What is CVE Radar and how does it work?

CVE Radar is a free vulnerability intelligence platform by SOCRadar that provides real-time threat context for every CVE identifier. It aggregates data from the National Vulnerability Database (NVD), exploit databases, threat actor activity feeds, and SOCRadar's proprietary intelligence corpus. For each CVE, it surfaces exploit availability, active exploitation evidence, CVSS scores, affected product versions, and patch status — updated hourly so your team always works with current risk data.

How do I search for a specific CVE or vulnerability?

Enter a CVE identifier (e.g. CVE-2024-12345) or a product name directly into the search bar. CVE Radar returns the full vulnerability profile: severity score, affected versions, exploit availability, vendor patch status, and whether the vulnerability is being actively exploited in the wild. You can also browse trending CVEs on the landing page to identify which vulnerabilities threat actors are currently targeting.

What does 'exploit available' mean in CVE Radar?

The 'exploit available' flag indicates that working exploit code for this CVE has been identified in public repositories (GitHub, Exploit-DB, Metasploit modules) or underground forums. A CVE with a public exploit is substantially more dangerous than one without — attackers can weaponize it with minimal effort. CVE Radar distinguishes between proof-of-concept (PoC) code and fully weaponized exploits used in active attacks.

How is CVE Radar different from the NVD or Mitre database?

The NVD and Mitre databases are authoritative vulnerability registries but they only provide base metadata. CVE Radar enriches each entry with real-world threat intelligence: active exploitation signals from honeypot and telemetry networks, exploit code references, threat actor targeting patterns, and vendor patch release timing. This context transforms a raw severity score into an actionable priority — helping security teams distinguish which CVEs require immediate patching from which can follow a normal patch cycle.

Is CVE Radar free? Do I need to create an account?

CVE Radar is completely free to use. No account, credit card, or software installation is required. You can search any CVE identifier or product name and view full vulnerability profiles instantly. Advanced features such as bulk CVE monitoring, alerting, and integration into security workflows are available through the SOCRadar platform.

Welcome To CVE Radar

Discover trending vulnerabilities, explore attack vectors, exploits, and security details

Top CVE Trend (Last 30 Days)

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Threat Signal@ThreatSignal_IN

8 days ago

@Unit42_Intel Brutal oversight on the reused portal certificates for CVE-2026-0257. For anyone hunting this today, check your GlobalProtect logs for gateway-connected events using suspicious host IDs like WINDOWS-LAPTOP-001 or DESKTOP-GP01. Edge persistence is escalating fast.

ADK Cyber@ADKCyber

16 days ago

New on the blog — When the Front Door Has a Skeleton Key: The GlobalProtect Authentication Bypass (CVE-2026-0257). An unauthenticated bypass on Palo Alto Networks GlobalProtect that lets attackers mint valid VPN sessio… https://t.co/eUxz2ZMUxb https://t.co/fYQappMTf6

Cyber Netsec IO@NetSecIO

16 days ago

⚠️ Active Exploitation Alert! Unidentified actors are exploiting PAN-OS auth bypass CVE-2026-0257 to access GlobalProtect VPNs. CISA KEV listed. Patch or apply mitigations immediately to prevent unauthorized access. #PANOS #CVE #CyberSecurity 🌐 cyber[.]netsecops[.]io https://t.co/rXQohu6HJS

ProtAAPP - Protege las AAPP@ProtAAPP

16 days ago

Palo Alto Networks Unit 42 ha detectado la explotación activa de la vulnerabilidad CVE-2026-0257 en PAN-OS, que permite a atacantes no autorizados eludir controles de seguridad y establecer conexiones VPN. Se recomienda revisar el asesoramiento de… https://t.co/DIco2XggnP https://t.co/6obTvXYpIX

Sami Laiho@samilaiho

16 days ago

CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers https://t.co/Wnumz9Rh3R

Sami Laiho@samilaiho

16 days ago

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation https://t.co/G7kv2tydMC

Cyber Research@Cyb3rR3s34rch

17 days ago

Originally from Unit 42: Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 https://t.co/jMmw45YFb5 ( :-{ı▓ #unit42 #threathunting #cyberresearch https://t.co/PFFWNTWTik

sean walker@seanwalker64354

19 days ago

🚨 CISA just raised the alarm on CVE-2026-0257 https://t.co/8PNAXneKrG via @YouTube

VulnTracker@vuln_tracker

19 days ago

@HunterMapping CVE-2026-0257 blast radius update: 2,800,000. That's how many PAN-OS services are publicly exposed. Every one of them a potential target for the GlobalProtect auth bypass. Forged cookies. Silent logins. 2.8 million attack surfaces. This CVE keeps getting bigger.

Cyber Edition@CyberEdition

20 days ago

🚨CISA says attackers are actively exploiting PAN-OS flaw CVE-2026-0257 to bypass authentication and hijack VPN sessions on Palo Alto firewalls. Internet-facing GlobalProtect systems are at high risk. Patch immediately. Read more https://t.co/xoD486cbXr #PaloAlto #CyberSecurity

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Dr.Philippe Vynckier, CISSP - Influencer@PVynckier

8 days ago

Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) - Help Net Security https://t.co/8IocuTv4Cd

Threat Signal@ThreatSignal_IN

8 days ago

For those diving into the repo: The bypass (CVE-2026-50751) exploits a certificate validation logic flaw in deprecated IKEv1. Critically, this is actively being leveraged by Qilin ransomware affiliates. Check your edge logs starting May26. Full detection engineering logic above👆

Divinmentis@Divinmentis

11 days ago

🛡️ CISA KEV alert: CVE-2026-50751 affects Check Point Security Gateways using deprecated IKEv1 remote-access flows. CISA says it can let unauthenticated attackers establish VPN access and lists known ransomware use. Due date: June 11. #VPN #Ransomware #KEV https://t.co/CD1Crl5ez0

FOFA@fofabot

12 days ago

⚠️⚠️ CVE-2026-50751 (CVSS 9.3): Deprecated IKEv1 Remote/Mobile Access certificate validation flaw may let unauthenticated attackers bypass VPN authentication (active exploitation reported). 🔗FOFA Link: https://t.co/upqBuLfIIu 🎯34.8K+ Results are found on https://t.co/NBEEGu6H0b https://t.co/1BJPi9xolY

Centro Ciberseguridad Andalucía. CIAN@CentroCiberAND

12 days ago

🚨 #AlertaSOC Vulnerabilidades críticas con explotación activa en Check Point VPN. ⚠️ El fallo CVE-2026-50751 permite a un atacante remoto no autentificado conexión VPN en remoto sin credenciales en Mobile y Remote Access. Actualiza tus sistemas 🔗 https://t.co/0V674l9IQR https://t.co/oNKPZZvyHO

𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥☭⃠🅇@YourAnon_irc

12 days ago

Critical #Cybersecurity threats: Check Point VPN zero-day (CVE-2026-50751) actively exploited, HTTP/2 "Bomb" (CVE-2026-49160) DoS impacts web servers. Redis RCE & Cisco UC RCE threaten data privacy/integrity in transit. Patch now! #News #Vulnerabilities

DFIR Radar@DFIR_Radar

12 days ago

CVE-2026-50751 authentication bypass in Check Point VPN exploited by Qilin ransomware affiliates since May 7. Affects gateways using deprecated IKEv1 with legacy clients. Disable IKEv1 and audit VPN logs from May immediately. #DFIR_Radar https://t.co/B3ixHwgICO

Daily CyberSecurity@the_yellow_fall

13 days ago

Discover the critical Check Point VPN vulnerability (CVE-2026-50751). Learn how Qilin ransomware actors bypass auth gates and how to patch. #CheckPoint #VPNSecurity #CVE202650751 #QilinRansomware #InfoSec #Cybersecurity #TechNews https://t.co/4bw29U9CHa https://t.co/S0bvlwHRPR

Aviatrix Threat Research Center@aviatrixtrc

13 days ago

Qilin ransomware affiliates exploited CVE-2026-50751 to bypass Check Point VPN authentication, establishing unauthorized remote access through deprecated IKEv1 protocols. Attackers moved laterally through internal systems before deploying encryption payloads. Runtime segmentation

Elusive@ElusivePrivacy

13 days ago

Check Point VPN zero-day Check Point VPN auth bypass is being exploited in the wild. CVE-2026-50751, CVSS 9.3. Unauthenticated attackers can establish a Remote Access VPN session with no valid password. Affects only IKEv1-configured gateways (Mobile Access/SSL VPN, Remote Access

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

broadfield-dev@broadfield_dev

5 days ago

@EddCoates update your NGINX to greater than 1.30.2 NGINX Rift (CVE-2026-42945)

araintel.com@araintelhacking

8 days ago

NGINX Rift (CVE-2026-42945): cuando una vulnerabilidad en el proxy se convierte en un problema de plataforma | Juan Almodóvar | Lee esta publicación y más en la web de Araintel https://t.co/4yg0eUXzkC

E.T.I.D.O of K.A.D.U.N.A💙🧡🤍@GoodnessEdet16

8 days ago

I just completed CVE-2026-42945: Nginx Rift room on TryHackMe! Exploit NGINX Rift, an unauthenticated heap overflow RCE in NGINX's rewrite module since 2008. https://t.co/1Bhc2Izz3d #tryhackme via @tryhackme

Lyrie.ai@lyrie_ai

15 days ago

05:09 UTC: Lyrie Sentinel flagged it. 0day Intel: ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffe

Lyrie.ai@lyrie_ai

15 days ago

08:06 UTC: First exploit attempt in the wild. 0day Intel: ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffe

Lyrie.ai@lyrie_ai

15 days ago

05:20 UTC: Thread live on @lyrie_ai. 0day Intel: ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffe

Lyrie.ai@lyrie_ai

16 days ago

Vendor. Source: X search for CVE-2026 critical Posted: 2026-05-19T20:34:16.000Z Likes: 24 Heads up if you run NGINX:⚠️ A critical flaw (CVE-2026-42945) is being actively exploited right now.

Roman@mrBr4un

17 days ago

I just completed CVE-2026-42945: Nginx Rift room on TryHackMe! Exploit NGINX Rift, an unauthenticated heap overflow RCE in NGINX's rewrite module since 2008. https://t.co/9A0VRuDMHC #tryhackme через @tryhackme

AlmaLinux@AlmaLinux

18 days ago

nginx has a critical vuln (CVE-2026-42945). Patched packages are live for AlmaLinux 8, 9, 10 & Kitten 10. Two commands and a restart and you're done. Don't sleep on this one! https://t.co/VYOqD5SumV

N_{Dario Fadda}@nuke86

18 days ago

✨ CVE-2026-42945 (NGINX Rift): vulnerabilità critica attivamente sfruttata — aggiornare subito Leggi il blog: https://t.co/ldVK76htgC https://t.co/wjBCDnXylw

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.

@pedri77@pedri77

1 day ago

CVE-2026-20253 is a CVSS 9.8 pre-auth flaw in Splunk Enterprise's PostgreSQL sidecar service. An unauthenticated attacker can write files and chain the primitive to RCE. A public PoC exists; no workaround, patch onl... https://t.co/dZ5zCozCgm

ﮩ٨ـﮩ𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥 𝕏ﮩ٨ــ@AnonNews_irc

8 days ago

US-Iran peace talks advance, but Beirut attack raises tensions. Meanwhile, a critical Splunk RCE flaw (CVE-2026-20253) and Oracle PeopleSoft zero-day exploited by ShinyHunters demand urgent attention. #Cybersecurity #Geopolitics #News

Upwind Security MDR@UpwindMDR

8 days ago

🚨Critical - Splunk Enterprise PostgreSQL Sidecar Arbitrary File Create/Truncate (CVE-2026-20253) An unauthenticated remote attacker can create or truncate arbitrary files on the server through the PostgreSQL sidecar service endpoint due to missing authentication controls. This

SecureChap@SecureChap

8 days ago

CVE-2026-20253 scores 9.8 because Splunk Enterprise versions below 10.2.4 and 10.0.7 ship a PostgreSQL sidecar whose recovery endpoints require no authentication. The endpoints /v1/postgres/recovery/backup and /v1/postgres/recovery/restore accept unauthenticated requests over

Joel Domenech@Joel_DAA

8 days ago

Splunk corrige una falla crítica (CVE-2026-20253) que permitía ejecución remota de código sin autenticación. La vulnerabilidad tiene una severidad de 9.8 CVSS. ¡Actualiza tu sistema ya! #Ciberseguridad #Splunk #Vulnerabilidad #SeguridadTI https://t.co/Nu3oyKzvSs

Marcell Ujlaki@UjlakiMarci

8 days ago

🟥 CVE-2026-20253, CVSS: 9.8 (#Critical) Splunk Enterprise and Cloud Platform a missing authentication for a PostgreSQL sidecar service endpoint an unauthenticated user can invoke file operations to create or truncate arbitrary files on the system https://t.co/mGBAclSo14 https://t.co/hDrdChj0yo

CyDhaal@CyberDhaal

8 days ago

Splunk Enterprise Pre-Auth RCE Chain Exposed https://t.co/MYmGs46LBc #SOC #Splunk @RCE #CVE-2026-20253 #CVSS #9.8 https://t.co/CjBztrQZ17

Eyal Estrin ☁️@eyalestrin

9 days ago

Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://t.co/F1sx5I50MU #patchmanagement

YogSotho@YogSoth0

9 days ago

CVE-2026-20253 — Splunk Enterprise/Cloud PostgreSQL Sidecar Service Exploitation Framework Military-grade multi-stage RCE exploitation: Stage 1: /backup endpoint with hostaddr injection → dump attacker DB to arbitrary file Stage 2: /restore endpoint with passfile

Zero Day Wire@zerodaywire

9 days ago

🚨 Splunk Enterprise CVE-2026-20253: PostgreSQL Sidecar Flaw Enables Unauthenticated RCE 🔗 https://t.co/uOOXBGkH2a #cybersecurity #infosec #threatintel https://t.co/YD2X3HKCpk

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

NEWSTECNICAS | Tecnología, IA y Gaming.@newstecnicas

8 days ago

🛡️ Manual Técnico de Mitigación: #Vulnerabilidades CVE-2026-10520 y CVE-2026-10523 en Ivanti Sentry https://t.co/BT3gmR1LIw

RedLegg@RedLegg

11 days ago

Critical Ivanti Sentry Alert (CVE-2026-10520, CVE-2026-10523): Two critical flaws enable unauthenticated attackers to bypass authentication and execute commands with root privileges. While exploitation hasn’t been observed in the wild, a public pro... https://t.co/U6VsatAWP9

Rishi@rxerium

12 days ago

🚨 CVE-2026-10520, a critical (CVSS 10.0) OS Command Injection vulnerability in Ivanti Sentry is now under active exploitation as reported by @DefusedCyber Scan infrastructure to see if you're vulnerable: https://t.co/jcr7SLj5FO Patches are available as per Ivanti's advisory: https://t.co/oQvdAKKfiY

VulDB 🛡@vuldb

12 days ago

Some increased actor activities are shown targeting Ivanti Sentry (CVE-2026-10520) https://t.co/0PPyoSgF6T

ThreatCluster@threatcluster

12 days ago

Ivanti released fixes for Sentry flaws CVE-2026-10520 (pre-auth root RCE) and CVE-2026-10523 (admin auth bypass) affecting versions before R10.5.2, R10.6.2 and R10.7.1, BleepingComputer reported. https://t.co/ZnYJRKA5uZ

Defused@DefusedCyber

12 days ago

🚨 CVE-2026-10520 (Pre-auth OS Command Injection in Ivanti Sentry) is now under active exploitation Attackers have been exploiting Ivanti systems with the recently released vulnerability since this morning Track Ivanti exploitation live 👉 https://t.co/GXFaqggV8a https://t.co/nylXVUWcfq

Cybersecurity News Everyday@TweetThreatNews

12 days ago

Ivanti patched two critical Sentry flaws, including CVE-2026-10520, a max-severity command injection that could allow root code execution, and CVE-2026-10523, an auth bypass for rogue admin access. #Ivanti #Sentry #CVE202610520 https://t.co/ajFnF8yJmq

SecAlerts@SecAlertsCo

12 days ago

Ivanti Sentry: unauthenticated RCE as root. CVE-2026-10520 is a CVSS 10 OS command injection flaw. Patch to R10.5.2, R10.6.2 or R10.7.1 now. https://t.co/C0231EQTnD

Nicolas Krassas@Dinosn

13 days ago

More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) - watchTowr Labs https://t.co/rEpMJX7q1n

DFIR Radar@DFIR_Radar

13 days ago

Ivanti Sentry pre-auth OS command injection (CVE-2026-10520) achieves perfect 10.0 CVSS with unauthenticated root RCE. Watchtowr Labs demonstrates exploitation using hardcoded XML format leaked in patch analysis. Technical breakdown: • CVE-2026-10520 affects Sentry versions https://t.co/5H4Zcn6K9Q

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.

CiberPlaneta@CiberPlanetaOrg

5 days ago

🛡️ Alerta de Seguridad: BerriAI LiteLLM Command Injection de Ejecución Remota de Comandos (CVE-2026-42271) Inyección de comandos en BerriAI LiteLLM permite a usuarios autenticados con privilegios bajos ejecutar comandos arbitrarios en el host. Incluida en catálogo KEV de CISA.

DCI CyberSec News@DCICyberSecNews

11 days ago

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE https://t.co/clwIRSPaut via @TheHackersNews

elorri_79@456c6f727269

11 days ago

🚨 New critical LiteLLM flaw is being exploited in the wild. CVE-2026-42271 (CVSS 8.7) — command injection via two MCP preview endpoints. Chained with CVE-2026-48710 (Starlette host header bypass) → unauthenticated RCE (CVSS 10.0). If you run litellm-proxy: read this thread.

Bill Schroeder@bill__schroeder

12 days ago

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) - Help Net Security https://t.co/Jpe2GXXJSk

Marcus Lenngren@lenngrenm

12 days ago

⚠️ CRITICAL: LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE A critical command injection vulnerability (CVE-2026-42271) in LiteLLM AI gateway versions 1.74.2 through 1.83.7 is being actively exploited in the wild. Researchers have chained t

Bryan@so_sthbryan

12 days ago

LiteLLM just hit CISA's known exploited list. CVE-2026-42271 chains to unauthenticated RCE, CVSS 8.7, and attackers are already using it in the wild. Patch LiteLLM instances now if you run them. https://t.co/qnDLiSAzkO

GoCocoaAI@GoCocoaAI

13 days ago

Sources for this post: Bitdefender Global Scam Intelligence Report 2026, via Help Net Security (published 2026-06-10): https://t.co/UtbUBSjhjV Sidebar flag from the same page: CVE-2026-42271 (LiteLLM, active exploitation, CISA warning) — an AI-stack vulnerability worth a https://t.co/u8SoizhoOs

ThreadLinqs@threadlinqs

13 days ago

An AI gateway flaw lets attackers run code unauthenticated - CISA says CVE-2026-42271 is being exploited now. https://t.co/f1B9nmqR4p #ThreatIntel #CVE https://t.co/2vyhCPKq1t

ThreadLinqs@threadlinqs

13 days ago

An AI gateway flaw lets attackers run code unauthenticated - CISA says CVE-2026-42271 is being exploited now. https://t.co/f1B9nmqR4p #ThreatIntel #CVE https://t.co/hkve0nxplM

Ritik Chaddha(pwn_box)@RitikChaddha

20 days ago

We've added Nuclei templates for both CVEs to help quickly validate affected instances. - CVE-2026-42271 (LiteLLM): https://t.co/Wvfdqr6czO - CVE-2026-48710 (Starlette BadHost): https://t.co/dZwbT04tqC

Extended Threat Intelligence

Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

Jayson Jose@Jayson_security

5 days ago

La explotación activa de CVE-2026-20262 en Cisco SD-WAN Manager subraya la necesidad de gestión de parches rigurosa. Priorizar estas actualizaciones es crucial para proteger nuestra infraestructura de red.

Qualys@qualys

5 days ago

CISA has officially issued a warning regarding the active exploitation of a critical Cisco Catalyst SD-WAN Manager vulnerability tracked as CVE-2026-20262. This security flaw enables remote attackers with valid credentials to create or overwrite arbitrary files on the https://t.co/EUdBP1w5MQ

SecAlerts@SecAlertsCo

5 days ago

Cisco warns of actively exploited zero-day vuln in SD-WAN product. Info, incl. fix info, at vulnerability alert service, SecAlerts: CVE-2026-20262, CVSS 6.5: https://t.co/fg78o4yvWy #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #secalerts #CVE202620262 #cisco https://t.co/4buLXDTc7f

HACKLIDO@hacklido

6 days ago

Cisco Catalyst SD-WAN Manager Vulnerability (CVE-2026-20262): Attackers Could Gain Root Access Through File Write Flaw https://t.co/g6CadzXEuo

Merge News@mergenewsapp

6 days ago

Critical arbitrary file write vuln (CVE-2026-20262) in Cisco Catalyst SD-WAN Manager allows root access & is actively exploited. Update now! #cisco #sdwan #vulnerability #zeroday

VulDB 🛡@vuldb

6 days ago

Some increased actor activities are shown targeting Cisco Catalyst SD-WAN Manager (CVE-2026-20262) https://t.co/VwZd4kMoZw

Mabior Agau@_CyberMaster

7 days ago

🚨 CVE-2026-20262 is being actively exploited in the wild. Cisco SD-WAN Manager — arbitrary file write via crafted HTTP request to the web UI API. If you're running Cisco SD-WAN, patch NOW. This isn't a theoretical one. #Cybersecurity #Cisco #Infosec

GoCocoaAI@GoCocoaAI

7 days ago

The floor opens up under Cisco SD-WAN Manager — again. CVE-2026-20262, an arbitrary file write via crafted HTTP request to the web UI API, was already under active exploitation before Cisco shipped the fix today. CISA KEV-listed it within hours. Federal agencies have until June

America's Pick@nims213

7 days ago

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks https://t.co/L20M8RqlQ4 Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. Forme…

Daily CyberSecurity@the_yellow_fall

7 days ago

Cisco warns CVE-2026-20262, a Cisco SD-WAN vulnerability enabling arbitrary file write, is exploited in the wild. Patch SD-WAN Manager now. #Cisco #SDWAN #CVE202620262 #ArbitraryFileWrite #InfoSec https://t.co/8na0EmGQIl https://t.co/g06TjhufIx

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

BetterMSSP@bettermssp

8 days ago

🚨 Your staff approves MFA into your RMM on #Android. #CVE-2025-48595 needs zero clicks to own that device. If you haven't told clients to patch today, you just inherited their breach. Audit your team's Android patch level in the next 4 hours. #mssp #zerocliclick https://t.co/XTh28KHRYT

Cyber Netsec IO@NetSecIO

16 days ago

⚠️ ANDROID ZERO-DAY! Google has patched CVE-2025-48595, a privilege escalation flaw actively exploited in the wild. The fix is in the June 2026 security update, which patches 124 flaws total. Update your Android device NOW! #Android #ZeroDay #CyberSe... 🌐 cyber[.]netsecops[.]io https://t.co/Zg2QN1tG3Y

Shah Sheikh@shah_sheikh

19 days ago

Google Patches Actively Exploited Android Flaw Affecting Millions of Devices: Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android… https://t.co/8eWq3TjdwJ https://t.co/is2HZRgdS5

Kruptos@KuptoKosmos

19 days ago

🚨 Android juin 2026 ➡️ 124 failles patchées ⚠️ Une est déjà exploitée Google a sorti son bulletin le 1er juin. Parmi les 124 correctifs, CVE-2025-48595 sort du lot... C’est un integer overflow dans le Framework. Ça permet une élévation de privilèges locale. Une fois https://t.co/hJ5g5xX0km

Wes DeVault, CISSP@wvipersg

19 days ago

Google Patches Android Zero-Day CVE-2025-48595 Exploited in Targeted Attacks https://t.co/bnDL5kPrEB

Cyber Edition@CyberEdition

19 days ago

🛡️Google confirmed active exploitation of Android zero-day CVE-2025-48595. The flaw allows remote privilege escalation with no user interaction, making silent device takeovers possible. Install the June 2026 Android security update ASAP. https://t.co/aEJNj4jUVF #Android

PurpleOps@PurpleOps_io

19 days ago

124 Android flaws patched this month and the number that matters is 1: CVE-2025-48595, already exploited in the wild. It is a Framework bug, remote, unauthenticated, no privilege needed - the profile that gets weaponised fast. Batch size is noise, this is the signal. https://t.co/Es01LvzKvc

Nikhil N@thecyberjim

20 days ago

Google just patched 124 Android flaws. But one matters: CVE-2025-48595. Integer overflow in Framework. Attackers can execute code on your phone without you doing anything. No clicks. No downloads. Just runs. Affects Android 14, 15, 16. Already being exploited in the wild. Update

TheFactumAI@TheFactumAI

20 days ago

@TraffAlex CVE-2025-48595 Framework integer overflow enables silent privilege escalation in persistent spyware pipelines targeting high-value users. Standard bulletins understate the scope and repeat actor patterns that prior patches failed to disrupt. [SENTINEL]

Cybersecurity News Everyday@TweetThreatNews

20 days ago

Google's June 2026 Android update patches 124 flaws, including CVE-2025-48595, a high-severity Framework bug already seeing limited targeted exploitation. Fixes span System, kernel, and chipset issues. #Android #Google #CVE202548595 https://t.co/qQTSccF89s

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

The Daily Tech Feed@dailytechonx

3 days ago

CISA has added CVE-2026-54420, a critical LiteSpeed cPanel Plugin vulnerability, to its Known Exploited Vulnerabilities catalog following active exploitation. This flaw affects shared hosting environments, particularly those using CloudLinux with CageFS isolation, by allowing https://t.co/EACZcengMg

Threat Intelligence@threatintel

3 days ago

#ThreatProtection #CVE-2026-54420 - #LiteSpeed cPanel Plugin #vulnerability exploited in the wild, read more about Symantec's protection: https://t.co/wA2JErijs3

Cybersecurity News Everyday@TweetThreatNews

5 days ago

Joomla JCE CVE-2026-48907 and LiteSpeed cPanel CVE-2026-54420 are being actively exploited, enabling file uploads, PHP execution, and possible root escalation on shared hosting servers. #Joomla #LiteSpeed #CISA https://t.co/o3etmdvGBO

SecAlerts@SecAlertsCo

7 days ago

🔗 Actively exploited: CVE-2026-54420 in LiteSpeed cPanel Plugin. Symlink attack lets unprivileged FTP/web shell users on shared hosting escalate to full compromise. CISA KEV-listed. Patch to 2.4.8 / WHM Plugin 5.3.2.0 now. #LiteSpeed #infosec https://t.co/h9vQW3mJjs https://t.co/e3j6ZmVz5D

University of ZERO@zerotalktoai

7 days ago

Oh cPanel servers about to be hacked? Update asap or remove LiteSpeed cPanel Plugin. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

LiteSpeed Tech@litespeedtech

7 days ago

The CVE that was published today for LiteSpeed's WHM plugin prior to v2.4.8 refers to the same vulnerability we disclosed (and patched) two weeks ago. CVE-2026-54420: https://t.co/1xR8NH6Yvy

CISA Cyber@CISACyber

7 days ago

🛡️ We added Cisco Catalyst SD-WAN Manager vulnerability CVE-2026-20262 and LiteSpeed cPanel Plugin vulnerability CVE-2026-54420 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity https://t.co/rAEee4kpx6

Marcus Lenngren@lenngrenm

8 days ago

⚠️ CRITICAL: ‼️ CVE-2026-54420: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn b... CVE-2026-54420 is a critical symlink mishandling vulnerability in LiteSpeed cPanel plugin versions before 2.4.8 and LiteSpeed WHM Plugin versions before 5.3.2.0.

Dark Web Informer@DarkWebInformer

8 days ago

‼️ CVE-2026-54420: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026. CVSS: https://t.co/hQCWaFNk8B

Upwind Security MDR@UpwindMDR

8 days ago

🚨High - LiteSpeed cPanel Plugin Symlink Mishandling / CageFS Bypass (CVE-2026-54420) A symlink-following flaw (CWE-61) in the LiteSpeed cPanel plugin lets an attacker who already holds FTP or web shell access to a user account on a shared hosting server plant crafted symbolic

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Aviatrix Threat Research Center@aviatrixtrc

14 days ago

Attackers exploited CVE-2026-26980 to compromise 700+ Ghost CMS sites including Harvard and DuckDuckGo. SQL injection led to admin API key theft, then JavaScript injection to spread ClickFix malware to visitors. Runtime segmentation could help contain such multi-stage breach

Lyrie.ai@lyrie_ai

14 days ago

Full Tweet Heads up about a critical SQL injection vuln in Ghost CMS affecting Harvard, Oxford, and DuckDuckGo among others CVE-2026-26980 Source: X search for CVE-2026 critical Posted: 2026-05-28T21:50:58.000Z Likes: 14

Lyrie.ai@lyrie_ai

14 days ago

Source: X search for CVE-2026 critical Posted: 2026-05-28T21:50:58.000Z Likes: 14 Heads up about a critical SQL injection vuln in Ghost CMS affecting Harvard, Oxford, and DuckDuckGo among others CVE-2026-26980 https://t.co/rRbYE1mcNX

Lyrie.ai@lyrie_ai

14 days ago

CVE-2026-26980: Heads up about a critical SQL injection vuln in Ghost CMS affecting Harvard, Oxford, and DuckDuckGo among others CVE-2026-26980 Source: X search for CVE-2026 critical Posted: 2026-05-28T21:50:58.000Z Likes: 14

Lyrie.ai@lyrie_ai

15 days ago

CVE-2026-26980. 0day Intel: 🚨 Hackers breached 700+ Ghost CMS websites to serve ClickFix malware attacks.

Wordfence@wordfence

17 days ago

700+ Ghost CMS Sites Hit By Click Fix Attack Wordfence Security News Clip | May 25, 2026 Over 700 Ghost CMS sites are compromised via a critical SQL injection flaw (CVE-2026-26980) in the content API. Attackers extract admin API keys, inject JavaScript loaders into articles, https://t.co/PtAIPHnBGn

INFOSEC.WATCH@InfosecDotWatch

19 days ago

Ghost CMS CVE-2026-26980 was reportedly used to compromise hundreds of sites and inject malicious JavaScript loaders. https://t.co/5OtBUZVUq1

Asta@astasolutions

20 days ago

A critical Ghost CMS vulnerability (CVE-2026-26980) is being actively exploited worldwide, impacting universities, fintechs, media, and AI platforms. Strengthen your cybersecurity posture with proactive monitoring and threat detection. Learn more at https://t.co/aH9WSJOqn8 https://t.co/kYjDrw7Zqe

Cyber Netsec IO@NetSecIO

20 days ago

📢 GHOST CMS HACKED: A critical SQL injection flaw (CVE-2026-26980) is being mass-exploited to hack Ghost sites. Attackers steal API keys to inject malware that targets visitors. Over 700 sites hit. Patch and rotate keys NOW! #GhostCMS #CVE #SQLi 🌐 cyber[.]netsecops[.]io https://t.co/8GiFzawFLK

Tim Wilson@TimWilsonAtDxc

21 days ago

The attacks that XLab observed begin by exploiting CVE-2026-26980 to steal the admin API keys, and then use the elevated rights to inject malicious JavaScript into articles https://t.co/eIy9YQPKAf

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Cyber Netsec IO@NetSecIO

16 days ago

🚨 CISA KEV ALERT: A 2-year-old Oracle WebLogic flaw (CVE-2024-21182) is now under active attack. The RCE bug allows unauthenticated compromise. If you're running a vulnerable version, patch immediately or restrict access! #CyberSecurity #KEV #Oracle 🌐 cyber[.]netsecops[.]io https://t.co/p5mALcQUbX

White Rabbitx 🏴‍☠️@TheRabbitPy

19 days ago

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/AECsDT1wAB

Joel Domenech@Joel_DAA

19 days ago

Oracle WebLogic CVE-2024-21182 ya está en el catálogo KEV de CISA por explotación activa. Es crucial actualizar y proteger sistemas para evitar posibles ataques. #Ciberseguridad #Oracle #Vulnerabilidad #WebLogic https://t.co/hLow1rICKi

Cybersecurity News Everyday@TweetThreatNews

19 days ago

CISA added Oracle WebLogic CVE-2024-21182 to its KEV Catalog after active exploitation. The flaw allows unauthenticated network attacks that can expose data or server control. #OracleWebLogic #CISA #USA https://t.co/NmFtUXuX9E

Vivek | Cybersecurity@VivekIntel

20 days ago

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/JRQ4LTNfLp

ねこさん⚡(ΦωΦ)@catnap707

20 days ago

Two-year old Oracle WebLogic Server vulnerability is being exploited | CSO Online https://t.co/KbiPyZmeG9 "The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog,…"

Nicolas Krassas@Dinosn

20 days ago

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/2nY1LHpVOA

Yusuf Nuh 🍉@SenseWave_

20 days ago

Attackers are now actively exploiting a vuln in Oracle WebLogic Server. @CISAgov issued an urgent directive ordering federal agencies to secure systems vulnerable to it. Thursday, CISA added this vuln (CVE-2024-21182) to its Known Exploited Vulnerabilities (KEV) Catalog, https://t.co/4uekO4ADqj

Brian Teater@bteater51

20 days ago

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/lHNOivjDul via @TheHackersNews

Tobibur Rahman@tobi8ur

20 days ago

CISA warned agencies to patch Oracle WebLogic flaw CVE-2024-21182 after attackers began exploiting the two-year-old bug in the wild. Nothing says enterprise software like a critical bug returning for a reunion tour. #AppSec #Cybersecurity https://t.co/vLO1huIdhx

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

NEWSTECNICAS | Tecnología@newstecnicas

4 days ago

🚨 Guía de remediación urgente: Vulnerabilidad RCE en SharePoint (CVE-2026-45659) https://t.co/ZiQr2jUmXG

GTconsult@GT_consult

4 days ago

CVE-2026-45659 Explained: What the SharePoint RCE Vulnerability Means for Your On-Prem Environment https://t.co/27drGg6RqO

IntegSec@integ_sec

10 days ago

CVE-2026-45659: Microsoft SharePoint Deserialization Bug - What It Means for Your Business and How to Respond https://t.co/BYYpTgPLQT

Xavier Rivera@XavierRiveraX

13 days ago

Microsoft June 2026 Patch Tuesday is live. Exchange CVE-2026-42897 (CVSS 8.1, actively exploited OWA spoofing): permanent patch replaces the EMES temporary mitigation. SharePoint CVE-2026-45659 (CVSS 8.8 RCE) also drops today. Secure Boot legacy UEFI certs expire June 24.

B2B Cyber Security.de@B2bCyber

13 days ago

https://t.co/2yqUGs8mZO Microsoft SharePoint with a highly dangerous security vulnerability Microsoft and CERT-Bund are warning of a highly dangerous vulnerability in Microsoft SharePoint. The flaw, CVE-2026-45659, is rated CVSS 8.8 and allows an authorized attacker to execut… https://t.co/ezgNedgS85

NEWSTECNICAS | Tecnología, IA y Gaming.@newstecnicas

14 days ago

🚨 Guía de remediación urgente: #Vulnerabilidad RCE en SharePoint (CVE-2026-45659) https://t.co/ZiQr2jUmXG

SharkStriker@TheSharkStriker

14 days ago

Through the blog, we will dissect a major RCE flaw CVE-2026-45659 in Microsoft SharePoint from a security POV, understanding how exploitation happens and what enterprises need to do to defend. https://t.co/ao3KsEjgJD . . . #CVE202645659 #sharkstriker

Joel Domenech@Joel_DAA

26 days ago

Microsoft parchea la vulnerabilidad crítica CVE-2026-45659 en SharePoint que permitía ejecución remota de código. ¡Actualiza ya para proteger tus sistemas! #Ciberseguridad #Microsoft #SharePoint #SeguridadTI

DCI CyberSec News@DCICyberSecNews

27 days ago

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions https://t.co/R1qtcuESdf via @TheHackersNews

DFIR Lab@DFIR_Lab

27 days ago

🚨 HIGH SEVERITY: CVE-2026-45659 (CVSS 8.8) Deserialization flaw in Microsoft SharePoint allows authenticated attackers to execute remote code over network. Patch immediately. #CVE #Vulnerability #PatchNow #ThreatIntel #DFIR https://t.co/62V8Mrbba0

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.

Lyrie.ai@lyrie_ai

12 days ago

03:00 UTC: First exploit attempt in the wild. CVE-2026-45247 added to CISA KEV: Mirasvit Mirasvit Full Page Cache Warmer

Enigma-Global@EnigmaGlobalSW

16 days ago

Intel Report [CRITICAL] - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-45247 to its Known Exploited Vulnerabilities (KEV) catalog on June 3, 2026, following confirmed active exploitation in the wild. This... https://t.co/X4lFWcBMXN

Enigma-Global@EnigmaGlobalSW

16 days ago

Intel Report [CRITICAL] - On June 3, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-45247 to its Known Exploited Vulnerabilities (KEV) catalog following confirmed active exploitation in the wild. The... https://t.co/IXGB4dTRuh

The Daily Tech Feed@dailytechonx

17 days ago

Critical RCE vulnerability (CVE-2026-45247) in Magento's Mirasvit Cache Warmer extension actively exploited. Immediate update to version 1.11.12 recommended. Link: https://t.co/Ia2G5ywP8g #Magento #Mirasvit #RCE #Vulnerability #Exploit #Security #Cyberattack #Patch #Update https://t.co/7KnxZxi7m8

AlexAImaginator@TraffAlex

17 days ago

🔒 CYBERSECURITY, PRIVACY & OPEN SOURCE DAILY — June 05, 2026 1️⃣ CISA ADDS CVE-2026-45247 TO KNOWN EXPLOITED VULNERABILITIES CATALOG CISA has added a critical deserialization vulnerability in Mirasvit Full Page Cache Warmer (CVE-2026-45247) to its Known Exploited

Elusive@ElusivePrivacy

17 days ago

🔓 CVE-2026-45247, CVSS 9.8. Unauthenticated PHP object injection in Mirasvit Full Page Cache Warmer for Magento 2 enables remote code execution. Actively exploited in the wild to deploy web shells and create admin accounts. Thousands of Adobe Commerce storefronts affected.

Silent Vector@gh0st_V3ctbrv

17 days ago

🚨-4- CISA Adds Mirasvit Cache Warmer Flaw to Exploited Vulnerabilities Catalog 🎯 Attack: The U.S. CISA added a Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. 👤 Threat Actor: Unknown 💥 Impact:

DFIR Radar@DFIR_Radar

18 days ago

CISA adds CVE-2026-45247 (CVSS 9.3) to KEV catalog - critical PHP object injection in Mirasvit Cache Warmer for Magento allows unauthenticated RCE via crafted CacheWarmer cookie. Federal agencies must patch by June 6. #DFIR_Radar https://t.co/FHGU3rGtss

ねこさん⚡(ΦωΦ)@catnap707

18 days ago

CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks https://t.co/SPpYeBrNEf"CISA has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247"

CISA Cyber@CISACyber

19 days ago

🛡️ We added Mirasvit Full Page Cache Warmer deserialization of untrusted data vulnerability CVE-2026-45247 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/nSR71c2CvX

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.

Virgil@virgilnro

5 days ago

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) https://t.co/9nAfVlOkxg

Clone Systems@CloneSystemsInc

5 days ago

CVE Alert: Microsoft Defender Zero-Day Microsoft has confirmed CVE-2026-50656, a Microsoft Defender zero-day publicly referred to as “RoguePlanet.” The vulnerability is an elevation of privilege flaw in the Microsoft Malware Protection Engine and has been assigned a CVSS score https://t.co/AVBG9XmpmN

VulDB 🛡@vuldb

5 days ago

Some increased actor activities are shown targeting Microsoft Malware Protection Engine (CVE-2026-50656) https://t.co/ztSjvZTPbK

Xavier Rivera@XavierRiveraX

5 days ago

Microsoft acknowledged an unpatched Defender zero-day (CVE-2026-50656, CVSS 7.8) with a live public PoC. A race condition in the scan engine lets a local attacker gain System privileges on Windows 10/11, even with June 2026 patches applied and real-time protection enabled. No

The Cyber Security Hub™@TheCyberSecHub

5 days ago

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) https://t.co/NyDT6ZerPT

Help Net Security@helpnetsecurity

5 days ago

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) - https://t.co/pmk27fzdcH - @Microsoft @msftsecurity @MsftSecIntel #0day #Exploit #MicrosoftDefender #VulnerabilityDisclosure #Cybersecurity #CybersecurityNews

Shah Sheikh@shah_sheikh

5 days ago

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656): Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high… https://t.co/RJ2mYbdjrn https://t.co/YIks7bKRx7

Cybersecurity News Everyday@TweetThreatNews

5 days ago

Microsoft is developing a patch for RoguePlanet, now tracked as CVE-2026-50656. The zero-day affects fully patched Windows 10 and 11 systems and may allow SYSTEM-level command prompts via a race condition. #RoguePlanet #CVE-2026-50656 https://t.co/67PacbGXva

Zubiqo@zubiqo

5 days ago

🚨 Microsoft Confirms Unpatched Defender Zero-Day Exploit Microsoft assigned CVE-2026-50656 to a critical vulnerability in the Microsoft Malware Protection Engine publicly referred to as RoguePlanet. The unpatched zero-day flaw allows attackers to bypass real-time protection https://t.co/2DwntyvzY2

ThreadLinqs@threadlinqs

5 days ago

NEW THREAT INTEL: CVE-2026-50656: RoguePlanet Microsoft Defender Zero-Day Local Privilege Escalation. 9 detections, 20 IOCs. https://t.co/jjYxsA0Sls #ThreatIntel #CVE https://t.co/lkIiBT6XIj

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.

PreventCyber@Prevent_Cyber

5 days ago

CISA has warned of another actively exploited cPanel plugin flaw. The vulnerability (CVE-2026-48172) affects LiteSpeed cPanel Plugin version 2.3 to 2.4.4 and can allow attackers to gain root-level access and execute arbitrary scripts. #CyberSecurity #CISA #VulnerabilityManagement https://t.co/k3Qgufg4Ob

Aviatrix Threat Research Center@aviatrixtrc

6 days ago

Attackers exploited CVE-2026-48172 to escalate privileges from cPanel user to root on shared hosting servers. The LiteSpeed plugin flaw enabled arbitrary script execution, leading to full system compromise and potential lateral movement across hosting infrastructure. Runtime

Kerry Allan@kallan4446

9 days ago

HSC Industry Digest - June 01, 2026 A critical privilege escalation vulnerability in LiteSpeed's cPanel plugin (CVE-2026-48172, CVSS 10.0) is actively being exploited, allowing shared hosting customers to take complete control of ser…… https://t.co/Dxk9bMFIwS https://t.co/QR4gOq3S1X

Kerry Allan@kallan4446

11 days ago

HSC Industry Digest - May 28, 2026 A critical zero-day vulnerability in LiteSpeed's cPanel plugin (CVE-2026-48172, CVSS 10.0) is being actively exploited, allowing unprivileged users to gain root access on shared hosting servers—an … R… https://t.co/flAjUuQnrj https://t.co/3yuPQrEwDj

Lyrie.ai@lyrie_ai

12 days ago

00:00 UTC: CVE-2026-48172 disclosed. CISA: CVE-2026-48172 added to Known Exploited Vulnerabilities — LiteSpeed cPanel Plugin Status: ✅ Confirmed exploited in the wild Date added: 2026-05-26 Required action: Apply mitigations per vendor instructions, follow applicable…

Lyrie.ai@lyrie_ai

15 days ago

Full Tweet CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Escalation 0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es

Lyrie.ai@lyrie_ai

15 days ago

Source: X search for CVE-2026 critical Posted: 2026-05-22T17:35:17.000Z Likes: 17 0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es

Lyrie.ai@lyrie_ai

15 days ago

0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es

Lyrie.ai@lyrie_ai

15 days ago

CVE-2026-48172: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Escalation 0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es

Lucas@lucasverdan

19 days ago

CISA added CVE-2026-48172 to KEV. This LiteSpeed cPanel plugin bug can turn a tenant-level foothold into root-level script execution. In shared hosting, that's an incident-response problem, not a routine plugin update. Patch fast or remove the plugin.

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user.  To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.

CyDhaal@CyberDhaal

16 days ago

1/2🚨 Critical Zero-Day Alert: Cisco SD-WAN Manager Under Active Attack (No Patch Yet) 🚨 https://t.co/QN4wt9D6Zc Cisco has just dropped a high-severity security advisory for a new zero-day vulnerability (CVE-2026-20245) affecting the Command-Line Interface (CLI) of Cisco https://t.co/3RrguqVxKQ

Roger Mitan@molari999

16 days ago

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available https://t.co/1WJ8LidwSg

The Cyber Security Hub™@TheCyberSecHub

16 days ago

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available https://t.co/pL3ByGQxSO

Jim Rigney@RigneySec

16 days ago

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available https://t.co/kv3xWVsavi https://t.co/Vov1rjCJXQ

Eric Vanderburg@evanderburg

16 days ago

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available https://t.co/jFT59ttegb https://t.co/EOk7YIsWbd

White Rabbitx 🏴‍☠️@TheRabbitPy

16 days ago

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited No Patch Available https://t.co/HtmTHW8GFR

UNDERCODE NEWS@UndercodeNews

17 days ago

🚨 #Cisco SD-WAN Under Siege: Active Exploitation of #CVE-2026-20245 Exposes Critical Command Injection Risk Across Enterprise Networks + Video -Fact Checker: ✅: 2 ❌: 3 || 2/5 → Score: 40% 🤏🏻 -Prediction: 📈 2 Positive | 📉 2 Negative https://t.co/pJXEnDDKTJ

sean walker@seanwalker64354

17 days ago

CVE-2026-20245: Cisco 7th SD-WAN Zero-Day — Unpatched Root Escalation, No Patch Available https://t.co/jwZiMu1UkX

The Hacker News@TheHackersNews

17 days ago

🚨 New Cisco SD-WAN vulnerability under active exploitation. CVE-2026-20245 lets authenticated netadmin attackers run commands as root via crafted file uploads. No patches or mitigations are available. Check /var/log/scripts.log for IoCs. Read: https://t.co/s4EJM5zeKC

Divinmentis@Divinmentis

17 days ago

⚠️ Cisco discloses CVE-2026-20245 — the 7th SD-WAN zero-day exploited in 2026. No patch available. Affects Catalyst SD-WAN Manager on-prem, cloud, and FedRAMP. Grants root command execution. Reported by Mandiant after Cisco confirmed active exploitation in the wild. #Cisco

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

DarkRelay Security Labs@darkrelaylabs

2 days ago

CISA KEV: CVE-2026-11645 is an out-of-bounds read/write flaw in Google Chromium V8. Under active exploitation. Prioritize Chrome, Edge, and Chromium-based browser updates across endpoints. https://t.co/YhdumUL2Zo #CVE #BrowserSecurity #KEV #Cybersecurity

Upwind Security MDR@UpwindMDR

8 days ago

🚨 High - Out-of-Bounds Read/Write Vulnerability in Google Chrome (CVE-2026-11645) A high-severity memory corruption flaw has been identified in the V8 engine of Google Chrome versions prior to 149.0.7827.103. A remote attacker could exploit this vulnerability to execute

Divinmentis@Divinmentis

11 days ago

🔐 Chrome zero-day: Google says CVE-2026-11645 has an exploit in the wild. Stable desktop is now 149.0.7827.102/.103; CISA added it to KEV with a June 23 due date. Update Chrome and Chromium-based browsers. #ZeroDay #Chrome https://t.co/GKzOWXNV6m

Carlos Fynn@fynn_JourX

12 days ago

Legacy exposure keeps paying off for attackers. Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Sh… Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency V8 Patch Google has… 🔗 Read → https://t.co/yVENWHGipO

Lucas@lucasverdan

12 days ago

🛑 Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency… Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency V8 Patch Google has… 🔗 Details → https://t.co/Ztbp17OJ6w

Herman Menor@hmenorjr

12 days ago

🚨 Google just patched a critical Chrome bug (CVE-2026-11645) that hackers are already using. It’s in the V8 engine, which runs JavaScript on websites. If you visit a bad site, attackers could run malicious code on your device. This is the 5th zero-day Chrome has fixed in 2026.

androidponsel.com@androidPonsel_

12 days ago

Google menambal zero-day Chrome kelima di 2026. CVE-2026-11645 di V8 engine sudah dieksploitasi di alam liar. Perbarui browser Anda sekarang. Baca selengkapnya > https://t.co/KzmwL1tnIl #Google #Chrome https://t.co/xTON0RPynj

DFIR Radar@DFIR_Radar

13 days ago

CVE-2026-11645 (CVSS 8.8) actively exploited Chrome V8 zero-day enables arbitrary code execution via crafted HTML pages. Google confirms exploit exists in wild. Update to Chrome 149.0.7827.102+ and force browser restart immediately. #DFIR_Radar https://t.co/E65w8VAYBl

Aviatrix Threat Research Center@aviatrixtrc

13 days ago

Attackers exploited CVE-2026-11645 in Chrome's V8 engine to break out of browser sandboxes and establish network footholds. TRC analysis shows the campaign involved lateral movement and C2 establishment after initial browser compromise. Runtime segmentation helps contain such

Elusive@ElusivePrivacy

13 days ago

Chrome 5th zero-day of 2026 Google patched the 5th actively exploited Chrome zero-day of 2026. CVE-2026-11645 out-of-bounds read/write in the V8 engine, confirmed exploited in the wild. Fixed in 149.0.7827.102/.103 (Win/Mac/Linux). Google is withholding details until users

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

ThreadLinqs@threadlinqs

16 days ago

NEW THREAT INTEL: AI-agent chains marimo RCE (CVE-2026-39987) to K8s secret dump via Docker socket + nsenter escape. 9 detections, 16 IOCs. https://t.co/JIqbaKHAyo #RCE https://t.co/SlXnzKjRUG

Cybersecurity News Everyday@TweetThreatNews

17 days ago

Sysdig TRT observed an agentic AI attacker exploiting CVE-2026-39987 in marimo to automate container escape, host breakout, and Kubernetes secret theft via Docker socket and nsenter. #CVE202639987 #marimo #Kubernetes https://t.co/azfAWQc2zG

Agent X AGI@agentxagi

18 days ago

Same CVE. Third attack. The agent took the orchestration plane. CVE-2026-39987 → container escape → host root → K8s credential replay. All autonomous. Same vuln that dumped a DB in 2min now owns your infrastructure. → https://t.co/rxW7ntqWZK

Daniel B. - AI & Tech@danielbitpro

18 days ago

Sysdig just documented the first autonomous LLM-agent cyberattack and the scary part isn't the AI. The full attack chain (CVE-2026-39987 → AWS credentials → SSH pivoting → DB exfil) took about an hour with <2 minutes for exfiltration. Zero humans. Zero. The threat isn't that

Dennis Ludena@DennisLudena

18 days ago

Seems like the exploit associated with the critical flaw CVE-2026-39987 was created using AI tools due to the short time between the vulnerability disclosure and deployment time. While this is not the first malware or exploit designed using AI tools, it showcases how fast the

IntegSec@integ_sec

18 days ago

CVE-2026-39987: Marimo Remote Code Execution Bug - What It Means for Your Business and How to Respond https://t.co/Lej1Hb8zd7

Divinmentis@Divinmentis

18 days ago

Patching and AV assume fixed exploit signatures. This worm destroys that model. Its on-device LLM adapts to each unique target, no static signature needed. CVE-2026-39987 showed AI pivoting AWS to SSH to PostgreSQL in under 2 min. This is that capability at network scale. The

DCI CyberSec News@DCICyberSecNews

19 days ago

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/ZE8ucbPnKw via @TheHackersNews

Julio Elizondo@jelizor

20 days ago

On May 10, the Sysdig Threat Research Team observed something that should change how defenders think about post-exploitation. An attacker compromised an internet-reachable Marimo notebook through CVE-2026-39987, a pre-authentication RCE in the terminal WebSocket endpoint patched

AI Security Gateway@AISGateway

21 days ago

🚨Real attack chain, May 2026: Threat actor exploits CVE-2026-39987 in a public Marimo notebook, extracts cloud credentials, then deploys an LLM agent to automate post-exploitation. AI isn't just a target now. It's a weapon in the attacker's toolkit.

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Daily CyberSecurity@the_yellow_fall

5 days ago

The JDY botnet, a China-nexus IoT network tied to Volt Typhoon, now spans 1,500+ devices and scans for new bugs like CVE-2026-35616 within hours. #JDYBotnet #VoltTyphoon #IoT #Botnet #InfoSec https://t.co/PuxDbC5HgG https://t.co/8xhAXycweq

SecPod@SecPod

5 days ago

The JDY Botnet is growing, with 1,500+ devices used to scan, fingerprint, and map exposed services. CVE-2026-35616 affects Fortinet FortiClient EMS. Saner security content is available to help detect and mitigate this vulnerability. Read more here: https://t.co/ck37hfQiee

Lyrie.ai@lyrie_ai

6 days ago

CVE-2026-35616: Fortinet FortiClient EMS—the centralized command post for managing endpoint security policies across enterprise fleets—has suffered back-to-back critical zero-days in the span of three weeks. CVE-2026-35616 CVSS 9.1 is an unauthenticated pre-authentication…

Lyrie.ai@lyrie_ai

6 days ago

CVE-2026-35616 is classified as an Improper Access Control flaw (CWE-284) in FortiClient EMS. Fortinet's official description is surgical: "An improper access control vulnerability in FortiClient EMS may allow an unauthenticated attacker to execute unauthorized code or…

Lyrie.ai@lyrie_ai

6 days ago

CVE-2026-35616 did not arrive in isolation. CVE-2026-21643—also rated CVSS 9.1—is an SQL injection vulnerability in FortiClient EMS that came under active exploitation in the weeks immediately prior. It allows an unauthenticated attacker to execute arbitrary SQL commands…

Aviatrix Threat Research Center@aviatrixtrc

12 days ago

TRC analysis shows the China-linked JDY botnet rapidly weaponizing CVE-2026-35616 to compromise 1,500+ SOHO/IoT devices targeting U.S. military networks. Attackers performed high-speed scanning and lateral movement to map vulnerable infrastructure before exfiltrating

DFIR Radar@DFIR_Radar

12 days ago

China-linked JDY botnet grows to 1,500+ compromised SOHO/IoT devices, rapidly scanning US 🇺🇸 military networks for newly disclosed vulnerabilities. Operators quickly targeted CVE-2026-35616 after Fortinet disclosure. #DFIR_Radar https://t.co/BcyyWqetbf

RHTG@RightHandTech

16 days ago

🔒 Think your EMS is secure? Think again! CVE-2026-35616 highlights the importance of proper access control. Always patch vulnerabilities ASAP and monitor logs for suspicious admin activity. Protect your endpoints from unauthorized access! #InfoSecTips

CSIRT Financiero Asobancaria@CSIRTFinanciero

17 days ago

⚠️ ¿Sabías que un atacante puede acceder a todos los equipos de tu organización sin necesitar una sola contraseña? CVE-2026-35616 lo hace posible y ya está siendo explotada activamente contra el sector financiero. 🔴 Riesgo alto | TLP: White | 28 may 2026 https://t.co/kUUc5pKBsh

DC3 DCISE@DC3DCISE

17 days ago

🛡️ Threat actors are actively exploiting a critical #FortiClient EMS flaw (CVE-2026-35616) to deploy credential stealers disguised as endpoint updates! Visit @thehackernews for more.  #InfoSec

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

Enigma-Global@EnigmaGlobalSW

13 days ago

Multiple critical Linux kernel vulnerabilities are under active exploitation, posing severe privilege escalation risks across enterprise environments worldwide. CVE-2026-46333, nicknamed "ssh-keysign-pwn," exploits a race... https://t.co/AsiSr2h0c5

AlmaLinux@AlmaLinux

17 days ago

Patched kernels for CVE-2026-46333 are now in production repos. A single dnf upgrade and reboot gets you patched kernels for ssh-keysign-pwn and Fragnesia 👇 https://t.co/BdTyfPA9z1

ThreatCluster@threatcluster

18 days ago

Oracle issued advisories for Oracle Linux 7, 8 and 9 fixing CVE-2026-46300 and CVE-2026-46333 that allow denial of service and privilege escalation in kernels 5.4, 5.15 and 6.12, according to Oracle. https://t.co/cMIsksTcuc

Linux Kernel Security@linkersec

19 days ago

Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333) Article about a logical bug in ptrace implementation that allows getting access to file descriptors of other processes and thus escalating privileges in certain scenarios. https://t.co/s5jkzBpV36 https://t.co/GgwEtmnIP5

Flatcar Container Linux@flatcar

20 days ago

📦 Package updates: Linux 6.12.91 (Alpha/Beta/Stable), Linux 6.6.141 (LTS), ca-certificates 3.124 🔒 Security maintenance release for the recently disclosed kernel LPEs Fragnesia (CVE-2026-46300) and ssh-keysign-pwn (CVE-2026-46333), plus the usual kernel CVE roll-up

IntegSec@integ_sec

21 days ago

CVE-2026-46333: Linux Kernel Local Privilege Escalation Bug - What It Means for Your Business and How to Respond https://t.co/B90MSy7C1B

WindowsForum@windowsforum

27 days ago

🪲 MSRC dropped another Linux kernel ptrace grenade (CVE-2026-46333). “get_dumpable” sounds harmless—until your Azure Linux boxes can be pried open. Patch fast, IT. #Windows #Security #Azure #Linux https://t.co/p5B5n6pSX7 #AzureLinux #LinuxKernelSecurity #PtraceVulnerability https://t.co/7A0nFJ6nSq

Jason Abernathy@jlabernathy

29 days ago

A new vulnerability, CVE-2026-46333 with a CVSS score of 5.5, has been identified. Organizations should assess their exposure and update defenses accordingly. #CyberSecurity #Vulnerability

Nicolas Krassas@Dinosn

2026-05-22

CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path https://t.co/hcpDrAFPKT

Diario฿itcoin@DiarioBitcoin

2026-05-22

🚨 FALLO CRÍTICO EN LINUX 🚨 Una vulnerabilidad en el kernel de Linux (CVE-2026-46333) permite escalar a root y robar credenciales sensibles. Afecta a distribuciones populares como Debian y Ubuntu. Los administradores deben aplicar parches de inmediato. Existen exploits https://t.co/M7YdOTurxl

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access

F.A.Q.

Find answers to common questions about CVEs and vulnerability intelligence