCRadar LogoExtended Threat Intelligence
Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.

CVE-2026-55200
8.3/ 10
CVSS Score
76/ 100
SVRS Score
2.59M
Audience
55
Social Media
17
News
3
Repos
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
avatar
Arctic Wolf@AWNetworks
2 days ago
CVE-2026-55200 (CVSS 9.2/9.8), is a memory corruption bug in libssh2's ssh2_transport_read() triggered by a malicious SSH server pre-authentication via a crafted packet_length. Learn more in our latest security bulletin: https://t.co/KeKjyG9JEY
avatar
ThreatCluster@threatcluster
3 days ago
An anonymous researcher known as Bikini released zero-day exploit code for 15 popular open-source projects including the Linux kernel and Libssh2, with CVE-2026-55200 in Libssh2 already actively exploited, according to https://t.co/Rys6cyBLQB and The Register. https://t.co/L6kC3XjFcW
avatar
Upgrade Options Ltd@upgradeoptions
3 days ago
🚨 CVE-2026-55200 now has public PoC code. The libssh2 flaw lets a malicious SSH server trigger memory corruption in a connecting client. > No credentials > No user interaction > Affected through libssh2 1.11.1 Learn more ➝ https://t.co/ja0VKpmptg /@TheHackersNews
avatar
Meridian Group@MeridianEU
3 days ago
CVE-2026-55200 (CVSS 9.2) in libssh2 up to v1.11.1: malicious SSH server triggers memory corruption on connection with no credentials required. Public PoC released. Remediation complicated by static linking in cURL, Git, PHP, and network appliances. https://t.co/M3wbElUkvF
avatar
Vistem Solutions@VistemSolutions
4 days ago
CVE-2026-55200 - GitHub Advisory Database: libssh2 through 1.11.1, fixed in commit 7acf3df, contains a security vulnerability that may affect applications and services relying on SSH/SFTP connectivity. If your organization uses libssh2 directly or through third-party software,
avatar
DCI CyberSec News@DCICyberSecNews
4 days ago
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw https://t.co/zsaMiWQ8Rf via @TheHackersNews
avatar
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥☭⃠🅇@YourAnon_irc
4 days ago
Critical RCE in libssh2 (CVE-2026-55200) reported today (June 30, 2026) impacts secure transport, risking data privacy/integrity. Cisco CUCM (CVE-2026-20230) actively exploited since June 29. Patch ASAP. #Cybersecurity #Vulnerability #News
avatar
Blackwired@blackwired32799
4 days ago
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. https://t.co/4LUiV5AXRX
avatar
CyberTLDR@CyberTLDR
4 days ago
1/3 Public PoC is live for CVE-2026-55200, a CVSS 9.2 flaw in libssh2. A rogue SSH server can corrupt client memory with no auth needed. curl, Git, PHP, and firmware all embed this library. Every version up to 1.11.1 is affected. #CVE #libssh2 #SSH #RCE #cybersecurity
avatar
SecAlerts@SecAlertsCo
5 days ago
Critical vuln in libssh2 could lead to arbitrary code execution. Info, incl. fix info, at vulnerability alert service, SecAlerts - CVE-2026-55200, CVSS 9.2: https://t.co/OYafDTyMbB #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #secalerts #CVE202655200 #libssh2 https://t.co/WiCl7Dqvki
CVE-2025-8088
8.8/ 10
CVSS Score
92/ 100
SVRS Score
2.59M
Audience
58
Social Media
27
News
0
Repos
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
avatar
The Hacker News@TheHackersNews
8 days ago
🚨 Google has linked Turla to a new .NET backdoor. STOCKSTAY was used in espionage campaigns targeting #Ukraine government and military organizations. It overlaps with Kazuar and reached targets through phishing, RDP files, MSI installers, and #WinRAR CVE-2025-8088 lures. See https://t.co/6hfmcN1M92
avatar
BEAHERO.GG@beahero_news
18 days ago
Hackers rusos explotan vulnerabilidad en WinRAR CVE-2025-8088 | https://t.co/2KlUsH4NK0
avatar
TrendAI™ Research@trendai_RSRCH
19 days ago
Russia-aligned groups have long targeted Ukrainian government and military networks. At least five have now exploited CVE-2025-8088, a WinRAR flaw. Credentials stolen from those targets carry downstream risk for allied nations and partners. Read more: https://t.co/E7nF71bTLW https://t.co/p2R2Piyix4
avatar
CyberWatchers@cyber_watchers
24 days ago
Despite CVE-2025-8088 being patched in WinRAR 7.13 in July 2025 multiple threat actor groups continued to build new exploit samples with fresh lure documents and use this vulnerability as a reliable initial access vector against Ukrainian organizations.
avatar
Shah Sheikh@shah_sheikh
24 days ago
Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088: Despite a 2025 patch, Russian-linked groups still exploit a WinRAR flaw (CVE-2025-8088) to deploy malware via phishing archives. CVE-2025-8088 is a path traversal flaw in WinRAR that lets… https://t.co/tG6bCQMDjr https://t.co/273URXEe2F
avatar
Daily Security Review@securitydailyr
2026-06-03
Sekoia: Gamaredon targets Ukrainian government networks with USB worm modules hidden in NTFS Alternate Data Streams. Initial access via CVE-2025-8088 (WinRAR). C2 over Telegram and Cloudflare dead drops. https://t.co/TsFdWrdexH #CyberSecurity #ThreatIntel https://t.co/jp8PTDRzij
avatar
SPIN IDG@spinidg
2026-06-03
Gamaredon exploits WinRAR flaw (CVE-2025-8088) to deploy GammaWorm and GammaSteel malware in targeted cyberattacks against Ukrainian institutions. Read More: https://t.co/CJbxRn7xyo @WinRAR_RARLAB
avatar
N_{Dario Fadda}@nuke86
2026-06-03
Gamaredon sfrutta CVE-2025-8088 in WinRAR per distribuire GammaWorm e GammaSteel contro l’Ucraina il blog: https://t.co/FDyWCVyfrt #cybersecurity #apt #backdoor #cyberwar #fsb #gamaredon #infosec #malware #russia #ukraine #winrar https://t.co/wpMxHpreHK
avatar
SecureChap@SecureChap
2026-06-03
Gamaredon spear-phishing emails deliver RAR archives that exploit CVE-2025-8088 path traversal in WinRAR. Opening the archive writes an HTA file directly into a startup folder so it executes on next logon with no further clicks. The HTA is GammaPhish. It fetches GammaLoad, a
avatar
ThreatCluster@threatcluster
2026-06-03
BREAKING: Gamaredon exploits WinRAR CVE-2025-8088 to deploy GammaWorm and GammaSteel malware against Ukrainian government and critical infrastructure targets. https://t.co/erra37IMd6
CVE-2026-46331
7.8/ 10
CVSS Score
79/ 100
SVRS Score
2.43M
Audience
43
Social Media
12
News
3
Repos
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.
avatar
Stanislav Klevtsov@stansecure
2 days ago
Top #CVE to #patch this week 👀 - @Ubiquiti UniFi OS (CVE-2026-34908, 34909, 34910) critical flaws - @Cisco UCM (CVE-2026-20230) SSRF to root - Another two @Linux Privesc pedit COW(CVE-2026-46331), DirtyClone - @Linux kernel — new DirtyFrag family privesc, JFrog published
avatar
AlexAImaginator@TraffAlex
2 days ago
🔒 CYBERSECURITY, PRIVACY & OPEN SOURCE ROUNDUP — July 02, 2026 1️⃣ LINUX KERNEL EXPLOIT GETS ROOT WITHOUT TOUCHING A SINGLE FILE ON DISK A new Linux kernel exploit (CVE-2026-46331) achieves root access without modifying any files on disk. Instead, it poisons the cached copy of
avatar
Tails@Tails_live
3 days ago
Tails 7.9.1 is out: https://t.co/1TZmZC8BtT It fixes CVE-2026-43503 (*DirtyClone*) and CVE-2026-46331 (*PACKET_EDIT_MEME*).
avatar
بابای نیکولا تسلای کبیر 𝕏@0xjafari
8 days ago
🛑 A new #Linux kernel exploit (CVE-2026-46331) gets root without modifying a single file on disk. It poisons the cached copy of /bin/su in memory.The binary on disk stays untouched. File-integrity checks come back clean. The root shell is already open. https://t.co/WrpmHU5B1G
avatar
CSIRT TELCONET@CSIRT_Telconet
8 days ago
Vulnerabilidad crítica en Linux kernel: Escalada de privilegios mediante act_pedit (CVE-2026-46331) Más información: https://t.co/thwRp6nXqv https://t.co/edd5BVf1S8
avatar
Andriy R@AlterPKC
8 days ago
CVE-2026-46331 "pedit COW" is nasty: attackers poison /bin/su in memory while the file on disk stays clean. Your integrity checks pass while a root shell is already open. Reminder: if you run shared CI/CD runners or K8s nodes, patch now or block act_pedit. https://t.co/KlnOKaqjNd
avatar
The CyberSec Guru@thecybersecguru
8 days ago
Two new Linux LPEs just landed with public exploit paths. pedit COW (CVE-2026-46331) + DirtyClone (CVE-2026-43503) both hit the same nightmare target: the page cache. No disk changes. No file-integrity alert. Just corrupted in-memory binaries → root. If you run CI/CD runners,
avatar
QuanChain@Quan_Chain
8 days ago
CVE-2026-46331: working root exploit, 24 hours after disclosure. Validator nodes on unpatched Linux aren't secure — they're just unattacked. QuanChain's oracle-triggered migration shifts cryptographic posture before your patch cycle closes. Should consensus security depend on ops https://t.co/fOiN2eLhlg
avatar
IT-ADMlNISTRATOR@ita_blog
8 days ago
🚨 Root-Exploit für Linux-Kernel bereits im Umlauf – "pedit COW" bedroht RHEL 8 bis 10 Eine Schwachstelle in der Traffic-Control-Komponente act_pedit (CVE-2026-46331) erlaubt lokalen Nutzern ohne besondere Rechte die Eskalation zu Root. Der Fehler: Ein Speicherbereich wird nur https://t.co/ebWju8k458
avatar
Xavier Rivera@XavierRiveraX
8 days ago
Linux kernel CVE-2026-46331 (pedit COW): public working exploit confirmed. Corrupts the page-cache copy of /bin/su via an out-of-bounds write in act_pedit, granting root with no disk writes. File-integrity checks see nothing. Requires unprivileged user namespaces, on by default
CVE-2026-12569
9.8/ 10
CVSS Score
86/ 100
SVRS Score
2.38M
Audience
24
Social Media
10
News
0
Repos
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030
avatar
Sudarshana@Sudarshana_io
2 days ago
Ask your team this week: is Windchill or FlexPLM exposed to the internet? Then prove it's clean. CVE-2026-12569 is unauth RCE via untrusted deserialization, live-exploited to drop JSP webshells at /Windchill/login/[hex].jsp. 'We patched it' is not 'we tested it.'
avatar
INFOSEC.WATCH@InfosecDotWatch
3 days ago
PTC Windchill and FlexPLM CVE-2026-12569 is in CISA KEV. Prioritize systems holding product, engineering, manufacturing, and supply-chain data. https://t.co/gGIKlNqQEP
avatar
Polsia@polsia
3 days ago
CVE-2026-12569 | PTC Windchill — CVSS 9.8 (Critical) Unauthenticated RCE. CISA confirmed active exploitation Jun 25. JSP webshells under /Windchill/login/. Windchill manages CAD/ERP/BOMs in aerospace/auto/defense. Compromised instance = blueprint exfil + production disruption.
avatar
ADK Cyber@ADKCyber
8 days ago
CISA added CVE-2026-12569 (PTC Windchill RCE) to its KEV catalog after confirmed in-the-wild exploitation. Organizations using Windchill should verify exposure and prioritize patching. via SecurityWeek #CyberSecurity #InfoSec #Vulnerability https://t.co/9Cu0LWBklv
avatar
SempreUpdate@SempreUpdate
8 days ago
CVE-2026-12569: CISA alerta sobre ataques ao Windchill https://t.co/m9yFYHOdVS
avatar
Clone Systems@CloneSystemsInc
8 days ago
PTC Windchill is facing confirmed in the wild exploitation for CVE-2026-12569, marking the first known real world exploitation of a PTC product vulnerability. The flaw affects PTC Windchill and FlexPLM and can allow a remote unauthenticated attacker to execute arbitrary code https://t.co/7l4KTmdou9
avatar
The Hacker News@TheHackersNews
8 days ago
🚨 Attackers are exploiting a critical PTC flaw to drop JSP web shells. CISA added CVE-2026-12569 to its KEV catalog after active exploitation was confirmed. — Affected: PTC Windchill PDMlink and FlexPLM. — Patch now. Hunt for IoCs. Read more: https://t.co/r7XHUzXE5G
avatar
TECHEPAGES@techepages
8 days ago
🛠️ CISA has added CVE-2026-12569, a critical PTC Windchill/FlexPLM flaw, to its Known Exploited Vulnerabilities catalog, the first-ever confirmed real-world exploitation of a PTC product. It lets unauthenticated attackers run code via crafted requests; agencies must patch by June
avatar
Xavier Rivera@XavierRiveraX
8 days ago
PTC Windchill and FlexPLM land on CISA's KEV: CVE-2026-12569 lets unauthenticated attackers execute arbitrary code via a malicious network request. Root cause is improper input validation, confirmed actively exploited. Patch required for federal environments under BOD 26-04.
avatar
DFIR Lab@DFIR_Lab
9 days ago
🚨 CRITICAL: CVE-2026-12569 in PTC Windchill & FlexPLM. CVSS allows unauthenticated RCE via malicious network request. Added to CISA KEV—patch by 2026-06-28. #CVE #ThreatIntel #DFIR https://t.co/mFYslXfjEH
CVE-2026-42271
8.8/ 10
CVSS Score
80/ 100
SVRS Score
2.31M
Audience
55
Social Media
18
News
0
Repos
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.
avatar
Ashok Kumar Singh@AIAshokSingh
2 days ago
CRITICAL SECURITY ALERT: LiteLLM CVE-2026-42271 has been officially added to CISA’s Known Exploited Vulnerabilities list. 🚨🔒 This flaw chains with Starlette to allow unauthenticated Remote Code Execution (RCE) with a maximum CVSS score of 10.0. If you run a LiteLLM inference https://t.co/N8LufkikyQ
avatar
Alex Remniov@alexremn
2 days ago
Your AI gateway might be the biggest hole in your infra. CVE-2026-42271: unauth RCE in LiteLLM — one request, attacker gets every model API key configured. On CISA KEV since Jun 27. One proxy for all LLM traffic = perfect target. Running LiteLLM in prod — patched yet?
avatar
Hesper AI@starhesper
2 days ago
LiteLLM's MCP test endpoint accepted raw command and args. CVE-2026-42271: command injection. CVE-2026-48710: authentication stripped. Combined CVSS: 10. CISA confirmed exploitation. Every AI provider key in the proxy: exposed. Patch: 1.83.7. The gateway is the attack surface.
avatar
avinash sangle@avi_sangle
18 days ago
CISA added LiteLLM's CVE-2026-42271 to its Known Exploited Vulnerabilities list on June 9. If you run the gateway internet-facing, this is an incident, not a backlog item. Here's the response runbook I wrote after digging through the chain. THE CHAIN CVE-2026-42271 (CVSS 8.7)
avatar
Martin Musiol@musiol_martin
18 days ago
CVE-2026-42271 in LiteLLM is on CISA's actively-exploited list. Chain it with a Starlette host-header bypass and the auth check vanishes entirely — unauthenticated RCE on your AI gateway. The gateway you added to centralize control is now the one door everyone walks through.
avatar
Martin Musiol@musiol_martin
18 days ago
CVSS 10. Unauthenticated RCE. Already exploited, already tagged to Qilin ransomware. The hole in @LiteLLM (CVE-2026-42271): the endpoints that let you "test" an MCP server config accept command/args/env from the request body. The convenience feature is the RCE. Chain a Starlette
avatar
Aviatrix Threat Research Center@aviatrixtrc
19 days ago
Attackers are chaining CVE-2026-42271 with authentication bypasses to achieve unauthenticated RCE on LiteLLM AI gateways. Command injection leads to privilege escalation and lateral movement within enterprise networks. Runtime segmentation helps contain post-compromise activity
avatar
GoCocoaAI@GoCocoaAI
25 days ago
Sources for this post: Bitdefender Global Scam Intelligence Report 2026, via Help Net Security (published 2026-06-10): https://t.co/UtbUBSjhjV Sidebar flag from the same page: CVE-2026-42271 (LiteLLM, active exploitation, CISA warning) — an AI-stack vulnerability worth a https://t.co/u8SoizhoOs
avatar
ThreadLinqs@threadlinqs
25 days ago
An AI gateway flaw lets attackers run code unauthenticated - CISA says CVE-2026-42271 is being exploited now. https://t.co/f1B9nmqR4p #ThreatIntel #CVE https://t.co/2vyhCPKq1t
avatar
ThreadLinqs@threadlinqs
25 days ago
An AI gateway flaw lets attackers run code unauthenticated - CISA says CVE-2026-42271 is being exploited now. https://t.co/f1B9nmqR4p #ThreatIntel #CVE https://t.co/hkve0nxplM
CVE-2026-46817
9.8/ 10
CVSS Score
89/ 100
SVRS Score
2.31M
Audience
60
Social Media
28
News
2
Repos
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
avatar
Shah Sheikh@shah_sheikh
3 days ago
Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed: Oracle E-Business Suite flaw CVE-2026-46817 is under active attack, with about 950 vulnerable internet-facing instances still exposed. This week, Defused Cyber researchers warned that… https://t.co/LKjJdVqVfK https://t.co/C4b0wW1YZN
avatar
HeroDevs@herodevs
3 days ago
CVE-2026-46817 (CVSS 9.8) in Oracle E-Business Suite Payments is now under active exploitation — 900+ exposed instances found online. Oracle patched last month; if you haven't applied it, do so now. #CyberSecurity #InfoSec https://t.co/R93yhrXV2f
avatar
TECHEPAGES@techepages
3 days ago
🚨 Over 900 Oracle E-Business Suite instances exposed online amid active exploitation of critical flaw CVE-2026-46817 (CVSS 9.8), unauthenticated HTTP takeover, no privileges needed. 🔹 Flaw sits in Payments' File Transmission component; patched in May 2026 CPU 🔹 First
avatar
CHItrader@CHItrader
3 days ago
ORACLE PAYMENTS HACKED AGAIN $ORCL E-Business Suite just caught a nasty active exploit in its Payments module via CVE-2026-46817. Unauthenticated pricks can now take over systems and fuck with payments. 🔹 9.8 severity flaw in File Transmission—patched May, exploited over the
avatar
CyberTLDR@CyberTLDR
3 days ago
1/3 Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) is under active attack. Unauthenticated attackers can take over Oracle Payments via HTTP. Versions 12.2.3-12.2.15 affected. Oracle patched this last month. Patch now. #CVE #Oracle #cybersecurity #vulnerability
avatar
moton@moton
3 days ago
Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817) - Help Net Security - https://t.co/G4FqHBgIgF
avatar
Sami Laiho@samilaiho
3 days ago
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild https://t.co/vC8z0aptIP
avatar
The Shadowserver Foundation@Shadowserver
3 days ago
IP data for your network/constituency shared in our Device ID reporting (device_vendor Oracle device_model Oracle E-Business Suite) World Map view of exposed EBS instances (no vulnerability assessment): https://t.co/VG62IBG139 CVE-2026-46817 NVD entry: https://t.co/fKIZaazqlN
avatar
The Shadowserver Foundation@Shadowserver
3 days ago
We have improved our Oracle E-Business Suite fingerprinting by adding domain based scans in collaboration with @ValidinLLC. Around 950 exposed instances now seen globally (no vulnerability assessment). CVE-2026-46817 attempts have been observed in the wild by @DefusedCyber https://t.co/gghdTt5b1X
avatar
neuco@neucogroup
3 days ago
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild https://t.co/ao3oL09WFx #neuco
CVE-2026-20262
6.5/ 10
CVSS Score
64/ 100
SVRS Score
2.26M
Audience
54
Social Media
21
News
2
Repos
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.
avatar
Lucas@lucasverdan
18 days ago
🛑 Cisco patches another SD-WAN zero-day after limited exploitation CVE-2026-20262 lets authenticated attackers overwrite files in Cisco Catalyst SD-WAN Manage… 🔗 Details → https://t.co/RrLpI2HPIo
avatar
TECHEPAGES@techepages
18 days ago
🚨 Cisco has patched CVE-2026-20262, a zero-day in Catalyst SD-WAN Manager exploited to escalate privileges to root. First detected earlier this month, the flaw lets authenticated remote attackers upload malicious files via crafted HTTP requests affecting all deployment types.
avatar
Israel@f1tym1
18 days ago
Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks https://t.co/UcHxW7rvRh Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. The post Cisco Patches Another SD-WAN Zero-Day Exploited …
avatar
America's Pick@nims213
18 days ago
Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks https://t.co/R5LpSriKBO Cisco on Monday warned customers about yet another SD-WAN product zero-day exploited in attacks.  The flaw, tracked as CVE-2026-20262, has been described as a medium-severity arbitrary file wr…
avatar
Shah Sheikh@shah_sheikh
18 days ago
Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks: Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. The post Cisco Patches Another SD-WAN Zero-Day Exploited… https://t.co/EiGKypnvm9 https://t.co/yLmcExUMfe
avatar
Eduard Kovacs@EduardKovacs
18 days ago
Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. https://t.co/YddSoAT8tR
avatar
The Hacker News@TheHackersNews
18 days ago
⚠️ Cisco has released patches for a Catalyst SD-WAN Manager flaw now exploited in the wild. CVE-2026-20262 lets an authenticated attacker with write access create or overwrite files on affected systems. Read: https://t.co/Zwt1wXCi9x https://t.co/5jcia48aUm
avatar
Threat ResQ™@ThreatResq
19 days ago
Cisco patched CVE-2026-20262 in Catalyst SD-WAN Manager amid active exploitation. The flaw lets attackers upload crafted files to gain root privileges. https://t.co/L9jUGrdqvB #Cisco #CVE #Catalyst #SDWAN #exploit #root #CyberSecurity #CybersecurityNews #ThreatResQ #threatresq
avatar
AbOUk | East Africa Tech@abokfelix
19 days ago
1/4 🚨 Cisco SD-WAN Zero-Day Alert 🚨 Cisco has released an emergency patch for a critical SD-WAN zero-day (CVE-2026-20262). It’s being actively exploited to gain root-level access. #CyberSecurity #Cisco #ZeroDay #Infosec
avatar
Aviatrix Threat Research Center@aviatrixtrc
19 days ago
Attackers exploited CVE-2026-20262 to escalate from low-privilege credentials to root access on Cisco SD-WAN vManage systems. TRC analysis shows the vulnerability enabled lateral movement across network infrastructure, highlighting risks when management systems lack runtime
CVE-2026-54420
8.5/ 10
CVSS Score
78/ 100
SVRS Score
2.23M
Audience
25
Social Media
12
News
0
Repos
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
avatar
Divinmentis@Divinmentis
18 days ago
🔐 KEV alert: CISA added CVE-2026-54420 in LiteSpeed cPanel Plugin to KEV. LiteSpeed says versions before cPanel plugin 2.4.8 are actively exploited and can allow privilege escalation to root on CloudLinux/CageFS shared hosting. #KEV https://t.co/kfGRXkgrfg
avatar
CCB Alert@CCBalert
18 days ago
Warning: #LiteSpeed Technologies releases security updates to fix a vulnerability in the LiteSpeed cPanel Plugin that is being actively exploited. #CVE-2026-54420 (CVSS 8.5) allows an attacker to escalate privileges to root. https://t.co/QyQq7sPrQe #Patch #Patch #Patch
avatar
TECHEPAGES@techepages
18 days ago
⚠️ CISA has added CVE-2026-54420 (CVSS 8.5) to its Known Exploited Vulnerabilities catalog, a privilege escalation flaw in LiteSpeed's cPanel plugin that lets anyone with FTP or web shell access gain root on shared hosting servers running CloudLinux or CageFS. 🔧 Federal
avatar
ThreatCluster@threatcluster
18 days ago
CISA ordered US federal agencies to secure servers running the LiteSpeed cPanel user-end plugin after adding actively exploited root-privilege flaw CVE-2026-54420 to its KEV catalogue, BleepingComputer reported. https://t.co/zB7eLnrmXO
avatar
Red Secure Tech Ltd.@redsecuretech
18 days ago
CISA adds LiteSpeed cPanel privilege escalation flaw CVE-2026-54420 to KEV catalog. Patch to WHM Plugin v5.3.2.1 by June 18, 2026. https://t.co/X5tWEQswXE #LiteSpeed #CVE #PrivilegeEscalation #CloudLinux #CageFS #SharedHosting #KEVcatalog #CISA #Namecheap #ServerSecurity https://t.co/rG62Zmk79a
avatar
Trube Technologies@trubetech
18 days ago
CISA warns of another actively exploited flaw in the LiteSpeed cPanel plugin (CVE-2026-54420) hitting U.S. government servers. Our latest post breaks down the risk, affected versions, and immediate remediation steps. Read more: https://t.co/NFCcgTaH2I
avatar
Threat Signal@ThreatSignal_IN
18 days ago
@TheHackersNews CISA just added CVE-2026-54420 to the KEV. Escaping shared hosting to grab root via a symlink in the LiteSpeed cPanel plugin is an Initial Access Broker's absolute dream. It’s another stark reminder of the massive blast radius inherent to multi-tenant environments.
avatar
Threat Signal@ThreatSignal_IN
18 days ago
@DarkWebInformer CISA just added CVE-2026-54420 to the KEV. Escaping shared hosting to grab root via a symlink in the LiteSpeed cPanel plugin is an Initial Access Broker's absolute dream. It’s another stark reminder of the massive blast radius inherent to multi-tenant environments.
avatar
The Hacker News@TheHackersNews
18 days ago
🚨 A shared hosting flaw just landed on CISA’s exploited list. CVE-2026-54420 affects the LiteSpeed cPanel Plugin and can let a user with FTP or web shell access gain root on CloudLinux/CageFS servers. Federal agencies must patch by June 18, 2026. Read: https://t.co/KEaqsStI2D https://t.co/G7GZjG2BwE
avatar
Daily CyberSecurity@the_yellow_fall
19 days ago
CVE-2026-54420, a LiteSpeed cPanel privilege escalation flaw, is exploited in the wild to gain root on shared hosting. Patch to plugin v2.4.8 now. #LiteSpeed #cPanel #CVE202654420 #PrivilegeEscalation #InfoSec https://t.co/rOiebScACs https://t.co/7zHLiwvUk9
CVE-2026-20245
7.8/ 10
CVSS Score
80/ 100
SVRS Score
2.22M
Audience
176
Social Media
52
News
2
Repos
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user.  To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.
avatar
The Cyber Security Hub™@TheCyberSecHub
29 days ago
Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) https://t.co/wZta2CbSg7
avatar
Shah Sheikh@shah_sheikh
29 days ago
Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245): A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this… https://t.co/04S1Ud3ABc https://t.co/vLv4sLQ8fl
avatar
Eric Vanderburg@evanderburg
29 days ago
#Cisco #SDWAN #0day exploited, no patch available (CVE-2026-20245) https://t.co/6faFLN20IF https://t.co/PjWXQMqF7U
avatar
NerdieNews@NewsNerdie
29 days ago
🚨 BREAKING: Cisco alerts users to a high-severity zero-day vulnerability in Catalyst SD-WAN Manager (CVE-2026-20245) that allows root privilege escalation. Active exploitation reported. Stay vigilant! #NerdieNews #CyberSecurity #BreakingNews #InfoSec #ZeroDay #Cisco https://t.co/iwLk6x51mE
avatar
America's Pick@nims213
29 days ago
Cisco warns of unpatched SD-WAN zero-day exploited in attacks https://t.co/QjIzpXFadG On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escala…
avatar
Trube Technologies@trubetech
29 days ago
Cisco warns of a high-severity unpatched SD-WAN zero-day (CVE-2026-20245) actively exploited to gain root privileges. Read our latest summary on how attackers are leveraging this flaw and what you can do to mitigate exposure. https://t.co/ZA35CkPH2V
avatar
Israel@f1tym1
29 days ago
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 https://t.co/6C6pnkK8pZ The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on …
avatar
NerdieNews@NewsNerdie
29 days ago
🚨 BREAKING: Cisco alerts users to a critical SD-WAN zero-day vulnerability, CVE-2026-20245, allowing root command execution. No patch available yet. Stay vigilant and monitor updates. #NerdieNews #CyberSecurity #BreakingNews #InfoSec #ZeroDay #Cisco https://t.co/5XKnbZe9vR
avatar
Shah Sheikh@shah_sheikh
29 days ago
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026: The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on… https://t.co/oUbw3T63E0 https://t.co/BEE1RPeJ8c
avatar
Eduard Kovacs@EduardKovacs
29 days ago
Cisco informed customers about CVE-2026-20245, the seventh SD-WAN product vulnerability exploited in the wild in 2026. https://t.co/ojjjaSGQKn
CVE-2026-43503
8.8/ 10
CVSS Score
89/ 100
SVRS Score
2.2M
Audience
50
Social Media
20
News
5
Repos
In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when moving frags from source to destination. __pskb_copy_fclone() defers the rest of the shinfo metadata to skb_copy_header() after copying frag descriptors, but that helper only carries over gso_{size,segs, type} and never touches skb_shinfo()->flags; skb_shift() moves frag descriptors directly and leaves flags untouched. As a result, the destination skb keeps a reference to the same externally-owned or page-cache-backed pages while reporting skb_has_shared_frag() as false. The mismatch is harmful in any in-place writer that uses skb_has_shared_frag() to decide whether shared pages must be detoured through skb_cow_data(). ESP input is one such writer (esp4.c, esp6.c), and a single nft 'dup to <local>' rule -- or any other nf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()'d skb in esp_input() with the marker stripped, letting an unprivileged user write into the page cache of a root-owned read-only file via authencesn-ESN stray writes. Set SKBFL_SHARED_FRAG on the destination whenever frag descriptors were actually moved from the source. skb_copy() and skb_copy_expand() share skb_copy_header() too but linearize all paged data into freshly allocated head storage and emerge with nr_frags == 0, so skb_has_shared_frag() returns false on its own; they need no change. The same omission exists in skb_gro_receive() and skb_gro_receive_list(). The former moves the incoming skb's frag descriptors into the accumulator's last sub-skb via two paths (a direct frag-move loop and the head_frag + memcpy path); the latter chains the incoming skb whole onto p's frag_list. Downstream skb_segment() reads only skb_shinfo(p)->flags, and skb_segment_list() reuses each sub-skb's shinfo as the nskb -- both p and lp must carry the marker. The same omission also exists in tcp_clone_payload(), which builds an MTU probe skb by moving frag descriptors from skbs on sk_write_queue into a freshly allocated nskb. The helper falls into the same family and warrants the same fix for consistency; no TCP TX-side in-place writer is currently known to reach a user page through this gap, but a future consumer depending on the marker would regress silently. The same omission exists in skb_segment(): the per-iteration flag merge takes only head_skb's flag, and the inner switch that rebinds frag_skb to list_skb on head_skb-frags exhaustion does not fold the new frag_skb's flag into nskb. Fold frag_skb's flag at both sites so segments drawing frags from frag_list members carry the marker.
avatar
OpenVPN Inc.@OpenVPN
2 days ago
JFrog just published a working root exploit for DirtyClone (CVE-2026-43503) — a Linux kernel flaw that escalates to root without writing anything to disk, defeating file-integrity monitoring on Debian, Ubuntu, and Fedora. Check your kernel patch status now. https://t.co/Z5TaFIuDBV
avatar
Chris Short@ChrisShort
3 days ago
Dissecting and Exploiting Linux LPE Variant: DirtyClone (CVE-2026-43503) - JFrog Security Research #devopsish https://t.co/TTv5lvNBI5 https://t.co/EJXS05rJLi
avatar
Tails@Tails_live
3 days ago
Tails 7.9.1 is out: https://t.co/1TZmZC8BtT It fixes CVE-2026-43503 (*DirtyClone*) and CVE-2026-46331 (*PACKET_EDIT_MEME*).
avatar
Linuxiac@linuxiac
3 days ago
Canonical says Ubuntu kernel updates are available for DirtyClone, a high-severity Linux local privilege escalation flaw tracked as CVE-2026-43503. https://t.co/2XUyHDrTAL #Linux #Ubuntu #Security
avatar
Trio Soft inc@triosoftinc
3 days ago
DirtyClone hands any local Linux user root. A working exploit for CVE-2026-43503 went public last week. It rewrites su in memory. The file never changes, so integrity tools miss it. Fourth root bug in this family since April. Unpatched fleets stay open. #Linux #ITAdmin #InfoSec https://t.co/0fRXiGGB3w
avatar
Packet Commander ⚡️@JAVI_MEI
3 days ago
A Python script with zero compilation just turns any unprivileged Linux user into root. DirtyClone (CVE-2026-43503) is live on GitHub. CVSS 8.8. Here is what you need to know right now. The fix is upstream: commit 48f6a5356a33. While you wait for your distro backport, restrict https://t.co/OOcGaNvPzY
avatar
Technology Updates@DIYprojects55
4 days ago
https://t.co/OvXVC5Ltl5 DirtyClone (CVE-2026-43503): New Linux Kernel Flaw Lets Local Users Escalate to Root via Cloned Network Packets. A newly disclosed #Linux #kernel vulnerability, nicknamed "DirtyClone" and tracked as CVE-2026-43503, allows an unprivileged local user..
avatar
The Hacker News@TheHackersNews
8 days ago
🛑 A new #Linux kernel flaw lets a local user rewrite /usr/bin/su in memory and gain #root. The file on disk never changes. No audit trail. DirtyClone (CVE-2026-43503) is the fourth bug with this failure mode in two months. Details and what to do ↓ https://t.co/nYsNZKu7Mk
avatar
The Daily Tech Feed@dailytechonx
8 days ago
A new Linux kernel vulnerability, 'DirtyClone' (CVE-2026-43503), allows local users to gain root access via cloned network packets. This flaw affects systems with default namespace configurations, including Debian and Fedora. Immediate kernel updates are essential to mitigate https://t.co/CGgZyU7Fez
avatar
ThreatCluster@threatcluster
29 days ago
The Tails project released version 7.8.1 as an emergency fix for Linux kernel CVE-2026-43503, which allows Tails applications to gain admin privileges, and multiple Tor client flaws, the maintainers said. https://t.co/UNIyAJ11ag
CVE-2026-35273
9.8/ 10
CVSS Score
87/ 100
SVRS Score
2.04M
Audience
181
Social Media
68
News
2
Repos
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
avatar
ZeroDayFacts@ZeroDayFacts
2 days ago
🚨 @NissanJP has recently been hit by a data breach! The carmaker confirmed that attackers exploited a zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft to steal employee data. Current and former staff in the @NissanUSA, @nissancanada, @Nissan_mx, and nissan brazil are
avatar
TrendAI™ Research@trendai_RSRCH
3 days ago
CVE-2026-35273 in PeopleSoft PeopleTools lets attackers plant a malicious file via the gateway and run code on the next restart. No process spawned, no signal sent. The technique leaves no observable trail at execution time. Read more: https://t.co/BnERL2g3Pb
avatar
Threat Signal@ThreatSignal_IN
18 days ago
1/4 CISA just pushed CVE-2026-35273 (Oracle PeopleSoft Enterprise PeopleTools) into the KEV. While the timeline is fixated on edge VPN bugs, ShinyHunters has been quietly weaponizing this missing authentication flaw to rip through ERP databases.
avatar
Md Ismail Šojal 🕷️@0x0SojalSec
18 days ago
The entry point to a full RCE chain. It’s not just another SSRF. The real story behind the CVE-2026-35273 chaos: Critical Alert: CVE-2026-35273 (CVSS 9.8) Unauthenticated RCE via SSRF in Oracle PeopleSoft PeopleTools 8.61 & 8.62. If you run PeopleTools 8.61 or 8.62 to check
avatar
OpSec Insider@OpSecInsider
18 days ago
The group says it used a zero-day in Oracle PeopleSoft (CVE-2026-35273, CVSS 9.8) to pull more than 429.000 files: 409.000 payslips, 14.000 CVs, and bank, tax, and medical records for over 10.000 staff going back to 2011.
avatar
Aviatrix Threat Research Center@aviatrixtrc
19 days ago
ShinyHunters exploited CVE-2026-35273 in Oracle PeopleSoft to compromise Council of Europe systems. Attackers escalated privileges through IAM manipulation and moved laterally to exfiltrate 429,000 HR/payroll documents. Runtime segmentation could help limit such internal
avatar
RedLegg@RedLegg
23 days ago
Security Bulletin: Oracle PeopleSoft Enterprise PeopleTools - RCE (CVE-2026-35273) A critical flaw in PeopleTools is being actively exploited by threat actors targeting organizations, especially in the education sector. https://t.co/DzbBiYztsG
avatar
Aviatrix Threat Research Center@aviatrixtrc
23 days ago
TRC analysis shows ShinyHunters exploited CVE-2026-35273 to compromise 100+ organizations, primarily universities. Attackers gained unauthenticated RCE in PeopleSoft, then escalated privileges and moved laterally across interconnected systems. Runtime segmentation could have
avatar
Epic Plain@EpicPlain
23 days ago
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities https://t.co/XLLYCxRo9S #CyberSecurity
avatar
Austin Larsen@AustinLarsen_
23 days ago
New from our our team at GTIG: #UNC6240 is back to targeting educational institutions in a new data theft extortion campaign. The activity targets Oracle's #PeopleSoft by exploiting Zero-Day CVE-2026-35273. Disable EMHub and check our blog for guidance. https://t.co/5qhbKM7i6P
CVE-2026-8451
7.5/ 10
CVSS Score
71/ 100
SVRS Score
2.02M
Audience
28
Social Media
16
News
1
Repos
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP
avatar
Aviatrix Threat Research Center@aviatrixtrc
3 days ago
TRC analysis shows attackers exploited CVE-2026-8451 to extract sensitive memory contents from NetScaler appliances via malformed SAML requests. The vulnerability enables lateral movement and privilege escalation across network infrastructure. Runtime segmentation helps contain
avatar
ThreatCluster@threatcluster
3 days ago
CVE-2026-8451 exploits insufficient input validation that leads to memory overread on affected NetScaler systems used as a SAML IDP. This flaw does not require authentication to access sensitive memory contents, increasing exposure risk.
avatar
ThreatCluster@threatcluster
3 days ago
Citrix disclosed six high-severity vulnerabilities in NetScaler ADC and Gateway appliances affecting versions prior to 14.1-72.61 and 13.1-63.18. One flaw, CVE-2026-8451, allows unauthenticated memory disclosure when configured as a SAML identity provider. https://t.co/LsXq6uCZXd
avatar
VulDB 🛡@vuldb
3 days ago
A lot of offensive activities were identified targeting Citrix NetScaler ADC and NetScaler Gateway (CVE-2026-8451) https://t.co/95ofzV5dgq
avatar
ThreatCluster@threatcluster
3 days ago
Six high-severity vulnerabilities affect Citrix NetScaler ADC and Gateway, including CVE-2026-8451 with a CVSS score of 8.8. - Memory overreads and arbitrary file access risks target systems using SAML Identity Provider configurations. - CVE-2026-3055 confirmed as actively https://t.co/Y8j9KmwFZd
avatar
eSecurityPlanet@eSecurityPlanet
3 days ago
Critical vulnerabilities, state-backed threats, and browser-based attacks: A critical @Citrix @NetScaler flaw (CVE-2026-8451) can leak sensitive memory, exposing session tokens, credentials, and other data. Stay ahead: https://t.co/As4agqBYxU #Cybersecurity #TechNews #Threats https://t.co/dKWrRk9J51
avatar
SOCRadar®@socradar
3 days ago
Getting flashbacks to CitrixBleed? You aren't the only one. 🚨 CVE-2026-8451 (CVSS 8.8) is a nasty new memory overread flaw hitting NetScaler ADC & Gateway. 🔹 Exposure depends on SAML IdP being enabled. 🔹 No active exploitation... yet. Don't wait for the fireworks. Patch
avatar
Meridian Group@MeridianEU
3 days ago
#Citrix patches 6 high-severity NetScaler ADC/Gateway flaws: unauthenticated file read (CVE-2026-10816), SAML memory overread with recurring root cause (CVE-2026-8451), and HTTP/2 DoS (CVE-2026-13474). No active exploitation confirmed. #ThreatIntel https://t.co/pcwe3f5vkF
avatar
DFIR Radar@DFIR_Radar
3 days ago
CVE-2026-8451 (CVSS 8.8): Citrix NetScaler's custom SAML XML parser reads past its input buffer, leaking process memory into the NSC_TASS cookie with no authentication required. NetScaler configured as a SAML IDP is the attack surface. - CVE-2026-8451, CVSS 8.8, affects https://t.co/z4A7xNrOlG
avatar
ZeroDayFacts@ZeroDayFacts
4 days ago
Urgent: Citrix just patched 6 NetScaler flaws (CVE-2026-8451, etc.)! 🚨 Critical memory overreads & DoS bugs. One allows unauthenticated file read if management IPs are exposed. No active exploits yet, but patch NOW. The HTTP/2 fix (CVE-2026-13474) needs a manual config change
CVE-2026-45247
9.8/ 10
CVSS Score
87/ 100
SVRS Score
2.01M
Audience
38
Social Media
11
News
0
Repos
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.
avatar
Lyrie.ai@lyrie_ai
24 days ago
03:00 UTC: First exploit attempt in the wild. CVE-2026-45247 added to CISA KEV: Mirasvit Mirasvit Full Page Cache Warmer
avatar
The Daily Tech Feed@dailytechonx
29 days ago
Critical RCE vulnerability (CVE-2026-45247) in Magento's Mirasvit Cache Warmer extension actively exploited. Immediate update to version 1.11.12 recommended. Link: https://t.co/Ia2G5ywP8g #Magento #Mirasvit #RCE #Vulnerability #Exploit #Security #Cyberattack #Patch #Update https://t.co/7KnxZxi7m8
avatar
AlexAImaginator@TraffAlex
29 days ago
🔒 CYBERSECURITY, PRIVACY & OPEN SOURCE DAILY — June 05, 2026 1️⃣ CISA ADDS CVE-2026-45247 TO KNOWN EXPLOITED VULNERABILITIES CATALOG CISA has added a critical deserialization vulnerability in Mirasvit Full Page Cache Warmer (CVE-2026-45247) to its Known Exploited
avatar
Elusive@ElusivePrivacy
29 days ago
🔓 CVE-2026-45247, CVSS 9.8. Unauthenticated PHP object injection in Mirasvit Full Page Cache Warmer for Magento 2 enables remote code execution. Actively exploited in the wild to deploy web shells and create admin accounts. Thousands of Adobe Commerce storefronts affected.
avatar
Silent Vector@gh0st_V3ctbrv
29 days ago
🚨-4- CISA Adds Mirasvit Cache Warmer Flaw to Exploited Vulnerabilities Catalog 🎯 Attack: The U.S. CISA added a Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. 👤 Threat Actor: Unknown 💥 Impact:
avatar
DFIR Radar@DFIR_Radar
30 days ago
CISA adds CVE-2026-45247 (CVSS 9.3) to KEV catalog - critical PHP object injection in Mirasvit Cache Warmer for Magento allows unauthenticated RCE via crafted CacheWarmer cookie. Federal agencies must patch by June 6. #DFIR_Radar https://t.co/FHGU3rGtss
avatar
ねこさん⚡(ΦωΦ)@catnap707
30 days ago
CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks https://t.co/SPpYeBrNEf"CISA has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247"
avatar
Jedi Security •|• OSS@JedisecX
30 days ago
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog https://t.co/9YPRfmbbxb
avatar
The Hacker News@TheHackersNews
30 days ago
🚨 Attackers are actively exploiting CVE-2026-45247, a critical Magento RCE flaw in Mirasvit Cache Warmer. CISA added it to KEV. The bug scores 9.8 CVSS and allows unauthenticated PHP code execution via crafted CacheWarmer cookies. Patch before June 6. Read: https://t.co/8Mi4jPebwq
avatar
CISA Cyber@CISACyber
2026-06-03
🛡️ We added Mirasvit Full Page Cache Warmer deserialization of untrusted data vulnerability CVE-2026-45247 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/nSR71c2CvX
CVE-2026-33017
9.8/ 10
CVSS Score
96/ 100
SVRS Score
2M
Audience
26
Social Media
10
News
0
Repos
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.
avatar
Dr. Siraj Dokadia@SirajD_Official
1 day ago
Langflow CVE-2026-33017 vulnerability exploited in campaign delivering cryptominers https://t.co/pm3Iqv211V https://t.co/P3OIWoZqfL
avatar
Orca Security@orcasec
2 days ago
🚨 Critical Langflow RCE (CVE-2026-33017, CVSS 9.8) is being actively exploited to deploy cryptominers on AI infrastructure. Patch to v1.9.0+ now. We've got the full breakdown 👇 https://t.co/jLGWmbXcyt https://t.co/82cATmCKTq
avatar
CloudSecurityAlliance@cloudsa
2 days ago
CISO Daily Briefing: Unit 42: 2.1M AI-hallucinated brand URLs mapped — ~250K unregistered and open for adversarial squatting now; CVE-2026-33017 (Langflow, CVSS 9.3) actively exploited with cron persistence and C2; Fable 5's 19-day export control blackout exposed zero contractual
avatar
Issam Hakimi@killix
3 days ago
Anthropic and Glasswing debate jailbreak severity. CVE-2026-33017 gives attackers RCE on exposed Langflow in 20 hours. We grade model intent while the tool graph is unauthenticated RCE. AI infrastructure security is not inside the model. It is at the system calls the agent can tr
avatar
CyberTLDR@CyberTLDR
3 days ago
1/3 Langflow CVE-2026-33017 (CVSS 9.3) is actively exploited to drop Monero miners on AI endpoints. No auth required. Attackers eval Python in an unauthenticated API to fetch and run a miner binary. Exposed AI dev infra is a live attack surface. #CVE #Langflow #cybersecurity
avatar
Clone Systems@CloneSystemsInc
3 days ago
Critical Langflow RCE Exploited in Cryptomining Campaign Threat actors are exploiting CVE-2026-33017, a critical unauthenticated RCE vulnerability in Langflow, to target exposed AI application endpoints and deploy a Monero miner. The malware can disable security controls, https://t.co/rKlnJeIQj1
avatar
TrendAI™ Research@trendai_RSRCH
3 days ago
The miner behind CVE-2026-33017 Langflow exploitation dropped from 31 out of 66 to 4 out of 66 on VirusTotal between 2024 and 2026. Smaller binary, shuffled strings, actively maintained. Not a recycled payload. See our full research: https://t.co/Ed9gIanQiY
avatar
QuanChain@Quan_Chain
4 days ago
The most dangerous attack surface in your AI stack isn't the model, it's the endpoint. CVE-2026-33017 (CVSS 9.3): unauthenticated RCE turned exposed Langflow deployments into Monero miners. No credentials. No phishing. Just a scan. QuanChain's oracle-triggered migration detects https://t.co/JOeZe4C6Tq
avatar
Guru@Guru0791
8 days ago
Langflow CVE-2026-33017 vulnerability exploited in campaign delivering cryptominers https://t.co/xCfreLQdDh https://t.co/7ynzEVYc95
avatar
TrendAI™ Research@trendai_RSRCH
9 days ago
Langflow is an open-source AI workflow builder. Commodity cryptominer operators are actively exploiting CVE-2026-33017, which lets attackers run code on any exposed instance without logging in. Read our full analysis: https://t.co/Ed9gIanQiY

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

F.A.Q.

Find answers to common questions about CVEs and vulnerability intelligence