CVE Radar
Welcome To CVE Radar

Discover trending vulnerabilities, explore attack vectors, exploits, and security details

CVE Radar is a free vulnerability intelligence platform by SOCRadar that goes beyond raw CVSS scores to provide actionable threat context for each CVE. Security engineers, vulnerability managers, and SOC analysts can search any CVE identifier or product name to instantly see exploit availability, active exploitation evidence, patch status across major vendors, and attribution to known ransomware groups or APT actors weaponizing the flaw. The database refreshes hourly from the National Vulnerability Database, public proof-of-concept repositories, dark web exploit markets, and SOCRadar's proprietary threat intelligence feeds. The trending CVEs view highlights which vulnerabilities are gaining attack momentum week-over-week, enabling teams to prioritize patching based on real adversary behavior rather than severity scores alone. No account or API key is required for lookups.

Top CVE Trend (Last 30 Days)
2026-06-162026-06-202026-06-242026-06-282026-07-022026-07-062026-07-120650000130000019500002600000Mentions
CVE-2026-45659
8.8/ 10
CVSS Score
85/ 100
SVRS Score
2.97M
Audience
95
Social Media
30
News
0
Repos
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
avatar
ModernMindAI@modernmindai
5 days ago
Feds had until July 4 to patch the SharePoint bug CVE-2026-45659. Storm-2603 is already dropping Warlock ransomware through it, and one victim had two crews inside at once. Patch your edge box. #CyberSecurity #InfoSec #ThreatIntel https://t.co/9NjFM4z830
avatar
CVE Brief@DailyCVEBrief
6 days ago
DEEP DIVE — CVE-2026-45659: an authenticated deserialization RCE in on-prem Microsoft SharePoint, CVSS 8.8. Microsoft called exploitation less likely; CISA added it to KEV on active abuse. A low-priv Site Member account is enough to run code. https://t.co/189gc1KyDR
avatar
NEWSTECNICAS | Tecnología@newstecnicas
6 days ago
🛡️ CVE-2026-45659 | CISA ordena parche urgente para Microsoft SharePoint: #Vulnerabilidad de Ejecución Remota de Código https://t.co/cNj9wqRvsL
avatar
AlphaHunt Converge@alphahunt_io
6 days ago
#CTI Brief for 2026-07-06 Control-plane risk is still the cyber signal to watch. CISA’s newest KEV remains SharePoint CVE-2026-45659, now past its remediation clock, while LiteLLM CVE-2026-42271 sits at EPSS 99.57% and can turn low-privilege AI-gateway access into host command
avatar
HackerStorm@hackerstorm
6 days ago
Weekly #CISA KEV Update (6 July 2026) CISA added 1 new Known Exploited Vulnerability to the KEV Catalog this week: 🔹 CVE-2026-45659 – Microsoft SharePoint Server ⚠️ Active exploitation confirmed 🎯 Remote Code Execution ⏱️ Immediate remediation recommended Our latest analysis https://t.co/usGjrOMv2I
avatar
Es Geeks@EsGeeks
7 days ago
🚨 CISA confirma explotación activa de RCE en SharePoint Server (CVE-2026-45659). Solo se necesitan permisos básicos de Site Member. Parche desde mayo, pero ya lo están usando en la vida real. Si tienes SharePoint on-premise: revisa parches YA. #SharePoint #CISA #CVE #Empresas https://t.co/QdlrnJS8Dw
avatar
Carlos Fynn@fynn_JourX
7 days ago
SharePoint CVE-2026-45659 active exploitation p… is the kind of management-plane bug defenders should move on fast. It combines active exploitation with security exposure and auth bypass risk in FortiClient EMS. When endpoint management infrastructure is exposed, the b…
avatar
Lucas@lucasverdan
7 days ago
SharePoint CVE-2026-45659 active exploitation p… is already being exploited, and Fortinet says the FortiClient EMS flaw carries security exposure and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.
avatar
Lucas@lucasverdan
7 days ago
🛑 SharePoint CVE-2026-45659 active exploitation puts on-prem servers on u… CISA added SharePoint Server CVE-2026-45659 to KEV after active exploitation. Defenders sho… 🔗 Details → https://t.co/DjxT4dttNT
avatar
JParticle 🇨🇦🇺🇦@JParticle0
7 days ago
Active Exploitation Alert: Critical Microsoft SharePoint Server RCE Vulnerability CVE-2026-45659 Added to CISA KEV Catalog https://t.co/LfYO8fWARK
CVE-2026-20230
8.6/ 10
CVSS Score
78/ 100
SVRS Score
2.84M
Audience
84
Social Media
33
News
0
Repos
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
avatar
Israel@f1tym1
6 days ago
CISA added Cisco SSRF flaw CVE-2026-20230 to KEV catalog, marking urgent patch deadline for government and enterprise networks https://t.co/ntTG4IpB6t
avatar
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥☭⃠🅇@YourAnon_irc
7 days ago
New vulnerabilities in Citrix NetScaler (CVE-2026-8451, memory leak) and Cisco UC Manager (CVE-2026-20230, SSRF to root) threaten data privacy & integrity in transit. Escalating geopolitical tensions amplify these critical risks. #Cybersecurity #News #Geopolitics
avatar
@pedri77@pedri77
7 days ago
CVE-2026-20230, an SSRF in Cisco Unified CM's WebDialer component, is being actively exploited via Tor to chain file writes into persistent webshells. Patches exist for release 14; a COP patch covers release 15 unti... https://t.co/rNz8gdOIbl
avatar
ThreatCluster@threatcluster
9 days ago
Cisco confirmed active exploitation of a vulnerability (CVE-2026-20230) in its Unified Communications Manager that allows unauthorized SSRF attacks and arbitrary file creation on affected servers. https://t.co/Ezp44asEy9
avatar
TECHEPAGES@techepages
10 days ago
🚨 Cisco has finally confirmed active exploitation of CVE-2026-20230 in Unified Communications Manager — an unauthenticated SSRF flaw patched back in June 3. Attackers are using crafted file:// payloads to create files on targeted devices, with PoC exploit code publicly
avatar
Sudarshana@Sudarshana_io
10 days ago
CUCM CVE-2026-20230: WebDialer trusts an unauth HTTP request. Pull the hostname from Version.jws?wsdl, SSRF into installClusterStatusExecute, traverse dirs to drop a rogue Axis descriptor. It deploys a JSP file-writer. Stage-two shell lands as root. #CUCM #SSRF
avatar
SQ Magazine@sqmagazine_news
10 days ago
Alert! 🚨 Cisco's Unified CM vulnerability CVE-2026-20230 is being actively exploited. Only systems with WebDialer enabled are at risk. Patch now! 👉🏻 https://t.co/sXsEzmodkB #CyberSecurity #Cisco #VulnerabilityWarning
avatar
Stanislav Klevtsov@stansecure
10 days ago
Top #CVE to #patch this week 👀 - @Ubiquiti UniFi OS (CVE-2026-34908, 34909, 34910) critical flaws - @Cisco UCM (CVE-2026-20230) SSRF to root - Another two @Linux Privesc pedit COW(CVE-2026-46331), DirtyClone - @Linux kernel — new DirtyFrag family privesc, JFrog published
avatar
Linda Jones@Jonesls
17 days ago
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks https://t.co/9PTnewzWmE
avatar
DFIR Lab@DFIR_Lab
17 days ago
🚨 CRITICAL: CVE-2026-20230 (CVSS TBD) affects Cisco Unified Communications Manager. Unauthenticated SSRF allows remote file write & root escalation. CISA KEV listed—patch by 2026-06-28. #CVE #PatchNow #ThreatIntel https://t.co/l4vHkglYoN
CVE-2026-48558
10.0/ 10
CVSS Score
88/ 100
SVRS Score
2.81M
Audience
101
Social Media
34
News
0
Repos
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.
avatar
Israel@f1tym1
4 days ago
Exploitation of CVE-2026-48558 in SimpleHelp RMM led to unauthorized access and malware deployment. https://t.co/TX9k637mBE
avatar
bobrossthemalwarehunter@bobross_malware
7 days ago
SimpleHelp RMM Authentication Bypass (CVE-2026-48558) TLDR:- OIDC accepts identity tokens without verifying the signature. forge a JWT that says you're an admin technician and it just believes you. CVSS 10.0, already used to drop Djinn Stealer lol Link:- https://t.co/vWl2GDja3V
avatar
Carlos Fynn@fynn_JourX
11 days ago
SimpleHelp CVE-2026-48558 exploitation turns RM… is the kind of management-plane bug defenders should move on fast. It combines active exploitation with credential theft and auth bypass risk in FortiClient EMS. When endpoint management infrastructure is exposed, the bl…
avatar
Lucas@lucasverdan
11 days ago
SimpleHelp CVE-2026-48558 exploitation turns RM… is already being exploited, and Fortinet says the FortiClient EMS flaw carries credential theft and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.
avatar
Carlos Fynn@fynn_JourX
11 days ago
Legacy exposure keeps paying off for attackers. SimpleHelp CVE-2026-48558 exploitation turns RMM into a c… Attackers are exploiting CVE-2026-48558, a critical SimpleHelp OIDC authentication bypass… 🔗 Read → https://t.co/WzgrOAlnGU
avatar
Lucas@lucasverdan
11 days ago
🛑 SimpleHelp CVE-2026-48558 exploitation turns RMM into a credential-thef… Attackers are exploiting CVE-2026-48558, a critical SimpleHelp OIDC authentication bypass… 🔗 Details → https://t.co/R3wvH8Rb3J
avatar
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥☭⃠🅇@YourAnon_irc
11 days ago
Recent threats: SimpleHelp auth bypass (CVE-2026-48558) allows MFA bypass for technician sessions. Fluentd RCE/SSRF (July 1, 2026) endangers backend data. Patch now! #Cybersecurity #Vulnerabilities #News
avatar
newsoft332@newsoft33292530
11 days ago
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer https://t.co/6S9mUfOcxy via @TheHackersNews
avatar
ChrisUK2026@chris_uk2026
11 days ago
SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558) - https://t.co/WIQ3jZfhUv… - @BlackpointUS @Horizon3ai @CISACyber @CISAgov #Credentials #DataTheft #Malware #MSP #RemoteManagement #Vulnerability #Cybersecurity #CybersecurityNews
avatar
Israel@f1tym1
12 days ago
CVE-2026-48558, a critical authentication bypass in SimpleHelp, is being exploited to deliver malware. https://t.co/GL5FQN3Mn6
CVE-2026-20253
9.8/ 10
CVSS Score
87/ 100
SVRS Score
2.76M
Audience
129
Social Media
42
News
4
Repos
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
avatar
Lyrie.ai@lyrie_ai
2 days ago
17:11 UTC: First exploit attempt in the wild. 0day Intel: CVE-2026-20253 Splunk Exploit Kit CVE-2026-20253 — Splunk Enterprise/Cloud P
avatar
Lyrie.ai@lyrie_ai
2 days ago
14:22 UTC: GPT-5 enrichment complete. 59 words. 1 citations. 0day Intel: CVE-2026-20253 Splunk Exploit Kit CVE-2026-20253 — Splunk Enterprise/Cloud P
avatar
Lyrie.ai@lyrie_ai
4 days ago
22:29 UTC: First exploit attempt in the wild. CVE-2026-20253 is a critical vulnerability (CVSS 9.8) in Splunk
avatar
Lyrie.ai@lyrie_ai
4 days ago
19:43 UTC: Thread live on @lyrie_ai. CVE-2026-20253 is a critical vulnerability (CVSS 9.8) in Splunk
avatar
Lyrie.ai@lyrie_ai
4 days ago
19:40 UTC: GPT-5 enrichment complete. 69 words. 1 citations. CVE-2026-20253 is a critical vulnerability (CVSS 9.8) in Splunk
avatar
Lyrie.ai@lyrie_ai
4 days ago
19:32 UTC: Lyrie Sentinel flagged it. CVE-2026-20253 is a critical vulnerability (CVSS 9.8) in Splunk
avatar
IntegSec@integ_sec
4 days ago
CVE-2026-20253: Splunk Enterprise Unauthenticated File Operations Vulnerability - What It Means for Your Business and How to Respond https://t.co/2SrejnMxQg
avatar
Audrey Renée Bentley@BentleyAudrey
4 days ago
https://t.co/fdpGtCiBnG Blind the Watcher: Stopping the Unauthenticated Splunk RCE (CVE-2026-20253) Before the Patch Lands
avatar
Miggo Security@MiggoSecurity
5 days ago
Splunk, the platform built to catch attackers, can now be hijacked by them. CVE-2026-20253: Unauthenticated. No credentials. Execute code as the Splunk service account, then tamper with the logs and alerts your team relies on to detect the attack. CISA added this to KEV 8 days https://t.co/Vz79GG12JZ
avatar
Israel@f1tym1
6 days ago
Splunk disclosed CVE-2026-20253, a critical RCE vulnerability in Splunk Enterprise with CVSS 9․8. https://t.co/3bHa5P76xy
CVE-2026-55200
8.3/ 10
CVSS Score
78/ 100
SVRS Score
2.61M
Audience
59
Social Media
21
News
3
Repos
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
avatar
Rama@dntyk
2 days ago
Celah kritis di libssh2. CVSS 9.2. RCE tanpa autentikasi. Penyerang cukup kirim SSH packet ukuran gila buat corrupt heap memory dan execute code dari jauh. No auth, no user interaction. PoC exploit-nya udah rilis. Jadi ini bukan teori lagi. 1. CVE-2026-55200 (9.2), RCE via https://t.co/1f9FUsiQMN
avatar
Bug Hunter México🪲@BugHunterMX
6 days ago
🚨 ALERTA: PoC público para CVE-2026-55200 en libssh2, CVSS 9.2. Un servidor SSH malicioso podría ejecutar código en el cliente sin credenciales ni interacción del usuario. ⚠️ Identifica dependencias y aplica parches de inmediato. #BugHunterMX #Ciberseguridad #SSH https://t.co/2TA2JBAyEC
avatar
Guardia Estatal Cibernética Chiapas@CiberneticaChis
8 days ago
🚨 ya existe un PoC público para la vulnerabilidad crítica CVE-2026-55200 en libssh2. Si administras servidores o aplicaciones que usan SSH, actualiza de inmediato y revisa tus dependencias para reducir el riesgo de ejecución remota de código. #Ciberseguridad #CyberSecurity https://t.co/qCee86Re1a
avatar
DevOps Daily@thedevopsdaily
8 days ago
📝 When the SSH Server Attacks the Client: libssh2 CVE-2026-55200 You spent years hardening sshd. This bug does not care. CVE-2026-55200 is a pre-auth heap overflow i https://t.co/OHnmPoQ6Ii #DevOps #Security
avatar
Arctic Wolf@AWNetworks
10 days ago
CVE-2026-55200 (CVSS 9.2/9.8), is a memory corruption bug in libssh2's ssh2_transport_read() triggered by a malicious SSH server pre-authentication via a crafted packet_length. Learn more in our latest security bulletin: https://t.co/KeKjyG9JEY
avatar
ThreatCluster@threatcluster
11 days ago
An anonymous researcher known as Bikini released zero-day exploit code for 15 popular open-source projects including the Linux kernel and Libssh2, with CVE-2026-55200 in Libssh2 already actively exploited, according to https://t.co/Rys6cyBLQB and The Register. https://t.co/L6kC3XjFcW
avatar
Upgrade Options Ltd@upgradeoptions
11 days ago
🚨 CVE-2026-55200 now has public PoC code. The libssh2 flaw lets a malicious SSH server trigger memory corruption in a connecting client. > No credentials > No user interaction > Affected through libssh2 1.11.1 Learn more ➝ https://t.co/ja0VKpmptg /@TheHackersNews
avatar
Meridian Group@MeridianEU
11 days ago
CVE-2026-55200 (CVSS 9.2) in libssh2 up to v1.11.1: malicious SSH server triggers memory corruption on connection with no credentials required. Public PoC released. Remediation complicated by static linking in cURL, Git, PHP, and network appliances. https://t.co/M3wbElUkvF
avatar
Vistem Solutions@VistemSolutions
12 days ago
CVE-2026-55200 - GitHub Advisory Database: libssh2 through 1.11.1, fixed in commit 7acf3df, contains a security vulnerability that may affect applications and services relying on SSH/SFTP connectivity. If your organization uses libssh2 directly or through third-party software,
avatar
p19k@peteralexbizjak
20 days ago
Wild vulnerabilities found in libssh2. I'll paste the descriptions from NIST below. CVE-2026-55200: libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field.
CVE-2026-20896
9.8/ 10
CVSS Score
87/ 100
SVRS Score
2.54M
Audience
52
Social Media
17
News
2
Repos
Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.
avatar
SecEngCyGy@snypet86
2 days ago
CVE-2026-20896 (Gitea Docker ≤1.26.2): wildcard trusted proxies + reverse-proxy auth = spoofed X-WEBAUTH-USER can impersonate admins. Active exploitation reported. Upgrade to 1.26.4, lock proxy IPs, review logs. https://t.co/iCKZ5Y3Xkk
avatar
Aviatrix Threat Research Center@aviatrixtrc
2 days ago
Attackers exploited a default Docker configuration in Gitea (CVE-2026-20896) to impersonate administrators via crafted HTTP headers. This authentication bypass enabled lateral movement through connected development infrastructure and exfiltration of CI/CD secrets. Runtime
avatar
Roger Mitan@molari999
6 days ago
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure https://t.co/RRLxz2AnYb
avatar
Wes DeVault, CISSP@wvipersg
6 days ago
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure https://t.co/Me0mnOk1IQ
avatar
Todd Pigram@pigram86
6 days ago
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure https://t.co/oMUjHpU02D
avatar
Shah Sheikh@shah_sheikh
6 days ago
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure: Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is… https://t.co/uUlQd6a8cV https://t.co/Rlka4pKVLr
avatar
Eric Vanderburg@evanderburg
6 days ago
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure https://t.co/mujQdukl5H https://t.co/Y6I9Naiyq6
avatar
The Daily Tech Feed@dailytechonx
6 days ago
Threat actors are actively probing Gitea Docker vulnerability CVE-2026-20896, a critical flaw allowing unauthorized access via the 'X-WEBAUTH-USER' header. With over 6,200 internet-facing instances, immediate updates to version 1.26.3 are crucial to mitigate potential risks. https://t.co/dPAEaxZdJ6
avatar
The Hacker News@TheHackersNews
6 days ago
🚨 CVE-2026-20896 saw its first in-the-wild attempt 13 days after disclosure. The Gitea Docker flaw lets reachable containers trust spoofed X-WEBAUTH-USER headers when reverse proxy auth is enabled. See which setups are exposed and where the probe stopped: https://t.co/OItSUtmhVn
avatar
CCB Alert@CCBalert
6 days ago
Warning: Critical improper access control in #Gitea. CVE-2026-20896 CVSS: 9.8. This flaw allows an attacker to impersonate any user via crafted reverse-proxy headers! #Patch #Patch #Patch More info: https://t.co/TgXm3hP4gE
SOCRadar LogoExtended Threat Intelligence
Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.

CVE-2026-46331
7.8/ 10
CVSS Score
79/ 100
SVRS Score
2.43M
Audience
46
Social Media
13
News
6
Repos
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined.
avatar
UNDERCODE TESTING@UndercodeUpdate
8 days ago
🚨 Critical #Linux Kernel Flaw #CVE-2026-46331 (Pedit COW) Allows Any Unprivileged User to Gain Root Access via Cache Poisoning + Video https://t.co/0rkf50Bzgx Educational Purposes!
avatar
Blel@brochettecactus
9 days ago
forntite babeje amour de la vi./PoC-CVE-2026-46331 ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? https://t.co/QHfcAPHLsz
avatar
Upgrade Options Ltd@upgradeoptions
9 days ago
🛑 A new #Linux kernel exploit (CVE-2026-46331) gets root without modifying a single file on disk. It poisons the cached copy of /bin/su in memory. The root shell is already open. Details here ↓ https://t.co/dUwivctCvt / @TheHackersNews #icymi
avatar
Stanislav Klevtsov@stansecure
10 days ago
Top #CVE to #patch this week 👀 - @Ubiquiti UniFi OS (CVE-2026-34908, 34909, 34910) critical flaws - @Cisco UCM (CVE-2026-20230) SSRF to root - Another two @Linux Privesc pedit COW(CVE-2026-46331), DirtyClone - @Linux kernel — new DirtyFrag family privesc, JFrog published
avatar
AlexAImaginator@TraffAlex
10 days ago
🔒 CYBERSECURITY, PRIVACY & OPEN SOURCE ROUNDUP — July 02, 2026 1️⃣ LINUX KERNEL EXPLOIT GETS ROOT WITHOUT TOUCHING A SINGLE FILE ON DISK A new Linux kernel exploit (CVE-2026-46331) achieves root access without modifying any files on disk. Instead, it poisons the cached copy of
avatar
Tails@Tails_live
11 days ago
Tails 7.9.1 is out: https://t.co/1TZmZC8BtT It fixes CVE-2026-43503 (*DirtyClone*) and CVE-2026-46331 (*PACKET_EDIT_MEME*).
avatar
Andriy R@AlterPKC
16 days ago
CVE-2026-46331 "pedit COW" is nasty: attackers poison /bin/su in memory while the file on disk stays clean. Your integrity checks pass while a root shell is already open. Reminder: if you run shared CI/CD runners or K8s nodes, patch now or block act_pedit. https://t.co/KlnOKaqjNd
avatar
QuanChain@Quan_Chain
16 days ago
CVE-2026-46331: working root exploit, 24 hours after disclosure. Validator nodes on unpatched Linux aren't secure — they're just unattacked. QuanChain's oracle-triggered migration shifts cryptographic posture before your patch cycle closes. Should consensus security depend on ops https://t.co/fOiN2eLhlg
avatar
IT-ADMlNISTRATOR@ita_blog
16 days ago
🚨 Root-Exploit für Linux-Kernel bereits im Umlauf – "pedit COW" bedroht RHEL 8 bis 10 Eine Schwachstelle in der Traffic-Control-Komponente act_pedit (CVE-2026-46331) erlaubt lokalen Nutzern ohne besondere Rechte die Eskalation zu Root. Der Fehler: Ein Speicherbereich wird nur https://t.co/ebWju8k458
avatar
Xavier Rivera@XavierRiveraX
16 days ago
Linux kernel CVE-2026-46331 (pedit COW): public working exploit confirmed. Corrupts the page-cache copy of /bin/su via an out-of-bounds write in act_pedit, granting root with no disk writes. File-integrity checks see nothing. Requires unprivileged user namespaces, on by default
CVE-2026-12569
9.8/ 10
CVSS Score
84/ 100
SVRS Score
2.38M
Audience
26
Social Media
13
News
0
Repos
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030
avatar
Morty@MortyJin
6 days ago
CVE-2026-12569 — Windchill PDMLink unauth RCE (CVSS 9.8). Writeup coming soon. https://t.co/QAuYC20zH6
avatar
Hephaestvs@Vulcanux_
6 days ago
csirt_it: La Settimana Cibernetica del 05 luglio 2026 🔹 aggiornamenti per molteplici prodotti 🔹 KDE Plasma: PoC pubblico per lo sfruttamento di una vulnerabilità 🔹 PTC Windchill e FlexPLM: sfruttamento attivo in rete della CVE-2026-12569 ⚠️ #EPSS … https://t.co/stE9sgg2wL
avatar
Sudarshana@Sudarshana_io
10 days ago
Ask your team this week: is Windchill or FlexPLM exposed to the internet? Then prove it's clean. CVE-2026-12569 is unauth RCE via untrusted deserialization, live-exploited to drop JSP webshells at /Windchill/login/[hex].jsp. 'We patched it' is not 'we tested it.'
avatar
INFOSEC.WATCH@InfosecDotWatch
11 days ago
PTC Windchill and FlexPLM CVE-2026-12569 is in CISA KEV. Prioritize systems holding product, engineering, manufacturing, and supply-chain data. https://t.co/gGIKlNqQEP
avatar
Polsia@polsia
11 days ago
CVE-2026-12569 | PTC Windchill — CVSS 9.8 (Critical) Unauthenticated RCE. CISA confirmed active exploitation Jun 25. JSP webshells under /Windchill/login/. Windchill manages CAD/ERP/BOMs in aerospace/auto/defense. Compromised instance = blueprint exfil + production disruption.
avatar
Clone Systems@CloneSystemsInc
16 days ago
PTC Windchill is facing confirmed in the wild exploitation for CVE-2026-12569, marking the first known real world exploitation of a PTC product vulnerability. The flaw affects PTC Windchill and FlexPLM and can allow a remote unauthenticated attacker to execute arbitrary code https://t.co/7l4KTmdou9
avatar
The Hacker News@TheHackersNews
16 days ago
🚨 Attackers are exploiting a critical PTC flaw to drop JSP web shells. CISA added CVE-2026-12569 to its KEV catalog after active exploitation was confirmed. — Affected: PTC Windchill PDMlink and FlexPLM. — Patch now. Hunt for IoCs. Read more: https://t.co/r7XHUzXE5G
avatar
TECHEPAGES@techepages
16 days ago
🛠️ CISA has added CVE-2026-12569, a critical PTC Windchill/FlexPLM flaw, to its Known Exploited Vulnerabilities catalog, the first-ever confirmed real-world exploitation of a PTC product. It lets unauthenticated attackers run code via crafted requests; agencies must patch by June
avatar
Xavier Rivera@XavierRiveraX
16 days ago
PTC Windchill and FlexPLM land on CISA's KEV: CVE-2026-12569 lets unauthenticated attackers execute arbitrary code via a malicious network request. Root cause is improper input validation, confirmed actively exploited. Patch required for federal environments under BOD 26-04.
avatar
DFIR Lab@DFIR_Lab
17 days ago
🚨 CRITICAL: CVE-2026-12569 in PTC Windchill & FlexPLM. CVSS allows unauthenticated RCE via malicious network request. Added to CISA KEV—patch by 2026-06-28. #CVE #ThreatIntel #DFIR https://t.co/mFYslXfjEH
CVE-2026-46817
9.8/ 10
CVSS Score
87/ 100
SVRS Score
2.33M
Audience
65
Social Media
33
News
2
Repos
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
avatar
INFOSEC.WATCH@InfosecDotWatch
4 days ago
Attackers are targeting CVE-2026-46817 in Oracle E-Business Suite Payments — no authentication required, just HTTP access. More than 900 instances are exposed to the internet. Patch and restrict external access now. https://t.co/YTlSWaOLQa
avatar
ET Labs@ET_Labs
4 days ago
8 new OPEN, 9 new PRO (8 + 1) Oracle E-Business Suite Unauthenticated Remote Takeover of Oracle Payments (CVE-2026-46817), LandUpdate808, TA569, ZPHP https://t.co/pxD0hS0DbN
avatar
Israel@f1tym1
6 days ago
• Attackers Exploit Critical Oracle E-Business Suite Flaw CVE-2026-46817 — The Shadowserver Foundation has expanded its fingerprinting capabilities through domain-based scanning in collaboration with Validin to identify the exposed Oracle E-Business Sui… https://t.co/bu1pBGsVKZ
avatar
CHItrader@CHItrader
11 days ago
ORACLE PAYMENTS HACKED AGAIN $ORCL E-Business Suite just caught a nasty active exploit in its Payments module via CVE-2026-46817. Unauthenticated pricks can now take over systems and fuck with payments. 🔹 9.8 severity flaw in File Transmission—patched May, exploited over the
avatar
CyberTLDR@CyberTLDR
11 days ago
1/3 Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) is under active attack. Unauthenticated attackers can take over Oracle Payments via HTTP. Versions 12.2.3-12.2.15 affected. Oracle patched this last month. Patch now. #CVE #Oracle #cybersecurity #vulnerability
avatar
moton@moton
11 days ago
Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817) - Help Net Security - https://t.co/G4FqHBgIgF
avatar
Sami Laiho@samilaiho
11 days ago
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild https://t.co/vC8z0aptIP
avatar
The Shadowserver Foundation@Shadowserver
11 days ago
IP data for your network/constituency shared in our Device ID reporting (device_vendor Oracle device_model Oracle E-Business Suite) World Map view of exposed EBS instances (no vulnerability assessment): https://t.co/VG62IBG139 CVE-2026-46817 NVD entry: https://t.co/fKIZaazqlN
avatar
The Shadowserver Foundation@Shadowserver
11 days ago
We have improved our Oracle E-Business Suite fingerprinting by adding domain based scans in collaboration with @ValidinLLC. Around 950 exposed instances now seen globally (no vulnerability assessment). CVE-2026-46817 attempts have been observed in the wild by @DefusedCyber https://t.co/gghdTt5b1X
avatar
neuco@neucogroup
11 days ago
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild https://t.co/ao3oL09WFx #neuco
CVE-2026-20262
6.5/ 10
CVSS Score
64/ 100
SVRS Score
2.26M
Audience
55
Social Media
23
News
2
Repos
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.
avatar
Lyrie.ai@lyrie_ai
3 days ago
CVE-2026-20262: Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.
avatar
Lucas@lucasverdan
26 days ago
🛑 Cisco patches another SD-WAN zero-day after limited exploitation CVE-2026-20262 lets authenticated attackers overwrite files in Cisco Catalyst SD-WAN Manage… 🔗 Details → https://t.co/RrLpI2HPIo
avatar
TECHEPAGES@techepages
26 days ago
🚨 Cisco has patched CVE-2026-20262, a zero-day in Catalyst SD-WAN Manager exploited to escalate privileges to root. First detected earlier this month, the flaw lets authenticated remote attackers upload malicious files via crafted HTTP requests affecting all deployment types.
avatar
America's Pick@nims213
26 days ago
Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks https://t.co/R5LpSriKBO Cisco on Monday warned customers about yet another SD-WAN product zero-day exploited in attacks.  The flaw, tracked as CVE-2026-20262, has been described as a medium-severity arbitrary file wr…
avatar
Shah Sheikh@shah_sheikh
26 days ago
Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks: Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. The post Cisco Patches Another SD-WAN Zero-Day Exploited… https://t.co/EiGKypnvm9 https://t.co/yLmcExUMfe
avatar
Eduard Kovacs@EduardKovacs
26 days ago
Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. https://t.co/YddSoAT8tR
avatar
The Hacker News@TheHackersNews
26 days ago
⚠️ Cisco has released patches for a Catalyst SD-WAN Manager flaw now exploited in the wild. CVE-2026-20262 lets an authenticated attacker with write access create or overwrite files on affected systems. Read: https://t.co/Zwt1wXCi9x https://t.co/5jcia48aUm
avatar
Threat ResQ™@ThreatResq
27 days ago
Cisco patched CVE-2026-20262 in Catalyst SD-WAN Manager amid active exploitation. The flaw lets attackers upload crafted files to gain root privileges. https://t.co/L9jUGrdqvB #Cisco #CVE #Catalyst #SDWAN #exploit #root #CyberSecurity #CybersecurityNews #ThreatResQ #threatresq
avatar
AbOUk | East Africa Tech@abokfelix
27 days ago
1/4 🚨 Cisco SD-WAN Zero-Day Alert 🚨 Cisco has released an emergency patch for a critical SD-WAN zero-day (CVE-2026-20262). It’s being actively exploited to gain root-level access. #CyberSecurity #Cisco #ZeroDay #Infosec
avatar
Aviatrix Threat Research Center@aviatrixtrc
27 days ago
Attackers exploited CVE-2026-20262 to escalate from low-privilege credentials to root access on Cisco SD-WAN vManage systems. TRC analysis shows the vulnerability enabled lateral movement across network infrastructure, highlighting risks when management systems lack runtime
CVE-2026-20245
7.8/ 10
CVSS Score
73/ 100
SVRS Score
2.25M
Audience
86
Social Media
30
News
0
Repos
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user.  To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.
avatar
Israel@f1tym1
2 days ago
Cisco SD-WAN zero-day CVE-2026-20245 exploited in the wild for two months before disclosure, using rogue peering to gain admin access on targeted devices. https://t.co/ES0TIlOn0H
avatar
SHORT INFO@ShortInfoNews
6 days ago
Anyone running Cisco $CSCO Catalyst SD-WAN Manager should check their logs. Mandiant says an attacker exploited CVE-2026-20245 in vManage as a zero-day for about two months before disclosure, uploading a malicious CSV to run commands as root. Fixed builds are out. https://t.co/AwoRUbwOLr
avatar
Lyrie.ai@lyrie_ai
7 days ago
Vendor. CVE-2026-20245 added to CISA KEV: Cisco Catalyst SD-WAN Manager Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability.
avatar
Israel@f1tym1
7 days ago
Update: Cybersecuritynews provides additional technical details on CVE-2026-20245, clarifying that the vulnerability is classified as CWE-116 (Improper Encoding or Escaping of Output) and requires netadmin-level privileges rather than just any authentica… https://t.co/R0CgrNwgow
avatar
Israel@f1tym1
7 days ago
Update: The Hacker News confirms that the CVSS score for CVE-2026-20245 is 7.8, providing a quantified severity metric not previously disclosed in the existing post. https://t.co/R0CgrNwgow
avatar
Hexnode@thehexnode
9 days ago
This week’s What to Watch, Patch, and Secure series covers exploited vulnerabilities, enterprise data exposure, media pipeline risks, phishing campaigns, and infrastructure security concerns. 🔹 Cisco SD-WAN zero-day attacks CVE-2026-20245 was exploited after attackers gained https://t.co/IgUv6kVeeV
avatar
Aviatrix Threat Research Center@aviatrixtrc
17 days ago
Attackers exploited CVE-2026-20245 in Cisco Catalyst SD-WAN Manager to gain root access and push unauthorized configurations to edge devices. The vulnerability enabled lateral movement across SD-WAN infrastructure for months before discovery. Runtime segmentation could help
avatar
DFIR Radar@DFIR_Radar
17 days ago
CVE-2026-20245 zero-day in Cisco Catalyst SD-WAN Manager exploited in the wild: attackers escalated from admin SSH to root via malicious CSV upload, then ran a cleanup script to erase their tracks. Key findings: - Initial access began as early as late 2025 via rogue SD-WAN https://t.co/yo7tVulukI
avatar
ctrlaltnod@ctrlaltnod
17 days ago
March 2026: attackers exploited CVE-2026-20245 in Cisco Catalyst SD-WAN months before Cisco's June 5 disclosure. CISA added it to KEV on Jun https://t.co/EPMNXM3Ywb
avatar
AI Security Gateway@AISGateway
17 days ago
A zero-day exploited 2 months before disclosure (CVE-2026-20245). Attackers had root access the entire time defenders thought they were safe. This is the pre-patch window problem and AI infrastructure isn't immune to it. 🚨 AI gateways sit between your apps and every LLM provider
CVE-2026-33017
9.8/ 10
CVSS Score
94/ 100
SVRS Score
2.24M
Audience
33
Social Media
13
News
3
Repos
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.
avatar
SecurityWeek@SecurityWeek
4 days ago
CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws - https://t.co/rnuxt9VXQm (CVE-2026-48282, CVE-2026-55255, CVE-2026-33017)
avatar
TI Mindmap HUB@ti_mindmap_hub
6 days ago
🔴 Langflow: two CVEs, two independent actors, one week. CVE-2025-3248 → JADEPUFFER (autonomous ransomware) CVE-2026-33017 → Monero cryptominer When a bleeding-edge ransomware and a commodity miner hit the same AI framework in 7 days, it's core attack surface.
avatar
Marco Scandaletti@scandaletti
8 days ago
Langflow CVE-2026-33017 vulnerability exploited in campaign delivering cryptominers https://t.co/bNAY0ZWuot https://t.co/eXXHNStvoK
avatar
Orca Security@orcasec
10 days ago
🚨 Critical Langflow RCE (CVE-2026-33017, CVSS 9.8) is being actively exploited to deploy cryptominers on AI infrastructure. Patch to v1.9.0+ now. We've got the full breakdown 👇 https://t.co/jLGWmbXcyt https://t.co/82cATmCKTq
avatar
CloudSecurityAlliance@cloudsa
10 days ago
CISO Daily Briefing: Unit 42: 2.1M AI-hallucinated brand URLs mapped — ~250K unregistered and open for adversarial squatting now; CVE-2026-33017 (Langflow, CVSS 9.3) actively exploited with cron persistence and C2; Fable 5's 19-day export control blackout exposed zero contractual
avatar
Issam Hakimi@killix
11 days ago
Anthropic and Glasswing debate jailbreak severity. CVE-2026-33017 gives attackers RCE on exposed Langflow in 20 hours. We grade model intent while the tool graph is unauthenticated RCE. AI infrastructure security is not inside the model. It is at the system calls the agent can tr
avatar
CyberTLDR@CyberTLDR
11 days ago
1/3 Langflow CVE-2026-33017 (CVSS 9.3) is actively exploited to drop Monero miners on AI endpoints. No auth required. Attackers eval Python in an unauthenticated API to fetch and run a miner binary. Exposed AI dev infra is a live attack surface. #CVE #Langflow #cybersecurity
avatar
Clone Systems@CloneSystemsInc
11 days ago
Critical Langflow RCE Exploited in Cryptomining Campaign Threat actors are exploiting CVE-2026-33017, a critical unauthenticated RCE vulnerability in Langflow, to target exposed AI application endpoints and deploy a Monero miner. The malware can disable security controls, https://t.co/rKlnJeIQj1
avatar
TrendAI™ Research@trendai_RSRCH
11 days ago
The miner behind CVE-2026-33017 Langflow exploitation dropped from 31 out of 66 to 4 out of 66 on VirusTotal between 2024 and 2026. Smaller binary, shuffled strings, actively maintained. Not a recycled payload. See our full research: https://t.co/Ed9gIanQiY
avatar
QuanChain@Quan_Chain
12 days ago
The most dangerous attack surface in your AI stack isn't the model, it's the endpoint. CVE-2026-33017 (CVSS 9.3): unauthenticated RCE turned exposed Langflow deployments into Monero miners. No credentials. No phishing. Just a scan. QuanChain's oracle-triggered migration detects https://t.co/JOeZe4C6Tq
CVE-2026-54420
8.5/ 10
CVSS Score
82/ 100
SVRS Score
2.23M
Audience
26
Social Media
13
News
0
Repos
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
avatar
Lyrie.ai@lyrie_ai
3 days ago
00:00 UTC: CVE-2026-54420 disclosed. CISA: CVE-2026-54420 added to Known Exploited Vulnerabilities — LiteSpeed cPanel Plugin Status: ✅ Confirmed exploited in the wild Date added: 2026-06-15 Required action: Apply mitigations in accordance with vendor instructions,…
avatar
CCB Alert@CCBalert
26 days ago
Warning: #LiteSpeed Technologies releases security updates to fix a vulnerability in the LiteSpeed cPanel Plugin that is being actively exploited. #CVE-2026-54420 (CVSS 8.5) allows an attacker to escalate privileges to root. https://t.co/QyQq7sPrQe #Patch #Patch #Patch
avatar
TECHEPAGES@techepages
26 days ago
⚠️ CISA has added CVE-2026-54420 (CVSS 8.5) to its Known Exploited Vulnerabilities catalog, a privilege escalation flaw in LiteSpeed's cPanel plugin that lets anyone with FTP or web shell access gain root on shared hosting servers running CloudLinux or CageFS. 🔧 Federal
avatar
ThreatCluster@threatcluster
26 days ago
CISA ordered US federal agencies to secure servers running the LiteSpeed cPanel user-end plugin after adding actively exploited root-privilege flaw CVE-2026-54420 to its KEV catalogue, BleepingComputer reported. https://t.co/zB7eLnrmXO
avatar
Red Secure Tech Ltd.@redsecuretech
26 days ago
CISA adds LiteSpeed cPanel privilege escalation flaw CVE-2026-54420 to KEV catalog. Patch to WHM Plugin v5.3.2.1 by June 18, 2026. https://t.co/X5tWEQswXE #LiteSpeed #CVE #PrivilegeEscalation #CloudLinux #CageFS #SharedHosting #KEVcatalog #CISA #Namecheap #ServerSecurity https://t.co/rG62Zmk79a
avatar
Trube Technologies@trubetech
26 days ago
CISA warns of another actively exploited flaw in the LiteSpeed cPanel plugin (CVE-2026-54420) hitting U.S. government servers. Our latest post breaks down the risk, affected versions, and immediate remediation steps. Read more: https://t.co/NFCcgTaH2I
avatar
Threat Signal@ThreatSignal_IN
26 days ago
@TheHackersNews CISA just added CVE-2026-54420 to the KEV. Escaping shared hosting to grab root via a symlink in the LiteSpeed cPanel plugin is an Initial Access Broker's absolute dream. It’s another stark reminder of the massive blast radius inherent to multi-tenant environments.
avatar
Threat Signal@ThreatSignal_IN
26 days ago
@DarkWebInformer CISA just added CVE-2026-54420 to the KEV. Escaping shared hosting to grab root via a symlink in the LiteSpeed cPanel plugin is an Initial Access Broker's absolute dream. It’s another stark reminder of the massive blast radius inherent to multi-tenant environments.
avatar
The Hacker News@TheHackersNews
26 days ago
🚨 A shared hosting flaw just landed on CISA’s exploited list. CVE-2026-54420 affects the LiteSpeed cPanel Plugin and can let a user with FTP or web shell access gain root on CloudLinux/CageFS servers. Federal agencies must patch by June 18, 2026. Read: https://t.co/KEaqsStI2D https://t.co/G7GZjG2BwE
avatar
Daily CyberSecurity@the_yellow_fall
27 days ago
CVE-2026-54420, a LiteSpeed cPanel privilege escalation flaw, is exploited in the wild to gain root on shared hosting. Patch to plugin v2.4.8 now. #LiteSpeed #cPanel #CVE202654420 #PrivilegeEscalation #InfoSec https://t.co/rOiebScACs https://t.co/7zHLiwvUk9
CVE-2026-43503
8.8/ 10
CVSS Score
82/ 100
SVRS Score
2.21M
Audience
53
Social Media
23
News
6
Repos
In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when moving frags from source to destination. __pskb_copy_fclone() defers the rest of the shinfo metadata to skb_copy_header() after copying frag descriptors, but that helper only carries over gso_{size,segs, type} and never touches skb_shinfo()->flags; skb_shift() moves frag descriptors directly and leaves flags untouched. As a result, the destination skb keeps a reference to the same externally-owned or page-cache-backed pages while reporting skb_has_shared_frag() as false. The mismatch is harmful in any in-place writer that uses skb_has_shared_frag() to decide whether shared pages must be detoured through skb_cow_data(). ESP input is one such writer (esp4.c, esp6.c), and a single nft 'dup to <local>' rule -- or any other nf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()'d skb in esp_input() with the marker stripped, letting an unprivileged user write into the page cache of a root-owned read-only file via authencesn-ESN stray writes. Set SKBFL_SHARED_FRAG on the destination whenever frag descriptors were actually moved from the source. skb_copy() and skb_copy_expand() share skb_copy_header() too but linearize all paged data into freshly allocated head storage and emerge with nr_frags == 0, so skb_has_shared_frag() returns false on its own; they need no change. The same omission exists in skb_gro_receive() and skb_gro_receive_list(). The former moves the incoming skb's frag descriptors into the accumulator's last sub-skb via two paths (a direct frag-move loop and the head_frag + memcpy path); the latter chains the incoming skb whole onto p's frag_list. Downstream skb_segment() reads only skb_shinfo(p)->flags, and skb_segment_list() reuses each sub-skb's shinfo as the nskb -- both p and lp must carry the marker. The same omission also exists in tcp_clone_payload(), which builds an MTU probe skb by moving frag descriptors from skbs on sk_write_queue into a freshly allocated nskb. The helper falls into the same family and warrants the same fix for consistency; no TCP TX-side in-place writer is currently known to reach a user page through this gap, but a future consumer depending on the marker would regress silently. The same omission exists in skb_segment(): the per-iteration flag merge takes only head_skb's flag, and the inner switch that rebinds frag_skb to list_skb on head_skb-frags exhaustion does not fold the new frag_skb's flag into nskb. Fold frag_skb's flag at both sites so segments drawing frags from frag_list members carry the marker.
avatar
Israel@f1tym1
3 days ago
DirtyClone (CVE-2026-43503) is a silent Linux kernel exploit allowing unprivileged users to gain root access via IPsec decryption https://t.co/PZQ8D5UHNU
avatar
Israel@f1tym1
5 days ago
DirtyClone (CVE-2026-43503) allows local users to gain root access via manipulated network packets. https://t.co/xaX7SLVKvy
avatar
ModernMindAI@modernmindai
9 days ago
DirtyClone (CVE-2026-43503, severity 8.8) lets any local user on a Linux box become root. I patch my servers slower than I rotate passwords, and that's the real threat. #CyberSecurity #InfoSec #Linux https://t.co/FJvsgKx0Su
avatar
OpenVPN Inc.@OpenVPN
10 days ago
JFrog just published a working root exploit for DirtyClone (CVE-2026-43503) — a Linux kernel flaw that escalates to root without writing anything to disk, defeating file-integrity monitoring on Debian, Ubuntu, and Fedora. Check your kernel patch status now. https://t.co/Z5TaFIuDBV
avatar
Chris Short@ChrisShort
11 days ago
Dissecting and Exploiting Linux LPE Variant: DirtyClone (CVE-2026-43503) - JFrog Security Research #devopsish https://t.co/TTv5lvNBI5 https://t.co/EJXS05rJLi
avatar
Tails@Tails_live
11 days ago
Tails 7.9.1 is out: https://t.co/1TZmZC8BtT It fixes CVE-2026-43503 (*DirtyClone*) and CVE-2026-46331 (*PACKET_EDIT_MEME*).
avatar
Linuxiac@linuxiac
11 days ago
Canonical says Ubuntu kernel updates are available for DirtyClone, a high-severity Linux local privilege escalation flaw tracked as CVE-2026-43503. https://t.co/2XUyHDrTAL #Linux #Ubuntu #Security
avatar
Trio Soft inc@triosoftinc
11 days ago
DirtyClone hands any local Linux user root. A working exploit for CVE-2026-43503 went public last week. It rewrites su in memory. The file never changes, so integrity tools miss it. Fourth root bug in this family since April. Unpatched fleets stay open. #Linux #ITAdmin #InfoSec https://t.co/0fRXiGGB3w
avatar
Packet Commander ⚡️@JAVI_MEI
11 days ago
A Python script with zero compilation just turns any unprivileged Linux user into root. DirtyClone (CVE-2026-43503) is live on GitHub. CVSS 8.8. Here is what you need to know right now. The fix is upstream: commit 48f6a5356a33. While you wait for your distro backport, restrict https://t.co/OOcGaNvPzY
avatar
Technology Updates@DIYprojects55
12 days ago
https://t.co/OvXVC5Ltl5 DirtyClone (CVE-2026-43503): New Linux Kernel Flaw Lets Local Users Escalate to Root via Cloned Network Packets. A newly disclosed #Linux #kernel vulnerability, nicknamed "DirtyClone" and tracked as CVE-2026-43503, allows an unprivileged local user..
CVE-2026-10520
10.0/ 10
CVSS Score
88/ 100
SVRS Score
2.19M
Audience
58
Social Media
24
News
1
Repos
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
avatar
Lyrie.ai@lyrie_ai
5 days ago
CVE-2026-10520. Status: ✅ Confirmed exploited in the wild Date added: 2026-06-11 Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance…
avatar
Lyrie.ai@lyrie_ai
6 days ago
@DefusedCyber Full Tweet 🚨 CVE-2026-10520, a critical (CVSS 10.0) OS Command Injection vulnerability in Ivanti Sentry is now under active exploitation as reported by @DefusedCyber
avatar
Lyrie.ai@lyrie_ai
6 days ago
@DefusedCyber Source: X search for CVE-2026 critical Posted: 2026-06-10T10:42:23.000Z Likes: 39 0day Intel: 🚨 CVE-2026-10520, a critical (CVSS 10.0) OS Command Injection vulnerability in
avatar
Lyrie.ai@lyrie_ai
6 days ago
@DefusedCyber 0day Intel: 🚨 CVE-2026-10520, a critical (CVSS 10.0) OS Command Injection vulnerability in
avatar
Lyrie.ai@lyrie_ai
6 days ago
CVE-2026-10520: 🚨 CVE-2026-10520, a critical (CVSS 10.0) OS Command Injection vulnerability in Ivanti Sentry is now under active exploitation as reported by @DefusedCyber Scan infrastructure to see if you're vulnerable: Patches are available as per…
avatar
IntegSec@integ_sec
8 days ago
CVE-2026-10520: Ivanti Sentry OS Command Injection - What It Means for Your Business and How to Respond https://t.co/4KsYhkM7VY
avatar
ThreatCluster@threatcluster
10 days ago
Multiple trojanized proof-of-concept exploits on GitHub delivered the ChocoPoC Python RAT exploiting CVE-2025-64446 and CVE-2026-10520, targeting security researchers, Sekoia and BleepingComputer reported. https://t.co/PgfdgQv4IX
avatar
Daily Security Review@securitydailyr
2026-06-12
Ivanti Sentry CVE-2026-10520 (CVSS 10.0): unauthenticated root RCE, actively exploited same day as disclosure. 2 of 19 tracked instances backdoored within hours. Patch + audit admin accounts (CVE-2026-10523 creates backdoor). https://t.co/xdON1ajI8h #Cyber https://t.co/dIMmseYlWM
avatar
Aviatrix Threat Research Center@aviatrixtrc
2026-06-12
Attackers exploited CVE-2026-10520 to gain root access on Ivanti Sentry gateways, then moved laterally through internal networks. The max-severity OS command injection flaw was exploited within 24 hours of patches being released. Runtime segmentation helps contain such
avatar
RedLegg@RedLegg
2026-06-12
Critical Ivanti Sentry Alert (CVE-2026-10520, CVE-2026-10523): Two critical flaws enable unauthenticated attackers to bypass authentication and execute commands with root privileges. While exploitation hasn’t been observed in the wild, a public pro... https://t.co/U6VsatAWP9
CVE-2025-8088
8.8/ 10
CVSS Score
92/ 100
SVRS Score
2.17M
Audience
31
Social Media
18
News
0
Repos
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
avatar
The Hacker News@TheHackersNews
16 days ago
🚨 Google has linked Turla to a new .NET backdoor. STOCKSTAY was used in espionage campaigns targeting #Ukraine government and military organizations. It overlaps with Kazuar and reached targets through phishing, RDP files, MSI installers, and #WinRAR CVE-2025-8088 lures. See https://t.co/6hfmcN1M92
avatar
TrendAI™ Research@trendai_RSRCH
22 days ago
WinRAR is used daily across Ukraine, but CVE-2025-8088, a WinRAR flaw patched in July 2025, is still being exploited. TrendAI™ Research tracked two Russia-aligned groups producing new exploit samples for this flaw through April 2026. Read more: https://t.co/E7nF71bTLW https://t.co/7mO3jwFrh2
avatar
Patch My PC@PatchMyPC
25 days ago
WinRAR fixed CVE-2025-8088 nearly a year ago. Now it's being actively exploited in the wild. A good reminder that attackers don't care when a patch was released. They care whether it was deployed. 📖 https://t.co/cjU8afBAaQ #PatchManagement #CyberSecurity #ITCommunity
avatar
eleven red pandas@bytecodevm
25 days ago
Eleven months after RarLab shipped WinRAR 7.13 to fix CVE-2025-8088, two Russia-aligned APT clusters (Earth Dahu / Gamaredon and SHADOW-EARTH-066 / UAC-0226) are still building fresh exploit samples for the path-traversal-via-NTFS-ADS bug. The two groups share an initial access https://t.co/1xwjebDF5G
avatar
Szabolcs Schmidt@smica83
25 days ago
'5_13_6-1838_15.06.2026 zip' is a RAR file as a CVE-2025-8088 exploit @abuse_ch https://t.co/bfawl1Rv6d @500mk500 https://t.co/Ixu66JJbOC
avatar
TrendAI™ Research@trendai_RSRCH
26 days ago
WinRAR is used daily across Ukraine, but CVE-2025-8088, a WinRAR flaw patched in July 2025, is still being exploited. TrendAI™ Research tracked two Russia-aligned groups producing new exploit samples for this flaw through April 2026. Read more: https://t.co/E7nF71bTLW https://t.co/FKe4Izmxdw
avatar
BEAHERO.GG@beahero_news
26 days ago
Hackers rusos explotan vulnerabilidad en WinRAR CVE-2025-8088 | https://t.co/2KlUsH4NK0
avatar
TrendAI™ Research@trendai_RSRCH
27 days ago
Russia-aligned groups have long targeted Ukrainian government and military networks. At least five have now exploited CVE-2025-8088, a WinRAR flaw. Credentials stolen from those targets carry downstream risk for allied nations and partners. Read more: https://t.co/E7nF71bTLW https://t.co/p2R2Piyix4
avatar
Szabolcs Schmidt@smica83
28 days ago
'Trading.rar' CVE-2025-8088, seen from Ethiopia @abuse_ch https://t.co/luETIHUbUR https://t.co/7XC9WnCW21
avatar
TrendAI™ Research@trendai_RSRCH
29 days ago
Earth Dahu (Gamaredon) has targeted Ukraine since 2013. Its CVE-2025-8088 chain drops HTA files to the Startup folder and proxies C&C traffic through Cloudflare Workers, spoofing Ukrainian government URLs via HTTP @-notation. We take a closer look: https://t.co/E7nF71bTLW
CVE-2026-53359
NA/ 10
CVSS Score
36/ 100
SVRS Score
2.09M
Audience
55
Social Media
15
News
3
Repos
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. The rmap_remove() call would miss entries created after the PDE change because the GFN of the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf page. In this case the gfn can be made to match, but the role does not match: the original large 2MB page creates a kvm_mmu_page with direct=1, while the new 4KB needs a kvm_mmu_page with direct=0. However, kvm_mmu_get_child_sp() does not compare the role, and therefore reuses the page. The next step is installing a leaf (4KB) SPTE on the new path which records an rmap entry under the gfn resolved by the walk. But when that child is zapped its parent kvm_mmu_page has direct=1 and kvm_mmu_page_get_gfn() computes the gfn for the 4KB page as sp->gfn + index instead of using sp->shadowed_translation[] (or sp->gfns[] in older kernels). It therefore fails to remove the recorded entry. When the memslot is dropped the shadow page is freed but the rmap entry survives, as in the scenario that was already fixed. Code that later walks that gfn (dirty logging, MMU notifier invalidation, and so on) dereferences an sptep that lies in the freed page, causing the use-after-free.
avatar
Vũ Trụ Số@vutruso
5 days ago
CVE-2026-53359 vulnerability discovered and reported by Hyunwoo Kim (@v4bel). It is a KVM escape vulnerability that lets a guest escape to the host in a KVM/x86 environment. https://t.co/WlNYHkc2H1
avatar
ねこさん⚡(ΦωΦ)@catnap707
5 days ago
Januscape Linux VM Escape Flaw Affects Intel and AMD Systems  | eSecurity Planet https://t.co/D0W3kW1Tkw "Januscape (CVE-2026-53359) enables guest-to-host VM escape in Linux KVM on Intel and AMD systems."
avatar
Open Source Security mailing list@oss_security
5 days ago
CVE-2026-53359,Januscape: Linux kernel: Guest-to-Host Escape in KVM/x86 https://t.co/uApeue8Isa UAF in the shadow MMU emulation. When /dev/kvm is 666, also local root. Was successfully used as a 0-day exploit in Google kvmCTF. By Hyunwoo Kim also known for discovering Dirty Frag.
avatar
Aviatrix Threat Research Center@aviatrixtrc
5 days ago
TRC analysis shows attackers exploiting the Januscape vulnerability (CVE-2026-53359) can escape guest VMs to execute code on the host system. This 16-year-old Linux kernel flaw demonstrates how hypervisor compromises enable lateral movement across entire virtualized environments.
avatar
SecureChap@SecureChap
6 days ago
CVE-2026-53359 sat in KVM for sixteen years because the shadow-page reuse check only looked at the gfn. kvm_mmu_get_child_sp returned an existing page when the guest frame number matched, regardless of whether https://t.co/QIhBAVNxvv indicated a direct large-page split or an
avatar
The Daily Tech Feed@dailytechonx
6 days ago
A 16-year-old flaw in Linux KVM, dubbed 'Januscape' (CVE-2026-53359), allows guest VMs to execute code on the host system. This vulnerability affects both Intel and AMD x86 architectures and has been present since 2010. Administrators should patch systems immediately to prevent https://t.co/u1QYaxp4Ww
avatar
TECHEPAGES@techepages
6 days ago
🚨 New Linux KVM flaw: "Januscape" (CVE-2026-53359) 🐛 A 16-yr-old use-after-free in KVM's shadow MMU lets a guest VM escape to the host; the same trigger works on both Intel & AMD. 🔑 Needs root in the guest + nested virt enabled. Public PoC panics the host; full RCE exploit
avatar
Xavier Rivera@XavierRiveraX
6 days ago
CVE-2026-53359, dubbed Januscape, is a 16-year-old Linux KVM flaw on Intel and AMD x86 that lets a guest VM crash or escape to its host. KVM's shadow MMU matched tracking pages by address alone, ignoring type, so it could reuse the wrong page and corrupt host kernel memory. A
avatar
The Hacker News@TheHackersNews
6 days ago
🔥 A new 16-year-old #Linux KVM flaw lets a rooted nested VM crash the x86 host and take down other tenants on the same machine. Dubbed "Januscape" (CVE-2026-53359), the bug sits in KVM’s shadow MMU. Researcher says a full guest-to-host escape exploit also exists in a https://t.co/Axt5lB8uBG
avatar
V4bel@v4bel
6 days ago
💥 Introducing "Januscape" (CVE-2026-53359) A Guest-to-Host Escape in KVM/x86 exploiting a UAF in the shadow MMU. Triggerable on both Intel and AMD hosts. Threatens x86 public clouds (GCP, AWS) that expose nested virtualization. "16 years" latent. Successfully used as a https://t.co/UHVC6Tg3Nm
CVE-2026-8451
7.5/ 10
CVSS Score
71/ 100
SVRS Score
2.08M
Audience
51
Social Media
27
News
2
Repos
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP
avatar
INFOSEC.WATCH@InfosecDotWatch
4 days ago
24 hours. That's how long CVE-2026-8451 in Citrix NetScaler took to draw active exploitation after public disclosure. SAML IdP deployments are the target. Apply the fixed build and audit your logs. https://t.co/c8DdOEv8XZ
avatar
Guardian360@Guardian360nl
4 days ago
Citrix on June 30 took the wraps off CVE-2026-8451, the memory overread vulnerability in the company's Netscaler product line that received a CVSS score of 8.8.
avatar
Israel@f1tym1
5 days ago
CVE-2026-8451, a high-severity memory overread flaw in Citrix NetScaler ADC and Gateway, is exploited in the wild. https://t.co/05lXjIAvUs
avatar
CrowdSec@Crowd_Security
6 days ago
🚨 In this week’s newsletter, we cover CVE-2026-8451, a high-severity SAML memory overread vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway that is already seeing active exploitation. We break down how attackers can leak sensitive appliance memory to hijack https://t.co/ARst7msQck
avatar
UWillC@uwillc
6 days ago
Under 24 hours. That is how long your patch window really was. Citrix disclosed CVE-2026-8451 on June 30: pre-auth memory overread in NetScaler ADC and Gateway running as SAML IdP. CVSS 8.8. By July 1, Lupovis honeypots were catching live exploitation. As of July 6, it is still
avatar
Carlos Fynn@fynn_JourX
6 days ago
CitrixBleed-style NetScaler flaw CVE-2026-8451… is the kind of management-plane bug defenders should move on fast. It combines active exploitation with security exposure and auth bypass risk in FortiClient EMS. When endpoint management infrastructure is exposed, the bl…
avatar
Carlos Fynn@fynn_JourX
6 days ago
Legacy exposure keeps paying off for attackers. CitrixBleed-style NetScaler flaw CVE-2026-8451 is already… Citrix patched CVE-2026-8451 in NetScaler SAML IdP deployments, and researchers saw exploit… 🔗 Read → https://t.co/n2P9vUQ3MF
avatar
Lucas@lucasverdan
7 days ago
CitrixBleed-style NetScaler flaw CVE-2026-8451… is already being exploited, and Fortinet says the FortiClient EMS flaw carries security exposure and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.
avatar
Lucas@lucasverdan
7 days ago
🛑 CitrixBleed-style NetScaler flaw CVE-2026-8451 is already being tested… Citrix patched CVE-2026-8451 in NetScaler SAML IdP deployments, and researchers saw exploit… 🔗 Details → https://t.co/TrNzhVZAYo
avatar
JParticle 🇨🇦🇺🇦@JParticle0
7 days ago
CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451) - been busy great write up https://t.co/mW70kvZUPC
CVE-2026-35273
9.8/ 10
CVSS Score
97/ 100
SVRS Score
2.08M
Audience
217
Social Media
71
News
2
Repos
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
avatar
Lyrie.ai@lyrie_ai
1 day ago
Source: X search for CVE-2026 critical Posted: 2026-06-16T09:56:48.000Z Likes: 11 The entry point to a full RCE chain. It’s not just another SSRF. The real story behind the CVE-2026-35273 chaos: Critical Alert: CVE-2026-35273 (CVSS 9.8) Unauthenticated RCE via SSRF in…
avatar
Lyrie.ai@lyrie_ai
1 day ago
Critical Alert: CVE-2026-35273 (CVSS 9.8) Unauthenticated RCE via SSRF in Oracle PeopleSoft PeopleTools 8.61 & 8.62. Source: X search for CVE-2026 critical Posted: 2026-06-16T09:56:48.000Z Likes: 11
avatar
Lyrie.ai@lyrie_ai
1 day ago
CVE-2026-35273: The entry point to a full RCE chain. It’s not just another SSRF. The real story behind the CVE-2026-35273 chaos: Critical Alert: CVE-2026-35273 (CVSS 9.8) Unauthenticated RCE via SSRF in Oracle PeopleSoft PeopleTools 8.61 & 8.62. If you run PeopleTools…
avatar
TrendAI™ Research@trendai_RSRCH
2 days ago
CVE-2026-35273 in PeopleSoft PeopleTools lets attackers plant a malicious file via the gateway and run code on the next restart. No process spawned, no signal sent. The technique leaves no observable trail at execution time. Read more: https://t.co/nYpWJdjF30
avatar
Lyrie.ai@lyrie_ai
4 days ago
CVE-2026-35273: Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.
avatar
Lyrie.ai@lyrie_ai
4 days ago
09:43 UTC: First exploit attempt in the wild. 0day Intel: 🚨 A critical Oracle PeopleSoft zero day tracked as CVE-2026-35273 (CVSS 9.8) al
avatar
Lyrie.ai@lyrie_ai
4 days ago
06:57 UTC: Thread live on @lyrie_ai. 0day Intel: 🚨 A critical Oracle PeopleSoft zero day tracked as CVE-2026-35273 (CVSS 9.8) al
avatar
Audrey Renée Bentley@BentleyAudrey
6 days ago
https://t.co/1XeSekthxi CVE-2026-35273: Oracle PeopleSoft RCE Zero-Day Explained
avatar
CivicCipher@dewunmicyber
6 days ago
Nissan employee data — SSNs, bank details, tax records — leaked through a bug in Oracle PeopleSoft. CVE-2026-35273. CVSS 9.8. No login needed. Attackers were in two weeks before Oracle even published an advisory.
avatar
TrendAI™ Research@trendai_RSRCH
7 days ago
CVE-2026-35273 in PeopleSoft PeopleTools lets attackers plant a malicious file via the gateway and run code on the next restart. No process spawned, no signal sent. The technique leaves no observable trail at execution time. Read more: https://t.co/B0G33kOE5V
CVE-2026-50656
7.0/ 10
CVSS Score
72/ 100
SVRS Score
2.08M
Audience
77
Social Media
34
News
0
Repos
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ".
avatar
NEWSTECNICAS | Tecnología@newstecnicas
3 days ago
🛡️ Mitigación y Gestión de la #Vulnerabilidad "#RoguePlanet" (CVE-2026-50656) en Microsoft Defender https://t.co/ToE4He0Rgz
avatar
Foundry Daily@FoundryDaily
3 days ago
🚨Microsoft has patched a critical privilege escalation vulnerability (CVE-2026-50656, 'RoguePlanet') in Defender's Malware Protection Engine. Ensure your systems are updated to mitigate this significant security risk. https://t.co/MtM1aRAePr
avatar
Shah Sheikh@shah_sheikh
3 days ago
Microsoft Patches Defender ‘RoguePlanet’ Vulnerability: The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update. The post Microsoft Patches Defender ‘RoguePlanet’ Vulnerability… https://t.co/MsmeCtGl6D https://t.co/FD8TJGhcP5
avatar
Meridian Group@MeridianEU
3 days ago
#RoguePlanet (CVE-2026-50656): race condition in #MicrosoftDefender enables SYSTEM-level LPE on fully patched Windows 10/11. PoC published by researcher Nightmare Eclipse. Microsoft patches via Defender engine v1.1.26060.3008 without public credit. https://t.co/iplJhzNqc3
avatar
ThreatWire@ThreatWire_
3 days ago
🚨 CVE-2026-50656: Microsoft has patched the RoguePlanet zero-day in Microsoft Defender, a race condition vulnerability that could grant SYSTEM privileges. A public PoC is available. #CyberSecurity #CVE #Microsoft #Defender #ThreatWire
avatar
Daily CyberSecurity@Daily_CyberSec
3 days ago
Microsoft patched the RoguePlanet Microsoft Defender zero-day, CVE-2026-50656, a race condition that grants SYSTEM privileges. A public PoC exists. #MicrosoftDefender #RoguePlanet #ZeroDay #CVE #PrivilegeEscalation #Windows #InfoSec #PatchNow https://t.co/cD6mQUZ1hA
avatar
TECHEPAGES@techepages
3 days ago
🚨 Microsoft patches "RoguePlanet" Defender zero-day (CVE-2026-50656) — a race condition granting SYSTEM shell on fully patched Win10/11, with public PoC already out. ⚠️ Fix ships via Malware Protection Engine 1.1.26060.3008 — exploit worked whether real-time protection was on
avatar
Offensive Lab@OffensiveLab
3 days ago
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection https://t.co/AuaW7CgIVx
avatar
The Hacker News@TheHackersNews
3 days ago
⚡ Microsoft patched RoguePlanet weeks after the Defender flaw was publicly disclosed. CVE-2026-50656 affects the #Microsoft Malware Protection Engine and could let local attackers gain SYSTEM-level privileges, according to the researcher who disclosed it. Full story here → https://t.co/ppb4ZpFY5o
avatar
Aseem Shrey@AseemShrey
5 days ago
Microsoft Defender has a zero-day. No patch. Works whether real-time protection is on or off. CVE-2026-50656. Your security tool is the attack surface. Thread 🧵👇 https://t.co/0m39GNseYT

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

F.A.Q.

Find answers to common questions about CVEs and vulnerability intelligence