What is CVE Radar and how does it work?

CVE Radar is a free vulnerability intelligence platform by SOCRadar that provides real-time threat context for every CVE identifier. It aggregates data from the National Vulnerability Database (NVD), exploit databases, threat actor activity feeds, and SOCRadar's proprietary intelligence corpus. For each CVE, it surfaces exploit availability, active exploitation evidence, CVSS scores, affected product versions, and patch status — updated hourly so your team always works with current risk data.

How do I search for a specific CVE or vulnerability?

Enter a CVE identifier (e.g. CVE-2024-12345) or a product name directly into the search bar. CVE Radar returns the full vulnerability profile: severity score, affected versions, exploit availability, vendor patch status, and whether the vulnerability is being actively exploited in the wild. You can also browse trending CVEs on the landing page to identify which vulnerabilities threat actors are currently targeting.

What does 'exploit available' mean in CVE Radar?

The 'exploit available' flag indicates that working exploit code for this CVE has been identified in public repositories (GitHub, Exploit-DB, Metasploit modules) or underground forums. A CVE with a public exploit is substantially more dangerous than one without — attackers can weaponize it with minimal effort. CVE Radar distinguishes between proof-of-concept (PoC) code and fully weaponized exploits used in active attacks.

How is CVE Radar different from the NVD or Mitre database?

The NVD and Mitre databases are authoritative vulnerability registries but they only provide base metadata. CVE Radar enriches each entry with real-world threat intelligence: active exploitation signals from honeypot and telemetry networks, exploit code references, threat actor targeting patterns, and vendor patch release timing. This context transforms a raw severity score into an actionable priority — helping security teams distinguish which CVEs require immediate patching from which can follow a normal patch cycle.

Is CVE Radar free? Do I need to create an account?

CVE Radar is completely free to use. No account, credit card, or software installation is required. You can search any CVE identifier or product name and view full vulnerability profiles instantly. Advanced features such as bulk CVE monitoring, alerting, and integration into security workflows are available through the SOCRadar platform.

Welcome To CVE Radar

Discover trending vulnerabilities, explore attack vectors, exploits, and security details

Top CVE Trend (Last 30 Days)

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution in the kernel is possible by an authenticated user that is able to send packets to the kernel's NFS server while kgssapi.ko is loaded into the kernel. In userspace, applications which have librpcgss_sec loaded and run an RPC server are vulnerable to remote code execution from any client able to send it packets. We are not aware of any such applications in the FreeBSD base system.

Lyrie.ai@lyrie_ai

4 days ago

99% · CVE-2026-4747 On April 7, 2026, Anthropic announced Project Glasswing — a controlled-access coalition of AWS, Apple, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, Palo Alto Networks, and others organized around a single unsettling truth: Anthropic's unreleased…

VicOne@VicOneAuto

8 days ago

4/7 In April 2026, a researcher documented AI taking a FreeBSD vulnerability advisory to a working remote kernel exploit with root shell (CVE-2026-4747).

Dispatchy@dispatchy_ai

10 days ago

Anthropic's Mythos-1 is moving into Claude Code and Claude Security - Project Glasswing reports 10,000+ high/critical vulnerabilities found in 30 days. The model autonomously exploited a 17-year FreeBSD RCE (CVE-2026-4747). Anthropic put $100M in credits on the table.

Konfirmity@konfirmity

21 days ago

2/ April 7: Anthropic released Mythos Preview. It autonomously found and exploited a 17-year-old RCE in FreeBSD (CVE-2026-4747). No human in the loop after the initial prompt. The same model has surfaced thousands of zero-days across almost every major OS and browser.

KompasTekno@KompasTekno

22 days ago

Baca di sini: https://t.co/lJnn2jOYEH Teknologi AI sukses mengeksploitasi celah keamanan kritis sistem operasi (OS) di kernel FreeBSD (kode CVE-2026-4747) secara jarak jauh hanya dalam waktu kurang dari 10 jam, cuma 4 hingga 8 jam. ~AM #ArtificialIntelligence #Hackers #FreeBSD https://t.co/5zWB9qFxT8

Kompas.com@kompascom

22 days ago

Baca di sini: https://t.co/9vVykooC1l Teknologi Artificial Intelligence (AI) sukses mengeksploitasi celah keamanan kritis sistem operasi (OS) di kernel FreeBSD (kode CVE-2026-4747) secara jarak jauh hanya dalam waktu kurang dari 10 jam, cuma 4 hingga 8 jam. ~AM https://t.co/Qxe9744r5k

Abdur@SyedAbdurR2hman

22 days ago

So AISLE went further and built nano-analyzer, a whole codebase parallel scanner. Pointed at the full FreeBSD and OpenBSD kernels. Still detected CVE-2026-4747 with models as small as 3.6B parameters. And found NEW bugs Mythos missed. Confirmed by maintainers.

Daily AI@DailyAILog

25 days ago

CVE-2026-4747, is a stack-based buffer overflow in FreeBSD’s RPCSEC_GSS implementation. In sys/rpc/rpcsec_gss/svc_rpcsec_gss.c, the svc_rpc_gss_validate function fails to check the oa_length field before a 128-byte stack buffer copy, enabling remote code execution.

Daily AI@DailyAILog

25 days ago

Anthropic recently claimed its Mythos model achieved the first AI-driven remote kernel exploit (CVE-2026-4747). However, analysis shows the "novel" bug was actually a rediscovery of an older vulnerability likely present in the model's training data.

Komodo Cyber Security@Komodosec

30 days ago

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) https://t.co/aH4zUYnCxC

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Threat Intelligence@threatintel

6 days ago

#ThreatProtection #CVE-2026-42945 - #NGINX #vulnerability, read more about Symantec's protection: https://t.co/Bjgq5lNEF8

T4itech@t4itech

7 days ago

Critical 18-year-old flaw found in NGINX! CVE-2026-42945 (CVSS 9.2) affects v1.0.0 to 1.30.0. No auth required—just HTTP access. Specific PCRE rewrite configs can trigger DoS or RCE. Patch immediately to 1.30.1 / 1.31.0 or switch to named captures! #nginx #cybersecurity https://t.co/hMIOJ0cb5s

InfoSecSherpa 🏔️@InfoSecSherpa

7 days ago

NGINX Rift: CVE-2026-42945 Critical Heap Buffer Overflow Vulnerability Explained. A single flaw in this layer of the stack can expose countless backend systems that sit safely behind it. https://t.co/GXwuN3EAkn https://t.co/sp56VpNLQc

Gray Hats@the_yellow_fall

7 days ago

Protect your servers from the critical NGINX RIFT vulnerability (CVE-2026-42945). Learn how the flaw affects rewrite configurations and how to patch it now. #NGINX #NGINXRift #CVE202642945 #SysAdmin #ServerSecurity #Cybersecurity #Infosec2026 https://t.co/8pQPIGOd8n

0xuki@0xukis

16 days ago

AI / Cyber News Monitor 🟡 AMBER NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to

Lyrie.ai@lyrie_ai

16 days ago

Source: X search for CVE-2026 critical Posted: 2026-05-17T12:03:18.000Z Likes: 253 0day Intel: 🚨 NGINX bug (CVE-2026-42945) now under active exploitation.

Lyrie.ai@lyrie_ai

16 days ago

CVE-2026-42945: 🚨 NGINX bug (CVE-2026-42945) now under active exploitation. Critical heap overflow in rewrite module. Attackers can crash workers with one request (possible RCE). Patch now if using NGINX ≤1.30.0. Check rewrite/if/set rules. Full details:…

DeepBlue Security & Intelligence@DeepBlueInfoSec

16 days ago

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE https://t.co/DpLSXJ2K6Q

Cyber News Live@cybernewslive

16 days ago

A serious security flaw (CVE-2026-42945) in NGINX — the web server software running a large share of the internet — is already being actively exploited, days after it was made public. Attackers can crash web servers or, in some configurations, take full control of them without

omnipotent@omnipotentblock

16 days ago

An 18 year old NGINX bug just woke up and chose violence. CVE-2026-42945 is a 9.2 heap buffer overflow currently getting exploited in the wild. You need ASLR disabled for full RCE, but anyone can trigger a DoS crash on your workers with a basic crafted HTTP request.

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Lyrie.ai@lyrie_ai

2 days ago

A nine-year-old logic bug in the Linux kernel's cryptographic authentication subsystem is being actively exploited in the wild. CISA added CVE-2026-31431 ("Copy Fail") to its Known Exploited Vulnerabilities catalog Friday, citing real-world attacks. Any unprivileged local…

Lyrie.ai@lyrie_ai

2 days ago

On May 1, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) formally acknowledged that CVE-2026-31431—a Linux kernel privilege escalation flaw—is being exploited in active, in-the-wild attacks. The vulnerability, nicknamed "Copy Fail" by its researchers at…

Lyrie.ai@lyrie_ai

2 days ago

The Supply-Chain Collapse: Vulnerabilities don't live in isolation. CVE-2026-31431 (Copy Fail) doesn't get patched by you—the Linux kernel maintainers patch it, then your distro releases it, then your CI/CD pipeline tests it, then you deploy it. Autonomous discovery skips…

Lyrie.ai@lyrie_ai

2 days ago

490% · CVE-2026-31431 TL;DR The $40B+ consolidation wave in autonomous defense (ServiceNow/Armis $7.75B, CrowdStrike/SGNL $740M, Palo Alto/Koi $400M) is not a sign of innovation—it's a tacit admission that point solutions can't compete with machine-speed attacks.

Matthias Knäpper@knaepp

7 days ago

Mitigating CVE-2026-31431 (“Copy Fail”) in Docker Engine/#docker #container - CVE-2026-31431 is a Linux kernel vulnerability that was recently disclosed.This CVE does not compromise Docker infrastructure. That said, Docker Engine’s default... https://t.co/ZfTbpCEZ9i

Todd Pigram@pigram86

7 days ago

Mitigating CVE-2026-31431 (“Copy Fail”) in Docker Engine https://t.co/CMpBobz6SL

DevOpsChat@devops_chat

7 days ago

Mitigating CVE-2026-31431 (“Copy Fail”) in Docker Engine https://t.co/9qHRTaaCmt - Docker addresses CVE-2026-31431 vulnerability with a crucial update, enhancing security and system performance for users.

Astúrias@actus412

2026-05-03

Uma falha separada no kernel do Linux, descoberta por IA e chamada de "Copy Fail" (CVE-2026-31431), veio a público em 29 de abril, permitindo acesso root em distribuições desde 2017 antes que muitas tivessem aplicado o patch, segundo o Bleeping Computer. https://t.co/vTkEtKTUsU

The Cyber Security Hub™@TheCyberSecHub

2026-05-03

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) https://t.co/0Uhzim8uwq

CompuChris@compuchris

2026-05-03

Short and easy to understand: "Copy-Fail CVE-2026-31431" What is it and how do I mitigate it using owLSM #CISO https://t.co/GckcgfOKzT

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Lyrie.ai@lyrie_ai

2 days ago

May 2, 2026 (overnight): Ctrl-Alt-Intel identified a distinct, sophisticated campaign: an unknown threat actor leveraging CVE-2026-41940 to target government and military entities in the Philippines and Laos, alongside managed service providers (MSPs) in Laos, Canada,…

Lyrie.ai@lyrie_ai

2 days ago

April 29: Initial disclosure of CVE-2026-41940, an authentication bypass affecting cPanel & WHM versions post-11.40. Exploitation observed as early as February 23, 2026 (64 days before public disclosure).

Lyrie.ai@lyrie_ai

2 days ago

The 70-Million-Domain Reckoning: cPanel CVE-2026-41940 Escalates From Mass Exploitation to Nation-State Campaign. The cPanel vulnerability timeline has compressed into a cascade of threats:

Lyrie.ai@lyrie_ai

2 days ago

TL;DR A sophisticated state-directed campaign combined the public CVE-2026-41940 cPanel authentication bypass (CVSS 9.8) with a bespoke zero-day exploit chain targeting an Indonesian Defence sector training portal. Attackers bypassed CAPTCHA by reading the session cookie,…

Lyrie.ai@lyrie_ai

2 days ago

The Government Portal Just Became a Data Exfil Choke Point: CVE-2026-41940 Chains Into Custom Zero-Day, Exfiltrates 4.37GB Chinese Railway Secrets Between April 8–30, 2026, a coordinated adversarial campaign exploited multiple attack surfaces in South-East Asian…

Lyrie.ai@lyrie_ai

2 days ago

CVE-2026-41940 · 9.8 → 11.40 The Government Portal Just Became a Data Exfil Choke Point: CVE-2026-41940 Chains Into Custom Zero-Day, Exfiltrates 4.37GB Chinese Railway Secrets

Lyrie.ai@lyrie_ai

2 days ago

Unpopular opinion: The cybersecurity industry is selling you dashboards. A critical pre-authentication bypass in cPanel and WebHost Manager (WHM) — tracked as CVE-2026-41940 (CVSS 9.8) — gave unauthenticated attackers root-level control of the hosting management plane on…

Lyrie.ai@lyrie_ai

2 days ago

The Ghost Root: CVE-2026-41940 Gave Attackers Admin on 1.5 Million cPanel Servers — for Two Months Before Anyone Knew. A critical pre-authentication bypass in cPanel and WebHost Manager (WHM) — tracked as CVE-2026-41940 (CVSS 9.8) — gave unauthenticated attackers…

Lyrie.ai@lyrie_ai

2 days ago

CVE-2026-41940 illustrates a pattern that repeats across critical internet infrastructure: the most dangerous vulnerabilities are not in the application layer that security teams monitor, but in the management plane that operates beneath it.

Lyrie.ai@lyrie_ai

2 days ago

CVE-2026-41940 is not a single bug. It is three architectural weaknesses lined up in sequence, each allowing the previous to be leveraged into full authentication bypass. watchTowr Labs researcher Sina Kheirkhah traced the full root-cause chain; Rapid7's Ryan Emmons…

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Mr.PlanB | Kubernetes | Proxmox | Datacenter@mrplan_bcde

2 days ago

Palo Alto GlobalProtect CVE-2026-0257 shows why infrastructure trust starts at the edge: VPN, identity, patch visibility, and recovery planning all matter before the hypervisor. Source: https://t.co/VlXxWmh079

DFIR Radar@DFIR_Radar

2 days ago

Palo Alto GlobalProtect CVE-2026-0257 auth bypass now actively exploited via forged authentication override cookies. CISA added to KEV catalog with June 1 federal deadline. Patch immediately or disable authentication override feature. #DFIR_Radar https://t.co/i5houPL3ES

CiberBaur@BotBauR

2 days ago

🚨 Acaba de confirmarse: la vulnerabilidad CVE-2026-0257 permite a atacantes forjar cookies de autenticación de VPN y bypassar el inicio de sesión de VPN en Palo Alto GlobalProtect. Rapid7 ha detectado la explotación activa de esta vulnerabilidad en múltiples entornos de https://t.co/i1MXR6nKQ4

Cyber Security News@CyberSecNews663

2 days ago

Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability affecting PAN-OS and Prisma Access deployments using specific GlobalProtect configurations. The flaw allows attackers to establish unauthorized VPN connections, https://t.co/2Nd2Bdw5AL

Gray Hats@the_yellow_fall

2 days ago

Learn about the active CVE-2026-0257 authentication bypass in PAN-OS. Discover how attackers exploit GlobalProtect VPNs and find key mitigations. #CVE20260257 #PaloAltoNetworks #GlobalProtect #Cybersecurity #Infosec #ThreatIntel https://t.co/uaiEdFCABp https://t.co/YE1KKciRgu

DFIR Radar@DFIR_Radar

2 days ago

CVE-2026-0257 in Palo Alto GlobalProtect allows auth bypass via forged VPN cookies. Rapid7 confirms active exploitation since May 17 across multiple customers. Patch immediately or disable auth override feature. #DFIR_Radar https://t.co/AVphR9nvN3

Yusuf Nuh 🍉@SenseWave_

2 days ago

Attackers began actively exploiting a vulnerability of Palo Alto Networks’ widely used GlobalProtect VPN platform. The flaw, tracked CVE-2026-0257 It affects PAN-OS software used in Palo Alto Networks and enables attackers to bypass authentication protections. #cyber #security https://t.co/NNwenFgUTs

CyberSecurity Insight@CyberSecuriUS

2 days ago

Rapid7 Uncovers Campaign Leveraging Forged VPN Cookies in CVE-2026-0257 Attacks https://t.co/XsxUaZucP1

Techgines@nxtgen579255

2 days ago

CVE-2026-0257 is now an active-priority GlobalProtect issue. Palo Alto says the PAN-OS / Prisma Access flaw can let attackers bypass security restrictions and establish unauthorized VPN connections in affected configurations. https://t.co/44fSlrQTFC https://t.co/QG8KzWwvbJ

Nicolas Krassas@Dinosn

2 days ago

CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers https://t.co/GF24mhxyN2

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

IntegSec@integ_sec

2 days ago

CVE-2026-46333: Linux Kernel Local Privilege Escalation Bug - What It Means for Your Business and How to Respond https://t.co/B90MSy7C1B

WindowsForum@windowsforum

7 days ago

🪲 MSRC dropped another Linux kernel ptrace grenade (CVE-2026-46333). “get_dumpable” sounds harmless—until your Azure Linux boxes can be pried open. Patch fast, IT. #Windows #Security #Azure #Linux https://t.co/p5B5n6pSX7 #AzureLinux #LinuxKernelSecurity #PtraceVulnerability https://t.co/7A0nFJ6nSq

Prophet Joel@2happyCSGO

15 days ago

Major Recent Linux CVEs (May 2026)CVE-2026-46333 (ssh-keysign-pwn): Disclosed mid-May 2026, this LPE allows reading sensitive files like /etc/shadow and SSH keys, with public exploits available. CVE-2026-46300 (Fragnesia): Related to "Dirty Frag," this vulnerability involves

Pere Casas@pcasaspere

16 days ago

Els últims CVE relacionats amb LPE que tenim sobre la taula acabats de sortir del forn: - Copy Fail (CVE-2026-31431) :: 2026-04-22 - Dirty Frag (CVE-2026-43284) :: 2026-05-08 - Fragnesia (CVE-2026-43500) :: 2026-05-11 - SSH-keysign-pwn (CVE-2026-46333) :: 2026-05-15

OSTechNix@ostechnix

16 days ago

Linux Kernel 7.0.8 is released with patches to fix the ssh-keysign-pwn (CVE-2026-46333) root exploit flaw. Update your Linux system today. More details here: https://t.co/jPZcNSJAn2 #Linux #Kernel708 #ssh_keysign_pwn #CVE_2026_46333 #Rootexploit #Security #Kernelpatch

S.Komichevsen Matsuk@w4yh

19 days ago

ssh-keysign-pwn Important 7.8 // CVE-2026-46333 - Red Hat Customer Portal https://t.co/Eo75jwOK8y

S.Komichevsen Matsuk@w4yh

19 days ago

"ssh-keysign-pwn (CVE-2026-46333): Patched kernels available in testing" // AlmaLinux OS - Forever-Free Enterprise-Grade Operating System https://t.co/iSiiBCz0bD

Ken Brubacher@KenBrubacher

19 days ago

This is the daily notice to patch your servers ASAP For CVE-2026-46333

Amor BEN RHOUMA@rhouma_a

19 days ago

ssh-keysign-pwn (CVE-2026-46333): Patched kernels available in testing @AlmaLinux @_adriend_ https://t.co/m0Dm0l4gzq

grsecurity@grsecurity

19 days ago

@thingwhere Yes, it now has CVE-2026-46333 : https://t.co/UrLoIilpeN

Extended Threat Intelligence

Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

ALL IT Services@ALLITAustralia

7 days ago

Palo Alto firewall flaw CVE-2026-0300 under active attack — unauth root access. PAN-OS portal facing the net? Patch today. #CyberSecurity https://t.co/tZknvLqxbe

Inferlume@inferlume_hq

23 days ago

CVE-2026-0300. Unpatched. Unauthenticated root on Palo Alto PA and VM Series firewalls. Exploited since April 9. Actor tunneled in, mapped Active Directory, deleted the logs. CVSS 10.0. No patch until May 13.

TheCybersecurity.club@TheCyberse46292

23 days ago

🚨Palo Alto Networks users: A critical flaw (CVE-2026-0300) in PAN-OS could let attackers take over firewalls without logging in. Exploitation attempts reportedly started back in April 2026. Patch ASAP before your network’s first line of defense becomes the entry point. #PaloAlto

Jim Nitterauer 🇺🇸@JNitterauer

23 days ago

Palo Alto PAN-OS CVE-2026-0300: Critical RCE Under Active Nation-State Exploitation #cybersecurity #PaloAlto #PANOSCVE #patchnow #vulnerability #CISO https://t.co/3nqxPH4og3

DCL Search@DCLSearch

23 days ago

Critical Palo Alto PAN-OS vulnerability CVE-2026-0300 is being actively exploited. NHS England has issued an alert urging UK organisations to patch immediately. https://t.co/eFbJtRxsDP

404🌐LABS@404LABSx

23 days ago

🚨 THREAT INTEL May 11 2026 🔴 PAN-OS RCE CVE-2026-0300 PATCH NOW 🔴 275M student records stolen ShinyHunters 🔴 Cisco FMC RCE ransomware active 🟠 Mirai botnet ClearFake spreading #CyberSecurity #ThreatIntel #SOC https://t.co/1T0ySMEVhV

Lyrie.ai@lyrie_ai

23 days ago

How it works: CVE-2026-0300 is a memory corruption flaw in PAN-OS's User-ID Auth Portal. Crafted packets inject shellcode into nginx workers, granting root RCE — zero auth needed. Then they wipe logs and crash reports from inside the box. Your SIEM saw nothing.

Lyrie.ai@lyrie_ai

23 days ago

9.3 CVSS. No login required. No patch exists. State-backed hackers have been inside Palo Alto firewalls since April — using the very device meant to protect your network as the door in. CVE-2026-0300 is live, unpatched, and already weaponized. 🧵

CCB Alert@CCBalert

23 days ago

Warning: actively exploited Remote Code Execution #RCE #vulnerability in #PaloAlto #PANOS User-ID Authentication Portal. #CVE-2026-0300 CVSS: 9.3. Read our advisory on https://t.co/xOR9gocCxs, harden your setup and #Patch #Patch #Patch

Zero Day Unit@zero_day_unit

23 days ago

GEN-014 — CVE-2026-0300 PAN-OS: RCE activo en firewalls perimetrales https://t.co/MQvPNwJ7u2 #CiberInteligencia de Amenazas #ZeroDay Tendencias

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Dr. Siraj Dokadia@SirajD_Official

1 day ago

CVE-2026-42897 - Microsoft Exchange Server Cross-Site Scripting vulnerability https://t.co/kkM9hpcMQ0 https://t.co/h6nJju2vdL

Dr.Philippe Vynckier, CISSP - Influencer@PVynckier

7 days ago

CVE-2026-42897, Microsoft publie une atténuation d'urgence pour la faille XSS d'Exchange - IT SOCIAL https://t.co/wYjkGRA3ZQ

Lyrie.ai@lyrie_ai

16 days ago

CVE-2026-42897. Status: ✅ Confirmed exploited in the wild Date added: 2026-05-15 Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Tre B@trerbbb

16 days ago

vendor dropped CVE-2026-42897. unauth RCE, CVSS high, actively exploited in the wild. if you run the affected stack, block external access to the affected endpoint until patched. #0day #RCE #CVE-2026-42897 https://t.co/s6kj35afGQ

Lucas@lucasverdan

16 days ago

🛑 CVE-2026-42897 makes on-prem Exchange an immediate mitigation priority CVE-2026-42897 is an actively exploited Microsoft Exchange OWA zero-day that forces defende… 🔗 Details → https://t.co/6fwQEzoDnk

CiberBaur@BotBauR

16 days ago

🚨 Acaba de confirmarse: la agencia de ciberseguridad de EE. UU., CISA, agregó una vulnerabilidad en Microsoft Exchange Server a su catálogo de vulnerabilidades explotadas conocidas, con un puntaje CVSS de 8.1. La vulnerabilidad, identificada como CVE-2026-42897, afecta a los

Gray Hats@the_yellow_fall

16 days ago

Cisco SD-WAN (CVE-2026-20182) and Exchange Server (CVE-2026-42897) are actively exploited in the wild! Discover the top threats you must patch now. #CyberSecurity #InfoSec #VulnerabilityAlert #CVE202620182 #CVE202642897 #Cisco #ExchangeServer #ZeroDay https://t.co/sHCEyUdZVd https://t.co/pdY5pdIPd5

Lyrie.ai@lyrie_ai

16 days ago

Vendor. 0day Intel: Microsoft disclosed CVE-2026-42897 an actively exploited vuln in Exchange Outloo

Lyrie.ai@lyrie_ai

16 days ago

CVE-2026-42897. 0day Intel: Microsoft disclosed CVE-2026-42897 an actively exploited vuln in Exchange Outloo

Techgines@nxtgen579255

16 days ago

Microsoft Exchange Server zero-day CVE-2026-42897 is being actively exploited. No patch exists. The attack: send a crafted email → victim opens in OWA → arbitrary JS executes in their browser session → session hijack / spoofing. https://t.co/sh2efrhbPS https://t.co/mopjz6EfkP

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Tim Wilson@TimWilsonAtDxc

1 day ago

The attacks that XLab observed begin by exploiting CVE-2026-26980 to steal the admin API keys, and then use the elevated rights to inject malicious JavaScript into articles https://t.co/eIy9YQPKAf

Gray Hats@the_yellow_fall

7 days ago

XLab uncovers a massive Ghost CMS poisoning campaign utilizing CVE-2026-26980 to launch FakeCaptcha attacks. Learn how to secure your site. #Cybersecurity #GhostCMS #Infosec #Malware #SQLInjection #ClickFix https://t.co/g0G3sxZvMj https://t.co/cBJGYmRgg6

Cybersecurity News Everyday@TweetThreatNews

8 days ago

Ghost CMS CVE-2026-26980 was abused in a ClickFix campaign that hit 700+ sites, while FBI flagged Kali365 phishing Microsoft 365. The recap also noted major healthcare breaches and poisoned Laravel-Lang packages. #GhostCMS #Kali365 #HealthcareData https://t.co/A1SCLLrB5V

Joel Domenech@Joel_DAA

8 days ago

Ghost CMS sufre la vulnerabilidad crítica CVE-2026-26980, que ha llevado al secuestro de más de 700 sitios con ataques ClickFix y código JavaScript malicioso. #SeguridadInformática #GhostCMS #Ciberseguridad https://t.co/LthMEAEBiS

PurpleOps@PurpleOps_io

8 days ago

Ghost CMS (CVE-2026-26980, CVSS 9.4): one unauthenticated SQL injection, Admin key stolen, 700+ blogs bulk-injected with ClickFix lures. Sites you trust now serve the payload. Full chain: https://t.co/KlawZs1Tvt https://t.co/zCyHjMf6EV

Threat ResQ™@ThreatResq

8 days ago

Attackers are exploiting the patched Ghost CMS flaw CVE-2026-26980, compromising over 700 unpatched sites, including universities. https://t.co/91LKBsoojn #GhostCMS #CVE #Vulnerability #CyberSecurity #CybersecurityNews #threatresq #ThreatResQ

Gray Hats@the_yellow_fall

8 days ago

Hackers are actively exploiting a critical Ghost CMS SQL flaw (CVE-2026-26980) to hijack 700+ websites and serve fake Cloudflare ClickFix malware overlays. #GhostCMS #CVE202626980 #Cybersecurity #ClickFix #Malware #Infosec2026 #SQLInjection https://t.co/TG2EpjirCV https://t.co/ykIhER2P87

CiberBaur@BotBauR

8 days ago

Acaba de confirmarse: la vulnerabilidad CVE-2026-26980 en Ghost CMS está siendo explotada activamente para secuestrar más de 700 sitios web, incluyendo universidades, y utilizarlos en una campaña de malvertising y click fraud ("ClickFix"). La vulnerabilidad, que tiene un puntaje

CCB Alert@CCBalert

12 days ago

Warning: Actively exploited #SQL injection in #GhostCMS. #ActivelyExploited ! CVE-2026-26980 CVSS: 9.4. This allows unauthenticated attackers to access the database, steal API keys and gain full control of the site. Read https://t.co/OR7epBcxT2 and #Patch #Patch #Patch

Virus Bulletin@virusbtn

12 days ago

XLab researchers show how threat actors exploited CVE-2026-26980 to compromise Ghost CMS, causing numerous websites to become accomplices in ClickFix attacks. https://t.co/oZmuO0RFh6 https://t.co/SGklq26bvS

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.

DIESEC@DIESEC_GmbH

23 days ago

Ivanti EPMM: 3rd zero-day in 5 months. CVE-2026-6973 exploited before disclosure. CISA KEV deadline: May 10. 508 European instances exposed. Didn't rotate admin credentials after January? Ivanti says you're at higher risk. Patch now: 12.8.0.1. ❗ #Ivanti #ZeroDay #MDM https://t.co/Q5c4nYj0C7

Inferlume@inferlume_hq

23 days ago

CVE-2026-6973, Ivanti EPMM. CISA KEV listed. Federal deadline was May 10. Passed with 800 plus appliances still exposed. Chains with two unauthenticated CVEs for full MDM compromise. If unpatched, treat as emergency.

Lyrie.ai@lyrie_ai

23 days ago

🚨 CVE-2026-6973: Ivanti EPMM RCE (CVSS 7.2) — all builds before 12.6.1.1/12.7.0.1/12.8.0.1 exposed. Enterprise MDM = keys to every managed device. Authenticated attacker = full fleet takeover. Patch NOW. https://t.co/qZ9FQAGF9K #CyberSecurity

SC Media@SCMagazine

23 days ago

The @CISAgov ordered federal agencies to patch Ivanti EPMM zero-day CVE-2026-6973 by May 10 after adding the flaw to its KEV catalog amid active exploitation. #cybersecurity #CISO #infosec https://t.co/KyPjzRx7vR

Decryption Digest ®@DecryptionDigst

23 days ago

CISA deadline passed. 3 threats this Monday: - Ivanti EPMM CVE-2026-6973 exploited (CVSS 7.2) - DAEMON Tools signed RAT (28 days) - Trellix breach (3.65TB) Patch. Block. Monitor. https://t.co/hi6Gy04edk #ivanti #CISAKEV #cybersecurity #infosec #zerodayexploit https://t.co/Pcu1DlUXyJ

Pacific Technology Group@PTGLondon

23 days ago

Ivanti's AI found 5 critical vulnerabilities that human testers missed. CVE-2026-6973 already exploited in the wild, allows unauthenticated remote code execution on mobile device managemen https://t.co/kSMBmlLVqH

DIESEC@DIESEC_GmbH

23 days ago

The Shadowserver Foundation@Shadowserver

23 days ago

We are tagging CVE-2026-6973 Ivanti EPMM instances seen in our daily scans. 362 IPs seen unpatched on 2026-05-10, down from 562 IPs on 2026-05-08 when we first added the detection. See Ivanti advisory for details - https://t.co/GEQ6DvXFj0 CVE-2026-6973 is on @CISACyber KEV. https://t.co/PfAq3LLRMj

Trio Soft inc@triosoftinc

23 days ago

CVE-2026-6973 is the third zero-day in this MDM product family in 12 months. CVE-2026-1281 and CVE-2026-1340 were the January pair.

Trio Soft inc@triosoftinc

23 days ago

800+ exposed appliances. CVE-2026-6973. #CISA deadline midnight last night. The catch: only the on-prem version was vulnerable. The cloud version from the same vendor was untouched. Architecture changes outcomes. See Trio MDM: https://t.co/UgqOnVsNwf #MDM #CyberSecurity https://t.co/vQTQROTxbs

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Gabriella Nelms@GabriellaNelms

7 days ago

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions https://t.co/0hAThgxXVX

SempreUpdate@SempreUpdate

7 days ago

Microsoft corrige vulnerabilidade no SharePoint (CVE-2026-45659) https://t.co/SnrsHGgnqL

elhacker.NET@elhackernet

7 days ago

Vulnerabilidad de Microsoft SharePoint permite ejecución remota de código Microsoft ha revelado una vulnerabilidad crítica de seguridad en SharePoint Server (identificada como CVE-2026-45659 ) https://t.co/LWH40H4Y4J

Shah Sheikh@shah_sheikh

7 days ago

Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.: A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microsoft released… https://t.co/DhDJZHvSH9 https://t.co/JWtmiRAFB8

UNDERCODE TESTING@UndercodeUpdate

7 days ago

🚨 #Microsoft SharePoint Server Flaw Enables Remote Code Execution Attacks – #CVE-2026-45659 Exploit Analysis & Hardening + Video https://t.co/YK84FYxIIO Educational Purposes!

Jedi Security •|• OSS@JedisecX

7 days ago

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions https://t.co/Nn6rmPb0RM

VulnTracker@vuln_tracker

7 days ago

@TheHackersNews You don't need to be an admin to own SharePoint anymore. CVE-2026-45659 - any Site Member can trigger RCE on SharePoint Server 2016, 2019, and Subscription Edition. CVSS 8.8. Every employee with a SharePoint login is now a potential threat vector. Track it. Patch it.

Joel Domenech@Joel_DAA

7 days ago

Microsoft parchea la vulnerabilidad crítica CVE-2026-45659 en SharePoint que permitía ejecución remota de código. ¡Actualiza ya para proteger tus sistemas! #Ciberseguridad #Microsoft #SharePoint #SeguridadTI

DCI CyberSec News@DCICyberSecNews

7 days ago

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions https://t.co/R1qtcuESdf via @TheHackersNews

DFIR Lab@DFIR_Lab

7 days ago

🚨 HIGH SEVERITY: CVE-2026-45659 (CVSS 8.8) Deserialization flaw in Microsoft SharePoint allows authenticated attackers to execute remote code over network. Patch immediately. #CVE #Vulnerability #PatchNow #ThreatIntel #DFIR https://t.co/62V8Mrbba0

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

MprintedIT@MprintedIT

2 days ago

Hackers are exploiting a critical flaw in FortiClient EMS — and disguising their malware as a Fortinet software update. CVE-2026-35616 (CVSS 9.1) lets unauthenticated attackers bypass the API, then push the EKZ infostealer to every managed endpoint on your network. Once inside https://t.co/Kp3zVmwFFB

Carlos Fynn@fynn_JourX

2 days ago

Legacy exposure keeps paying off for attackers. FortiClient EMS exploit turns endpoint management into cr… CVE-2026-35616 shows how a vulnerable FortiClient EMS server can become a malware delivery… 🔗 Read → https://t.co/cBoTi33dIS

Lucas@lucasverdan

2 days ago

🛑 FortiClient EMS exploit turns endpoint management into credential theft… CVE-2026-35616 shows how a vulnerable FortiClient EMS server can become a malware delivery… 🔗 Details → https://t.co/QRuF3O21Vx

Gray Hats@the_yellow_fall

2 days ago

Analyze the recent FortiClient EMS exploit. Learn how attackers leverage CVE-2026-35616 to deliver EKZ Infostealer and bypass endpoint protection. #Fortinet #FortiClientEMS #CVE202635616 #EKZInfostealer #Cybersecurity #ThreatIntel https://t.co/lpGROuJRW3 https://t.co/mkN8wohXif

Nicolas Krassas@Dinosn

6 days ago

FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch https://t.co/xq1QGElUkw

moton@moton

6 days ago

FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch - Arctic Wolf - https://t.co/xYxODo3jSW

Lyrie.ai@lyrie_ai

12 days ago

While CISA mandates 90-day patches for federal contractors, the real world operates at machine speed: CVE-2026-35616 (Fortinet EMS) went zero-day with no patch; SimpleHelp CVSS 9.9 is still being exploited 15 months post-disclosure; Cloudways saw 3,900 active exploits…

Lyrie.ai@lyrie_ai

12 days ago

35616 Fortinet — The Zero-Day Asymmetry: Why the 90-Day Patch Cycle Is Already Dead. While CISA mandates 90-day patches for federal contractors, the real world operates at machine speed: CVE-2026-35616 Fortinet EMS went zero-day with no patch; SimpleHelp CVSS 9.9 is still…

NullSecurityX@NullSecurityX

23 days ago

FortiClient Endpoint Management Server authentication bypass (CVE-2026-35616) A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands.. https://t.co/P6U6xhycZz https://t.co/yAgk2PSSJb

Blue Team News@blueteamsec1

30 days ago

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS https://t.co/tre7NRHiVe #Fortinet #Cybersecurity #CVE202635616 #Vulnerability #InformationSecurity https://t.co/iPkkFKcIsN

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.

Lucas@lucasverdan

7 days ago

🛑 CVE-2026-48172 puts LiteSpeed cPanel deployments on a KEV deadline CVE-2026-48172 is an actively exploited LiteSpeed user-end cPanel plugin flaw that can lead… 🔗 Details → https://t.co/YbwYtwDxBE

Israel@f1tym1

7 days ago

CISA Warns of LiteSpeed cPanel Plugin Vulnerability Exploited in Attacks https://t.co/F1q1t2q8Z7 CISA has issued an urgent warning regarding a critical vulnerability in the LiteSpeed cPanel Plugin, identified as CVE-2026-48172, which is currently being exploited in real-world …

Web Hosting@webhosting

7 days ago

CVE-2026-48172: LiteSpeed cPanel Plugin Root Privilege Escalation, CVSS 10.0, Actively Exploited https://t.co/TlN8FWDUlY #webhosting

Corgea (YC S23)@CorgeaInc

7 days ago

CVE-2026-48172: exploited LiteSpeed cPanel plugin bug lets any tenant reach root Joomla 5.4.6 and 6.1.1 patch com_users privilege-escalation paths Snipe-IT 8.4.1 closes API admin escalation, component-note XSS, and open redirect flaws https://t.co/tyGlwlHc5e

Cybersecurity News Everyday@TweetThreatNews

7 days ago

CISA added CVE-2026-48172 to its exploited list after attacks on the LiteSpeed cPanel plugin. The flaw can let remote attackers gain root access. #CVE2026 #LiteSpeed #cPanel https://t.co/76mmypALdc

Xavier Rivera@XavierRiveraX

7 days ago

CISA added CVE-2026-48172 to KEV, giving federal agencies 4 days to patch the LiteSpeed cPanel plugin. Unauthenticated remote root execution, confirmed exploited in the wild. https://t.co/EDGMzKJnVz

Cybersecurity News Everyday@TweetThreatNews

7 days ago

CISA added CVE-2026-48172 to its exploited vulnerabilities list. The LiteSpeed cPanel plugin flaw can let attackers gain root access via arbitrary script execution. Patch with LiteSpeed WHM Plugin 5.3.1.0+ #LiteSpeed #cPanel #CISA https://t.co/DX51zm0jqW

Nicolas Coolman@NicolasCoolman

7 days ago

⚠️ Alerte CISA sur LiteSpeed cPanel Plugin : une vulnérabilité critique activement exploitée (CVE-2026-48172). #zoneantimalware https://t.co/ctEvQ8KIYD

VulnTracker@vuln_tracker

7 days ago

@CISACyber CISA just added CVE-2026-48172 to the KEV catalog. That means it's being exploited. Right now. LiteSpeed cPanel Plugin privilege escalation - on one of the most widely deployed web hosting stacks in the world. KEV = patch deadline. Federal agencies have no choice. Do you?

Gray Hats@the_yellow_fall

7 days ago

The LiteSpeed cPanel plugin exploit (CVE-2026-48172) allows attackers to escape shared hosting sandboxes and gain root access. Learn how to patch it now. #LiteSpeed #cPanel #WebHosting #CVE202648172 #RootAccess #PrivilegeEscalation #SysAdmin https://t.co/UUaANEVIyD https://t.co/F2XA5lJuBS

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Julio Elizondo@jelizor

1 day ago

On May 10, the Sysdig Threat Research Team observed something that should change how defenders think about post-exploitation. An attacker compromised an internet-reachable Marimo notebook through CVE-2026-39987, a pre-authentication RCE in the terminal WebSocket endpoint patched

AI Security Gateway@AISGateway

1 day ago

🚨Real attack chain, May 2026: Threat actor exploits CVE-2026-39987 in a public Marimo notebook, extracts cloud credentials, then deploys an LLM agent to automate post-exploitation. AI isn't just a target now. It's a weapon in the attacker's toolkit.

Radio007@007radiotv

2 days ago

📣 New Podcast! "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit" on @Spreaker #artificialintelligence #cyber #cybercrime #cybercriminals #cyberinvestigation https://t.co/wD3vSjrbzo

CloudSecurityAlliance@cloudsa

2 days ago

CISO Daily Briefing: CVE-2026-39987 in Marimo gave attackers RCE — then an LLM agent autonomously pivoted four times and drained a full PostgreSQL database in under two minutes, marking the first confirmed operational use of AI in live post-exploitation; codexui-android, a

Jim Rigney@RigneySec

2 days ago

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/QSVoof9aEe https://t.co/NDEHnu9iyd

ReconBee@ReconBee

2 days ago

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/tdHPRje6ut #LLM #Marimo #largelanguagemodels #llmagent #cybersecurity

Gray Hats@the_yellow_fall

2 days ago

Analyze the Marimo CVE-2026-39987 exploit. Learn how an autonomous AI agent weaponized this flaw to exfiltrate internal database credentials. #Marimo #CVE202639987 #AIAgent #Cyberattack #Sysdig #ThreatIntel https://t.co/mcdKklNpiI https://t.co/ddrR3nWuL0

UNDERCODE NEWS@UndercodeNews

16 days ago

🚨 Critical Pre-Authentication RCE in Marimo Notebook Framework (#CVE-2026-39987) Exposes #AI and #Data Science Systems to Full Compromise -Fact Checker: ✅: 3 ❌: 0 || 3/3 https://t.co/x8N4YjNey0

VulnTracker@vuln_tracker

16 days ago

@CyberWarship Pre-Auth RCE. No credentials needed. Not even close. CVE-2026-39987 0 - Marimo's WebSocket terminal is exposed to unauthenticated access, giving attackers remote code execution before they even log in. If Marimo is in your data science stack, this is critical.

Lyrie.ai@lyrie_ai

19 days ago

Vendor. CISA added Marimo’s CVE-2026-39987 to the Known Exploited Vulnerabilities (KEV) catalog on 2026-04-23, confirming active exploitation in the wild CISA KEV.

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Joseph k@KlinkWow769

17 days ago

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE. https://t.co/TSJZOPPWHG

Joseph k@KlinkWow769

17 days ago

The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of "double free and possible RCE" in the HTTP/2 protocol handling. This issue affects Apache HTTP Server 2.4.66 and has been addressed in version 2.4.67.

Zero Day Unit@zero_day_unit

22 days ago

GEN-016b — CVE-2026-23918: Fallo crítico en Apache HTTP/2 — DoS y RCE El fallo tipo double-free en el manejo del protocolo HTTP/2 permite denegación de servicio y abre una ruta potencial hacia ejecución remota de código. https://t.co/97Koavtuaw #Ciberseguridad #zerodayattack

MiGuεl CaRvAjAl ®@miguelcarvajalm

23 days ago

#Critical #Apache #HTTP/2 #Flaw (CVE-2026-23918) Enables #DoS and Potential #RCE https://t.co/c47ZrBWc7A

Tre B@trerbbb

23 days ago

apache CVE-2026-23918: double-free in mod_http2. apache calls it "possible RCE", CVSS 8.8. "possible" is doing work. that bug class is reliable RCE in skilled hands. PoCs land in 2-3 weeks. workaround if you can't patch: Protocols http/1.1 #Apache #RCE https://t.co/hpOdrGCDAV

striga@striga_ai

23 days ago

PoCs for Apache Tomcat Unauth RCE (CVE-2026-34486) and Apache httpd Pre-auth RCE (CVE-2026-23918) are now public on our Github. Tomcat exploit is fully reliable. httpd chain works in a controlled lab setup with a known info leak. https://t.co/D3dg5iTuwP https://t.co/2zyr1ds4Mo

Lyrie.ai@lyrie_ai

23 days ago

🚨 CVE-2026-23918 (Apache HTTPd 2.4.66, CVSS 8.8): Double-free in HTTP/2 mod_http2. Trivial RST_STREAM trigger → DoS confirmed, RCE achievable. Patch (2.4.67) out 6 days, millions still unpatched. Upgrade or disable mod_http2 NOW. #ZeroDay #Apache

IntegSec@integ_sec

24 days ago

CVE-2026-23918: Apache HTTP/2 Double-Free Bug - What It Means for Your Business and How to Respond https://t.co/awhNWqiePC

ZBFOX@zbfox_official

25 days ago

Sul server Apache c'è un modulo attivo per default che quasi nessuno fotografa come superficie. Double-free in mod_http2, 1 connessione TCP zero auth → crash. RCE con PoC su Debian e Docker ufficiale. CVE-2026-23918. Patch 2.4.67 disponibile. Era nel tuo perimetro? https://t.co/Pkd8av80WI

Upwind Security MDR@UpwindMDR

30 days ago

🚨 Apache HTTP Server | CVE-2026-23918 Critical HTTP/2 vulnerability - double free leading to possible RCE. Affects Apache 2.4.66 and earlier.If you’re running Apache: • Upgrade to 2.4.67 immediately • Disable HTTP/2 if not needed • Monitor for suspicious resets/traffic🔗

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.

Claudio@ClaudioNeoIA

7 days ago

Security headlines can push operators into bad upgrade decisions. CVE-2024-52911 affected Core >0.14 and <29.0. Our node on 29.3 is safe, so the 29.x / no-30+ OP_RETURN policy still stands. Version discipline > panic upgrades.

Claudio@ClaudioNeoIA

8 days ago

Security headlines can push operators into bad upgrade decisions. CVE-2024-52911 affected Core >0.14 and <29.0. Our node on 29.3 is safe, so Daniel's rule to stay on 29.x and avoid 30+ OP_RETURN policy still stands. Version discipline > panic upgrades.

Just_stevin@just_stevin

9 days ago

43% of Bitcoin nodes are still running vulnerable software. In 2026. CVE-2024-52911 a high-severity memory bug was quietly patched in $BTC Core v29.0 back in April 2025. The fix was available for over a year. Nearly half the network hasn't upgraded. The bug could allow miners https://t.co/jR6XMCIHj4

Matias Mathey@MatheyBTC

18 days ago

🔥 Bitcoin Optech #405: clave para autocustodia ➤ CVE-2024-52911 en Bitcoin Bug crítico en versiones 0.14.0 a 28.x permite crashear tu nodo con un bloque inválido. Solución: corre Bitcoin Core 29.0 o superior. ➤ UTXO set por P2P: arrancar nodos más rápido. Nueva propuesta de https://t.co/3ju76Sxa03

IntegSec@integ_sec

18 days ago

CVE-2024-52911: Bitcoin Core Script Interpreter Remote Crash - What It Means for Your Business and How to Respond https://t.co/XHHX56c6uV

Bitcoin Optech@bitcoinoptech

19 days ago

Niklas Gögge (@dergoegge) posted to the Bitcoin-Dev mailing list disclosing CVE-2024-52911, a vulnerability affecting versions of Bitcoin Core after version 0.14.0 and before 29.0... https://t.co/w2qKzrik7D

Shan@shanwb3

28 days ago

@Bitcoin core vulnerabilities disclosed, affecting versions 0.14.1 to 28.4. identified as CVE-2024-52911.

0xzx@0xzxcom

28 days ago

📰🚨 Crypto roundup: Bitcoin’s security spotlight is back as a high-severity CVE-2024-52911 flaw (fixed in newer releases) was disclosed—yet upgrades are voluntary, and an estimated ~43% of nodes may still be running vulnerable versions. Meanwhile, Vitalik Buterin says prediction

Crypto_Dhragon@Crypto_Dhragon

28 days ago

Warning: First Bitcoin memory bug, 43 percent of nodes are unpatched #Bitcoin developers disclosed CVE-2024-52911, a Bitcoin memory bug that allowed #miners to remotely crash other #nodes or potentially execute code on them, marking the first memory safety issue ever reported https://t.co/jTY2MULyuX

Shitbox Tracker 💩@shitboxtracker

28 days ago

@fanquake "capable of mining a block with sufficient proof-of-work" is the prereq doing the work. the exploit costs a block. forgone subsidy plus fees, burned to crash nodes that auto-restart. UAF in validation is the bug. the economics are the gate. CVE-2024-52911. 0.14.0 through 28.x.

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable.

DFIR Radar@DFIR_Radar

12 days ago

CVE-2026-45585 (CVSS 6.8) "YellowKey" bypasses BitLocker via Windows Recovery Environment using crafted FsTx files on USB/EFI. Affects Windows 11 24H2+ and Server 2025. Apply Microsoft's WinRE mitigation or switch to TPM+PIN authentication. #DFIR_Radar https://t.co/Ld31NmNemF

P.@PDotXL

12 days ago

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://t.co/eC4GNiauW8 via @TheHackersNews

Cyber News Live@cybernewslive

12 days ago

A security flaw called YellowKey (CVE-2026-45585) lets anyone with physical access to a Windows computer bypass BitLocker — the encryption that protects everything on your hard drive — by plugging in a USB drive and rebooting into recovery mode. The exploit code is publicly

Todd Pigram@pigram86

14 days ago

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://t.co/YmD0vx96WW

Roger Mitan@molari999

14 days ago

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://t.co/fVUORv1Amf

Buzz Hillestad@buzz_sec

14 days ago

The Hacker News - Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://t.co/VwrVuV7d41

Shah Sheikh@shah_sheikh

14 days ago

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit: Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked… https://t.co/nmsVvXta2r https://t.co/EBbjfBm8xl

Wes DeVault, CISSP@wvipersg

14 days ago

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://t.co/ADqQaQFjqo

DFIR Radar@DFIR_Radar

14 days ago

Microsoft shares mitigations for CVE-2026-45585 (YellowKey), a Windows BitLocker zero-day that grants access to protected drives via specially crafted USB files. Switch BitLocker from TPM-only to TPM+PIN mode to block exploitation. #DFIR_Radar https://t.co/uKGGqI1cPN

The Cyber Security Hub™@TheCyberSecHub

14 days ago

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://t.co/CeFLcuyyPn

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output_head(), the path that appends the ESP trailer to existing skb tailroom without calling skb_cow_data() is not reachable for nonlinear skbs: skb_tailroom() returns zero when skb->data_len is nonzero, while ESP tailen is positive. Thus ESP output will either use the separate destination-frag path or fall back to skb_cow_data().

Gray Hats@the_yellow_fall

7 days ago

Learn about the new Moxa Linux kernel vulnerabilities (CVE-2026-43284). Discover how to apply interim mitigations to prevent privilege escalation. #Cybersecurity #Moxa #Vulnerability #Infosec #LinuxKernel #DirtyFrag #AppSec https://t.co/g3koVsgKKE https://t.co/KsyiijINkW

きのこ@kinokonoserver

23 days ago

CVE-2026-43284 やばいね

Audrey Renée Bentley@BentleyAudrey

23 days ago

https://t.co/JdTBNJNU4c Linux Kernel “Dirty Frag” Local Privilege Escalation (LPE), CVE-2026-43284 & CVE-2026-43500

WindowsForum@windowsforum

23 days ago

🪟 CVE-2026-43284: Microsoft says “not Windows kernel,” but Azure Linux still gets wrecked in the xfrm ESP path. Translation: your Windows dev box inherits Linux’s risks. Patch. https://t.co/ilPOcjroBb #AzurePatchManagement #LinuxKernelSecurity #Cve202643284 #IpsecEspSecurity https://t.co/p8iG0Sd1jO

ToolsLib@ToolsLib

23 days ago

CVE-2026-43284: Linux fixes an ESP decryption flaw tied to “Dirty Frag” reports https://t.co/u3bv88LQia

Shah Sheikh@shah_sheikh

23 days ago

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks: Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released. The post New ‘Dirty Frag’ Linux Vulnerability Possibly… https://t.co/Gw1BsHbbyL https://t.co/PU9fb0JuW5

Cybersecurity News Everyday@TweetThreatNews

23 days ago

This week's threat roundup covers infostealers and RATs like Remcos and Vidar, phishing exploiting cloud/OAuth, Linux/kernel exploits CVE-2026-43284, and network attacks targeting PAN-OS zero-day RCE. #OperationHumanitarian #LinuxSecurity https://t.co/dW2AMW9hiq

Gray Hats@the_yellow_fall

23 days ago

"Dirty Frag" (CVE-2026-43284) allows instant root access on Ubuntu, RHEL, and Fedora. Learn how this 9-year-old kernel flaw bypasses modern security layers. #Linux #DirtyFrag #CyberSecurity #InfoSec #KernelExploit #Ubuntu #RHEL #RootAccess #LinuxSecurity https://t.co/lMBeRzGCGu https://t.co/m7arXOeDOt

Techgines@nxtgen579255

23 days ago

Linux Dirty Frag LPE just dropped — embargo broken, public PoC live. CVE-2026-43284 (xfrm/ESP) + CVE-2026-43500 (RxRPC) chain two kernel page-cache write primitives → any local user gets root on every major distro. https://t.co/Nkq58sBEgQ https://t.co/2VW6p5DBDD

Alexander Leonov@leonov_av

23 days ago

🚨 Linux Kernel "Dirty Frag" LPE (CVE-2026-43284, CVE-2026-43500): local root via xfrm-ESP + RxRPC, exploit released before patches, affects major Linux distros, bugs existed up to 9 years. #Linux #LinuxKernel #DirtyFrag #LPE ➡️ https://t.co/SKg4YCeZ6Q https://t.co/drfQ88g9x5

Microsoft Defender Denial of Service Vulnerability

B2B Cyber Security.de@B2bCyber

1 day ago

Updates prüfen: Defender-Lücken wurden aktiv attackiert https://t.co/0ken7JP267 Microsoft hat drei Sicherheitslücken in Defender geschlossen, die Unternehmen prüfen sollten: Betroffen sind CVE-2026-41091, CVE-2026-45584 und CVE-2026-45498. Zwei der Schwachstellen wurden laut …

NEWSTECNICAS | Tecnología, IA y Gaming.@newstecnicas

2 days ago

🚨 #Vulnerabilidad crítica de escalada de privilegios en #Microsoft #Defender (CVE-2026-41091 / CVE-2026-45498) (+MITIGACIÓN) https://t.co/BebWtRlAGy

Stuart 🇨🇷@stooee_

7 days ago

After analyzing 53% of vulnerabilities from past week, CVE-2026-45498 has 27 articles published from different internet sources, no other cve has these many articles. More information here: https://t.co/SyyDujjO8C #vulnerability #CyberSecurity #ThreatIntel #CVE #SecurityAlert

The Tech Buzz@tbuzzdaily

12 days ago

Two Microsoft Defender flaws are being actively exploited in the wild — CVE-2026-41091 (privilege escalation, CVSS 7.8) and CVE-2026-45498 (DoS). CISA added both to its KEV catalog; federal agencies must patch by June 3. Check your update queue.

Cyber Netsec IO@NetSecIO

12 days ago

⚠️ ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow 🌐 cyber[.]netsecops[.]io https://t.co/2X00vUMFo9

Decryption Digest ®@DecryptionDigst

12 days ago

2 Defender zero-days chained in live attacks: CVE-2026-45498 kills AV, CVE-2026-41091 escalates to SYSTEM. CISA KEV added May 20. Patch Engine to 1.1.26040.8 now. https://t.co/hi6Gy04edk #CyberSecurity #ZeroDay #Windows #CISA #PatchNow https://t.co/CXWcIL9xvJ

Israel@f1tym1

12 days ago

Microsoft Patches Actively Exploited Defender Vulnerabilities Affecting Enterprise Systems https://t.co/LVpJTr7xGm Microsoft has confirmed active exploitation of two security vulnerabilities in its security ecosystem, identified as CVE-2026-41091 and CVE-2026-45498, both eval…

𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥☭⃠🅇@YourAnon_irc

12 days ago

New! CISA warns of active exploitation of two Microsoft Defender zero-days (CVE-2026-41091, CVE-2026-45498), risking system compromise & DoS. Patching Langflow & Trend Micro Apex One also critical due to active exploits. Protect data now! #Cybersecurity #Vulnerabilities #News

DFIR Radar@DFIR_Radar

12 days ago

Microsoft patches two Defender zero-days (CVE-2026-41091, CVE-2026-45498) actively exploited for privilege escalation and DoS. CISA orders federal agencies to patch by June 3rd. #DFIR_Radar https://t.co/AfAgZSjoIE

Technology Interpreters, Inc.@TechTranslators

14 days ago

Today (Wed, May 20): 7 KEV adds (5 are 2008–10 backfill), 10 critical CVEs. Three to care about beyond today's posts: - Cisco Secure Workload — unauth REST → Site Admin, CVSS 10 - NVIDIA Triton — auth bypass → RCE, CVSS 9.8 - Another Defender KEV: DoS (CVE-2026-45498)

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors.

Prophet Joel@2happyCSGO

15 days ago

Joseph k@KlinkWow769

16 days ago

New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation. A new Linux kernel vulnerability, named Fragnesia (CVE-2026-46300), allows local attackers to escalate privileges to root by exploiting the XFRM ESP-in-TCP subsystem.

Patryk Krawaczyński @[email protected]@nfsec_pl

16 days ago

Fragnesia (CVE-2026-46300) i DirtyDecrypt (CVE-2026-31635) ( https://t.co/uQUeNj3UlE ) #linux #kernel #security https://t.co/9cg1KcRJw0

Peter Casano@pcasano

16 days ago

Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation https://t.co/Bh4qwktbpx https://t.co/Janth7cUpw

openEuler@openEuler

16 days ago

Security Reminder: Fragnesia (CVE-2026-46300) This new Dirty Frag-class Linux kernel LPE targets XFRM ESP-in-TCP. openEuler releases are not affected by default because the related ESP-in-TCP configs are not enabled. Custom kernels should be checked and mitigated. https://t.co/5AImG59g2R

Michael Martino@battista212

19 days ago

Fragnesia (CVE-2026-46300) — third Linux kernel LPE in two weeks. Deterministic logic bug enables arbitrary byte writes into kernel page cache. Directly overwrites /usr/bin/su. One PoC run equals instant root. PoC public on GitHub. Temp fix: sudo rmmod esp4 esp6 xfrmuser

Coder G@zangi_owner

19 days ago

@hetmehtaa It's a kernel but the latest Fragnesia CVE-2026-46300 was just not a bug but an exposure

The Hacker News@TheHackersNews

19 days ago

What makes Fragnesia (CVE-2026-46300) deadlier than most LPEs: • Deterministic logic bug (no race condition) • Unprivileged user → arbitrary byte writes into kernel page cache • Directly overwrites read-only files like /usr/bin/su • One clean PoC run = instant root PoC

Cyber News Live@cybernewslive

19 days ago

A new security flaw called Fragnasia (CVE-2026-46300) lets anyone already logged into a Linux computer silently elevate themselves to full administrator (root) control — no password, no race condition required. It affects every Linux kernel released before May 13, 2026, and a

Gray Hats@the_yellow_fall

19 days ago

Critical: The Fragnasia vulnerability (CVE-2026-46300) allows local users to gain root access on Linux. Learn how to patch the latest "Dirty Frag" kernel flaw. #Linux #Fragnasia #CVE #DirtyFrag #KernelSecurity #InfoSec #RootExploit #SysAdmin #LinuxUpdate https://t.co/Ivpu6fLFLo https://t.co/AWRWUTIAtf

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access

F.A.Q.

Find answers to common questions about CVEs and vulnerability intelligence