What is CVE Radar and how does it work?

CVE Radar is a free vulnerability intelligence platform by SOCRadar that provides real-time threat context for every CVE identifier. It aggregates data from the National Vulnerability Database (NVD), exploit databases, threat actor activity feeds, and SOCRadar's proprietary intelligence corpus. For each CVE, it surfaces exploit availability, active exploitation evidence, CVSS scores, affected product versions, and patch status — updated hourly so your team always works with current risk data.

How do I search for a specific CVE or vulnerability?

Enter a CVE identifier (e.g. CVE-2024-12345) or a product name directly into the search bar. CVE Radar returns the full vulnerability profile: severity score, affected versions, exploit availability, vendor patch status, and whether the vulnerability is being actively exploited in the wild. You can also browse trending CVEs on the landing page to identify which vulnerabilities threat actors are currently targeting.

What does 'exploit available' mean in CVE Radar?

The 'exploit available' flag indicates that working exploit code for this CVE has been identified in public repositories (GitHub, Exploit-DB, Metasploit modules) or underground forums. A CVE with a public exploit is substantially more dangerous than one without — attackers can weaponize it with minimal effort. CVE Radar distinguishes between proof-of-concept (PoC) code and fully weaponized exploits used in active attacks.

How is CVE Radar different from the NVD or Mitre database?

The NVD and Mitre databases are authoritative vulnerability registries but they only provide base metadata. CVE Radar enriches each entry with real-world threat intelligence: active exploitation signals from honeypot and telemetry networks, exploit code references, threat actor targeting patterns, and vendor patch release timing. This context transforms a raw severity score into an actionable priority — helping security teams distinguish which CVEs require immediate patching from which can follow a normal patch cycle.

Is CVE Radar free? Do I need to create an account?

CVE Radar is completely free to use. No account, credit card, or software installation is required. You can search any CVE identifier or product name and view full vulnerability profiles instantly. Advanced features such as bulk CVE monitoring, alerting, and integration into security workflows are available through the SOCRadar platform.

Welcome To CVE Radar

Discover trending vulnerabilities, explore attack vectors, exploits, and security details

Top CVE Trend (Last 30 Days)

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Lyrie.ai@lyrie_ai

10 days ago

05:09 UTC: Lyrie Sentinel flagged it. 0day Intel: ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffe

Lyrie.ai@lyrie_ai

10 days ago

08:06 UTC: First exploit attempt in the wild. 0day Intel: ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffe

Lyrie.ai@lyrie_ai

10 days ago

05:20 UTC: Thread live on @lyrie_ai. 0day Intel: ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffe

Lyrie.ai@lyrie_ai

10 days ago

05:17 UTC: GPT-5 enrichment complete. 52 words. 1 citations. 0day Intel: ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffe

Lyrie.ai@lyrie_ai

10 days ago

05:06 UTC: CVE-2026-42945 disclosed. ⚠️CVE-2026-42945: RCE Proof of concept for CVE-2026-42945, a critical heap buffer overflow in NGINX's ngxhttprewritem

Lyrie.ai@lyrie_ai

10 days ago

05:35 UTC: First exploit attempt in the wild. 0day Intel: 🚨Alert🚨 CVE-2026-42945: A Critical Heap Buffer Overflow in NGINX. 🧐Credit by

Lyrie.ai@lyrie_ai

10 days ago

Vendor. Source: X search for CVE-2026 critical Posted: 2026-05-19T20:34:16.000Z Likes: 24 Heads up if you run NGINX:⚠️ A critical flaw (CVE-2026-42945) is being actively exploited right now.

Roman@mrBr4un

12 days ago

I just completed CVE-2026-42945: Nginx Rift room on TryHackMe! Exploit NGINX Rift, an unauthenticated heap overflow RCE in NGINX's rewrite module since 2008. https://t.co/9A0VRuDMHC #tryhackme через @tryhackme

AlmaLinux@AlmaLinux

12 days ago

nginx has a critical vuln (CVE-2026-42945). Patched packages are live for AlmaLinux 8, 9, 10 & Kitten 10. Two commands and a restart and you're done. Don't sleep on this one! https://t.co/VYOqD5SumV

N_{Dario Fadda}@nuke86

13 days ago

✨ CVE-2026-42945 (NGINX Rift): vulnerabilità critica attivamente sfruttata — aggiornare subito Leggi il blog: https://t.co/ldVK76htgC https://t.co/wjBCDnXylw

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

CyberSecurity Insight@CyberSecuriUS

1 day ago

Palo Alto Networks warns of attacks using PAN-OS VPN bypass flaw CVE-2026-0257 https://t.co/pnBqxTjdXk

DFIR Radar@DFIR_Radar

16 days ago

Palo Alto GlobalProtect CVE-2026-0257 auth bypass now actively exploited via forged authentication override cookies. CISA added to KEV catalog with June 1 federal deadline. Patch immediately or disable authentication override feature. #DFIR_Radar https://t.co/i5houPL3ES

CiberBaur@BotBauR

16 days ago

🚨 Acaba de confirmarse: la vulnerabilidad CVE-2026-0257 permite a atacantes forjar cookies de autenticación de VPN y bypassar el inicio de sesión de VPN en Palo Alto GlobalProtect. Rapid7 ha detectado la explotación activa de esta vulnerabilidad en múltiples entornos de https://t.co/i1MXR6nKQ4

Cyber Security News@CyberSecNews663

16 days ago

Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability affecting PAN-OS and Prisma Access deployments using specific GlobalProtect configurations. The flaw allows attackers to establish unauthorized VPN connections, https://t.co/2Nd2Bdw5AL

Gray Hats@the_yellow_fall

16 days ago

Learn about the active CVE-2026-0257 authentication bypass in PAN-OS. Discover how attackers exploit GlobalProtect VPNs and find key mitigations. #CVE20260257 #PaloAltoNetworks #GlobalProtect #Cybersecurity #Infosec #ThreatIntel https://t.co/uaiEdFCABp https://t.co/YE1KKciRgu

DFIR Radar@DFIR_Radar

16 days ago

CVE-2026-0257 in Palo Alto GlobalProtect allows auth bypass via forged VPN cookies. Rapid7 confirms active exploitation since May 17 across multiple customers. Patch immediately or disable auth override feature. #DFIR_Radar https://t.co/AVphR9nvN3

Yusuf Nuh 🍉@SenseWave_

16 days ago

Attackers began actively exploiting a vulnerability of Palo Alto Networks’ widely used GlobalProtect VPN platform. The flaw, tracked CVE-2026-0257 It affects PAN-OS software used in Palo Alto Networks and enables attackers to bypass authentication protections. #cyber #security https://t.co/NNwenFgUTs

CyberSecurity Insight@CyberSecuriUS

16 days ago

Rapid7 Uncovers Campaign Leveraging Forged VPN Cookies in CVE-2026-0257 Attacks https://t.co/XsxUaZucP1

Techgines@nxtgen579255

16 days ago

CVE-2026-0257 is now an active-priority GlobalProtect issue. Palo Alto says the PAN-OS / Prisma Access flaw can let attackers bypass security restrictions and establish unauthorized VPN connections in affected configurations. https://t.co/44fSlrQTFC https://t.co/QG8KzWwvbJ

Nicolas Krassas@Dinosn

16 days ago

CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers https://t.co/GF24mhxyN2

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

TheNu11Sector@Nu11Sector

1 day ago

1.🧵 CVE-2026-50751 on Check Point VPN is exploited via IKEv1. If your gateway still accepts legacy connections, anyone can authenticate without credentials. Here's how to detect and close it in 10 minutes. #CheckPoint #VPN #Cybersecurity https://t.co/IEaZ1K4P0U

𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥☭⃠🅇@YourAnon_irc

7 days ago

Critical Check Point VPN zero-day (CVE-2026-50751), exploited by Qilin ransomware, allows unauthenticated remote access, compromising data privacy & integrity in transit. Patch immediately! #Cybersecurity #VPN #ZeroDay

Divinmentis@Divinmentis

7 days ago

🔴 Check Point VPN zero-day (CVE-2026-50751, CVSS 9.3) linked to Qilin ransomware — CISA orders feds to patch by June 11. Auth bypass hits Remote Access VPN, Mobile Access + Spark Firewall on IKEv1. Active exploitation confirmed since May 7, accelerating now. #CyberSecurity

FOFA@fofabot

7 days ago

⚠️⚠️ CVE-2026-50751 (CVSS 9.3): Deprecated IKEv1 Remote/Mobile Access certificate validation flaw may let unauthenticated attackers bypass VPN authentication (active exploitation reported). 🔗FOFA Link: https://t.co/upqBuLfIIu 🎯34.8K+ Results are found on https://t.co/NBEEGu6H0b https://t.co/1BJPi9xolY

Centro Ciberseguridad Andalucía. CIAN@CentroCiberAND

7 days ago

🚨 #AlertaSOC Vulnerabilidades críticas con explotación activa en Check Point VPN. ⚠️ El fallo CVE-2026-50751 permite a un atacante remoto no autentificado conexión VPN en remoto sin credenciales en Mobile y Remote Access. Actualiza tus sistemas 🔗 https://t.co/0V674l9IQR https://t.co/oNKPZZvyHO

𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 ℍ𝕒𝕔𝕜𝕥𝕚𝕧𝕚𝕤𝕥☭⃠🅇@YourAnon_irc

7 days ago

Critical #Cybersecurity threats: Check Point VPN zero-day (CVE-2026-50751) actively exploited, HTTP/2 "Bomb" (CVE-2026-49160) DoS impacts web servers. Redis RCE & Cisco UC RCE threaten data privacy/integrity in transit. Patch now! #News #Vulnerabilities

DFIR Radar@DFIR_Radar

7 days ago

CVE-2026-50751 authentication bypass in Check Point VPN exploited by Qilin ransomware affiliates since May 7. Affects gateways using deprecated IKEv1 with legacy clients. Disable IKEv1 and audit VPN logs from May immediately. #DFIR_Radar https://t.co/B3ixHwgICO

Daily CyberSecurity@the_yellow_fall

7 days ago

Discover the critical Check Point VPN vulnerability (CVE-2026-50751). Learn how Qilin ransomware actors bypass auth gates and how to patch. #CheckPoint #VPNSecurity #CVE202650751 #QilinRansomware #InfoSec #Cybersecurity #TechNews https://t.co/4bw29U9CHa https://t.co/S0bvlwHRPR

Aviatrix Threat Research Center@aviatrixtrc

7 days ago

Qilin ransomware affiliates exploited CVE-2026-50751 to bypass Check Point VPN authentication, establishing unauthorized remote access through deprecated IKEv1 protocols. Attackers moved laterally through internal systems before deploying encryption payloads. Runtime segmentation

Elusive@ElusivePrivacy

7 days ago

Check Point VPN zero-day Check Point VPN auth bypass is being exploited in the wild. CVE-2026-50751, CVSS 9.3. Unauthenticated attackers can establish a Remote Access VPN session with no valid password. Affects only IKEv1-configured gateways (Mobile Access/SSL VPN, Remote Access

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

DFIR Radar@DFIR_Radar

7 days ago

CVE-2026-10520 (CVSS 10.0) enables unauthenticated RCE as root on Ivanti Sentry via command injection. CVE-2026-10523 (CVSS 9.9) bypasses authentication to create admin accounts. Public PoC available — patch immediately to versions 10.7.1, 10.6. #DFIR_Radar https://t.co/5i5ze1n6gt

Rishi@rxerium

7 days ago

🚨 CVE-2026-10520, a critical (CVSS 10.0) OS Command Injection vulnerability in Ivanti Sentry is now under active exploitation as reported by @DefusedCyber Scan infrastructure to see if you're vulnerable: https://t.co/jcr7SLj5FO Patches are available as per Ivanti's advisory: https://t.co/oQvdAKKfiY

Upwind Security MDR@UpwindMDR

7 days ago

🚨Critical - Ivanti Sentry Pre-Auth Command Injection, RCE as Root (CVE-2026-10520) Ivanti patched a maximum-severity (CVSS 10.0) OS command injection flaw (CWE-78) in its Sentry mobile gateway. A remote, unauthenticated attacker can inject OS commands and execute code as root

VulDB 🛡@vuldb

7 days ago

Some increased actor activities are shown targeting Ivanti Sentry (CVE-2026-10520) https://t.co/0PPyoSgF6T

ThreatCluster@threatcluster

7 days ago

Ivanti released fixes for Sentry flaws CVE-2026-10520 (pre-auth root RCE) and CVE-2026-10523 (admin auth bypass) affecting versions before R10.5.2, R10.6.2 and R10.7.1, BleepingComputer reported. https://t.co/ZnYJRKA5uZ

Defused@DefusedCyber

7 days ago

🚨 CVE-2026-10520 (Pre-auth OS Command Injection in Ivanti Sentry) is now under active exploitation Attackers have been exploiting Ivanti systems with the recently released vulnerability since this morning Track Ivanti exploitation live 👉 https://t.co/GXFaqggV8a https://t.co/nylXVUWcfq

Cybersecurity News Everyday@TweetThreatNews

7 days ago

Ivanti patched two critical Sentry flaws, including CVE-2026-10520, a max-severity command injection that could allow root code execution, and CVE-2026-10523, an auth bypass for rogue admin access. #Ivanti #Sentry #CVE202610520 https://t.co/ajFnF8yJmq

SecAlerts@SecAlertsCo

7 days ago

Ivanti Sentry: unauthenticated RCE as root. CVE-2026-10520 is a CVSS 10 OS command injection flaw. Patch to R10.5.2, R10.6.2 or R10.7.1 now. https://t.co/C0231EQTnD

Nicolas Krassas@Dinosn

7 days ago

More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) - watchTowr Labs https://t.co/rEpMJX7q1n

DFIR Radar@DFIR_Radar

7 days ago

Ivanti Sentry pre-auth OS command injection (CVE-2026-10520) achieves perfect 10.0 CVSS with unauthenticated root RCE. Watchtowr Labs demonstrates exploitation using hardcoded XML format leaked in patch analysis. Technical breakdown: • CVE-2026-10520 affects Sentry versions https://t.co/5H4Zcn6K9Q

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

Enigma-Global@EnigmaGlobalSW

8 days ago

Multiple critical Linux kernel vulnerabilities are under active exploitation, posing severe privilege escalation risks across enterprise environments worldwide. CVE-2026-46333, nicknamed "ssh-keysign-pwn," exploits a race... https://t.co/AsiSr2h0c5

AlmaLinux@AlmaLinux

11 days ago

Patched kernels for CVE-2026-46333 are now in production repos. A single dnf upgrade and reboot gets you patched kernels for ssh-keysign-pwn and Fragnesia 👇 https://t.co/BdTyfPA9z1

ThreatCluster@threatcluster

13 days ago

Oracle issued advisories for Oracle Linux 7, 8 and 9 fixing CVE-2026-46300 and CVE-2026-46333 that allow denial of service and privilege escalation in kernels 5.4, 5.15 and 6.12, according to Oracle. https://t.co/cMIsksTcuc

Linux Kernel Security@linkersec

14 days ago

Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333) Article about a logical bug in ptrace implementation that allows getting access to file descriptors of other processes and thus escalating privileges in certain scenarios. https://t.co/s5jkzBpV36 https://t.co/GgwEtmnIP5

Flatcar Container Linux@flatcar

15 days ago

📦 Package updates: Linux 6.12.91 (Alpha/Beta/Stable), Linux 6.6.141 (LTS), ca-certificates 3.124 🔒 Security maintenance release for the recently disclosed kernel LPEs Fragnesia (CVE-2026-46300) and ssh-keysign-pwn (CVE-2026-46333), plus the usual kernel CVE roll-up

IntegSec@integ_sec

16 days ago

CVE-2026-46333: Linux Kernel Local Privilege Escalation Bug - What It Means for Your Business and How to Respond https://t.co/B90MSy7C1B

Canonical@Canonical

29 days ago

Mitigations for "ssh-keysign-pwn" (CVE-2026-46333) Linux kernel vulnerability are available in Ubuntu. Read the blog for details: https://t.co/woaA6Jsfjg https://t.co/HodyPMhRFi

Ubuntu@ubuntu

29 days ago

Mitigations for "ssh-keysign-pwn" (CVE-2026-46333) Linux kernel vulnerability are available in Ubuntu. Read the blog for details: https://t.co/Abz34ZwPN3 https://t.co/4wAtbVXEHB

Chris Short@ChrisShort

29 days ago

AI Discovers CVE-2026-46333 Linux Kernel Vulnerability #devopsish https://t.co/8ElwqTsKFi https://t.co/itQsFI8TS9

Gray Hats@the_yellow_fall

2026-05-15

This vulnerability is tracked as CVE-2026-46333.

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7.

Aviatrix Threat Research Center@aviatrixtrc

1 day ago

Attackers are chaining CVE-2026-42271 with authentication bypasses to achieve unauthenticated RCE on LiteLLM AI gateways. Command injection leads to privilege escalation and lateral movement within enterprise networks. Runtime segmentation helps contain post-compromise activity

DCI CyberSec News@DCICyberSecNews

6 days ago

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE https://t.co/clwIRSPaut via @TheHackersNews

elorri_79@456c6f727269

6 days ago

🚨 New critical LiteLLM flaw is being exploited in the wild. CVE-2026-42271 (CVSS 8.7) — command injection via two MCP preview endpoints. Chained with CVE-2026-48710 (Starlette host header bypass) → unauthenticated RCE (CVSS 10.0). If you run litellm-proxy: read this thread.

Bill Schroeder@bill__schroeder

7 days ago

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) - Help Net Security https://t.co/Jpe2GXXJSk

Marcus Lenngren@lenngrenm

7 days ago

⚠️ CRITICAL: LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE A critical command injection vulnerability (CVE-2026-42271) in LiteLLM AI gateway versions 1.74.2 through 1.83.7 is being actively exploited in the wild. Researchers have chained t

Bryan@so_sthbryan

7 days ago

LiteLLM just hit CISA's known exploited list. CVE-2026-42271 chains to unauthenticated RCE, CVSS 8.7, and attackers are already using it in the wild. Patch LiteLLM instances now if you run them. https://t.co/qnDLiSAzkO

GoCocoaAI@GoCocoaAI

7 days ago

Sources for this post: Bitdefender Global Scam Intelligence Report 2026, via Help Net Security (published 2026-06-10): https://t.co/UtbUBSjhjV Sidebar flag from the same page: CVE-2026-42271 (LiteLLM, active exploitation, CISA warning) — an AI-stack vulnerability worth a https://t.co/u8SoizhoOs

ThreadLinqs@threadlinqs

7 days ago

An AI gateway flaw lets attackers run code unauthenticated - CISA says CVE-2026-42271 is being exploited now. https://t.co/f1B9nmqR4p #ThreatIntel #CVE https://t.co/2vyhCPKq1t

ThreadLinqs@threadlinqs

7 days ago

An AI gateway flaw lets attackers run code unauthenticated - CISA says CVE-2026-42271 is being exploited now. https://t.co/f1B9nmqR4p #ThreatIntel #CVE https://t.co/hkve0nxplM

Horizon3.ai@Horizon3ai

15 days ago

The chain combines: • CVE-2026-42271 (LiteLLM) • CVE-2026-48710 (Starlette BadHost)

Extended Threat Intelligence

Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

DC3 DCISE@DC3DCISE

6 days ago

CISA warns of active exploits targeting #Android and #Linux flaws (CVE-2025-48595 & CVE-2022-0492). The Android bug allows privilege escalation with zero user interaction! ⚠️ Visit @CISAcyber for more

INFOSEC.WATCH@InfosecDotWatch

6 days ago

Google’s June Android bulletin fixed CVE-2025-48595, which may be under limited targeted exploitation. Push updates through MDM. https://t.co/H7pGGosrdk

Stanislav Klevtsov@stansecure

7 days ago

#Cybersecurity news that stood out last week👀 → @Google patched an Android Framework flaw (CVE-2025-48595) that was exploited by attackers. → @Microsoft added a two-hour auto-update delay for VSCode extensions to reduce the risk of supply chain attacks. → @OpenAI is

Azubuike Ibe@ai_dev_official

12 days ago

Google’s June 2026 Android update patched 124 vulnerabilities. One of them is already being exploited. CVE-2025-48595 is an elevation-of-privilege flaw in the Android Framework affecting Android 14 through 16. Google confirms limited targeted exploitation is already underway. No https://t.co/jezF1Oielm

Cyber Edition@CyberEdition

12 days ago

⚠️ CISA has added Android Framework flaw CVE-2025-48595 to its KEV catalog after confirming active exploitation. The bug allows local privilege escalation, giving attackers system-level access on vulnerable devices. Patch Android devices ASAP. #Android https://t.co/UzOOKtOOmR

HandanCorp@handancorp

12 days ago

Android security just underwent a high-severity emergency patch cycle. Google’s June 2026 Security Bulletin addresses 124 vulnerabilities, headlined by an actively exploited zero-day (CVE-2025-48595) lurking inside the core Framework component.

Hephaestvs@Vulcanux_

13 days ago

csirt_it: #Google: rilevato lo sfruttamento attivo in rete della CVE-2025-48595, relativa ad #Android Rischio: 🔴 ⚠️ Ove non provveduto, si raccomanda l’aggiornamento tempestivo del software interessato https://t.co/naCsz67tSl https://t.co/RDHqJbPLDS

White Rabbitx 🏴‍☠️@TheRabbitPy

13 days ago

CISA warns of active attacks exploiting Android, Linux bugs .. The most recent flaw the agency added to its Known Exploited Vulnerabilities (KEV) catalog, CVE-2025-48595, is a high-severity integer overflow vulnerability in the Android Framework, which can be leveraged for

Gray Hats@the_yellow_fall

13 days ago

Analyze the critical CVE-2025-48595 Android zero day flaw. Learn how this zero-click privilege escalation bug affects core devices and how to fix it. #AndroidSecurity #CVE202548595 #ZeroDay #MobileSecurity #InfoSec #ThreatIntel #AOSP https://t.co/xlWqC09iAa https://t.co/FvxXsAQPB2

DFIR Lab@DFIR_Lab

13 days ago

🚨 HIGH SEVERITY: CVE-2025-48595 (CVSS 8.4) Integer overflow flaw enables local privilege escalation with code execution. No user interaction required. Affected: Multiple Android components Patch immediately. #CVE #Vulnerability #PatchNow https://t.co/bbN0vazxzW

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Aviatrix Threat Research Center@aviatrixtrc

8 days ago

Attackers exploited CVE-2026-26980 to compromise 700+ Ghost CMS sites including Harvard and DuckDuckGo. SQL injection led to admin API key theft, then JavaScript injection to spread ClickFix malware to visitors. Runtime segmentation could help contain such multi-stage breach

Lyrie.ai@lyrie_ai

9 days ago

Full Tweet Heads up about a critical SQL injection vuln in Ghost CMS affecting Harvard, Oxford, and DuckDuckGo among others CVE-2026-26980 Source: X search for CVE-2026 critical Posted: 2026-05-28T21:50:58.000Z Likes: 14

Lyrie.ai@lyrie_ai

9 days ago

Source: X search for CVE-2026 critical Posted: 2026-05-28T21:50:58.000Z Likes: 14 Heads up about a critical SQL injection vuln in Ghost CMS affecting Harvard, Oxford, and DuckDuckGo among others CVE-2026-26980 https://t.co/rRbYE1mcNX

Lyrie.ai@lyrie_ai

9 days ago

CVE-2026-26980: Heads up about a critical SQL injection vuln in Ghost CMS affecting Harvard, Oxford, and DuckDuckGo among others CVE-2026-26980 Source: X search for CVE-2026 critical Posted: 2026-05-28T21:50:58.000Z Likes: 14

Lyrie.ai@lyrie_ai

9 days ago

CVE-2026-26980. 0day Intel: 🚨 Hackers breached 700+ Ghost CMS websites to serve ClickFix malware attacks.

Wordfence@wordfence

11 days ago

700+ Ghost CMS Sites Hit By Click Fix Attack Wordfence Security News Clip | May 25, 2026 Over 700 Ghost CMS sites are compromised via a critical SQL injection flaw (CVE-2026-26980) in the content API. Attackers extract admin API keys, inject JavaScript loaders into articles, https://t.co/PtAIPHnBGn

INFOSEC.WATCH@InfosecDotWatch

13 days ago

Ghost CMS CVE-2026-26980 was reportedly used to compromise hundreds of sites and inject malicious JavaScript loaders. https://t.co/5OtBUZVUq1

Asta@astasolutions

14 days ago

A critical Ghost CMS vulnerability (CVE-2026-26980) is being actively exploited worldwide, impacting universities, fintechs, media, and AI platforms. Strengthen your cybersecurity posture with proactive monitoring and threat detection. Learn more at https://t.co/aH9WSJOqn8 https://t.co/kYjDrw7Zqe

Cyber Netsec IO@NetSecIO

15 days ago

📢 GHOST CMS HACKED: A critical SQL injection flaw (CVE-2026-26980) is being mass-exploited to hack Ghost sites. Attackers steal API keys to inject malware that targets visitors. Over 700 sites hit. Patch and rotate keys NOW! #GhostCMS #CVE #SQLi 🌐 cyber[.]netsecops[.]io https://t.co/8GiFzawFLK

Tim Wilson@TimWilsonAtDxc

15 days ago

The attacks that XLab observed begin by exploiting CVE-2026-26980 to steal the admin API keys, and then use the elevated rights to inject malicious JavaScript into articles https://t.co/eIy9YQPKAf

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

DCI CyberSec News@DCICyberSecNews

12 days ago

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/1slarhTSd9 via @TheHackersNews

Upwind Security MDR@UpwindMDR

13 days ago

🚨 CISA Adds Oracle WebLogic Flaw to KEV Catalog CISA has added CVE-2024-21182, an Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. 👉 Organizations using Oracle WebLogic should prioritize

Modat@modat_magnify

13 days ago

⚠️ Oracle WebLogic – Actively Exploited Vulnerability Added to CISA KEV (CVE-2024-21182) CISA has added CVE-2024-21182 to its KEV catalogue following evidence of active exploitation in the wild. The vulnerability affects the Core component of Oracle WebLogic Server and allows https://t.co/2MePwvlpzM

DFIR Lab@DFIR_Lab

13 days ago

🚨 CRITICAL: CVE-2024-21182 in Oracle WebLogic Server. CVSS allows unauthenticated remote attackers via T3/IIOP to access critical data. Listed on CISA KEV—actively exploited. Patch immediately. #CVE #Vulnerability #PatchNow #ThreatIntel #DFIR https://t.co/jS5vcITLgf

Elusive@ElusivePrivacy

15 days ago

CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog CISA has added CVE-2024-21182 an Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. FCEB agencies must remediate per BOD 22-01. WebLogic remains a

Xavier Rivera@XavierRiveraX

15 days ago

CISA flagged Oracle WebLogic CVE-2024-21182 as actively exploited, adding it to the KEV catalog. Attackers exploit WebLogic's T3 and IIOP ports (7001/7002) without credentials to achieve remote code execution. Federal agencies patch deadline is June 22. Block external T3 access

ThreatCluster@threatcluster

15 days ago

BREAKING: CISA adds actively exploited Oracle WebLogic CVE-2024-21182 to KEV, unauthenticated T3/IIOP access affects 12.2.1.4.0 and 14.1.1.0.0 with CVSS 7.5. https://t.co/gpf03Veolc

VulnTracker@vuln_tracker

15 days ago

@CISACyber CISA just added CVE-2024-21182 to the KEV catalog. Oracle WebLogic Server. Actively exploited. In 2026 - from a 2024 CVE. WebLogic powers enterprise Java applications at banks, telcos, and government agencies worldwide. If it's in your stack and unpatched, attackers already

ThreadLinqs@threadlinqs

15 days ago

NEW THREAT INTEL: Oracle WebLogic CVE-2024-21182 - unauth T3/IIOP flaw added to CISA KEV, actively exploited. 9 detections. https://t.co/my7YEGayFz #ThreatIntel #WebLogic https://t.co/jYqvdJv9Je

CISA Cyber@CISACyber

16 days ago

🛡️ We added Oracle WebLogic Server unspecified vulnerability CVE-2024-21182 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSec https://t.co/acHwGfqgDW

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

The Hacker News@TheHackersNews

1 day ago

🚨 A shared hosting flaw just landed on CISA’s exploited list. CVE-2026-54420 affects the LiteSpeed cPanel Plugin and can let a user with FTP or web shell access gain root on CloudLinux/CageFS servers. Federal agencies must patch by June 18, 2026. Read: https://t.co/KEaqsStI2D https://t.co/G7GZjG2BwE

Daily CyberSecurity@the_yellow_fall

1 day ago

CVE-2026-54420, a LiteSpeed cPanel privilege escalation flaw, is exploited in the wild to gain root on shared hosting. Patch to plugin v2.4.8 now. #LiteSpeed #cPanel #CVE202654420 #PrivilegeEscalation #InfoSec https://t.co/rOiebScACs https://t.co/7zHLiwvUk9

SecAlerts@SecAlertsCo

1 day ago

🔗 Actively exploited: CVE-2026-54420 in LiteSpeed cPanel Plugin. Symlink attack lets unprivileged FTP/web shell users on shared hosting escalate to full compromise. CISA KEV-listed. Patch to 2.4.8 / WHM Plugin 5.3.2.0 now. #LiteSpeed #infosec https://t.co/h9vQW3mJjs https://t.co/e3j6ZmVz5D

University of ZERO@zerotalktoai

2 days ago

Oh cPanel servers about to be hacked? Update asap or remove LiteSpeed cPanel Plugin. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

LiteSpeed Tech@litespeedtech

2 days ago

The CVE that was published today for LiteSpeed's WHM plugin prior to v2.4.8 refers to the same vulnerability we disclosed (and patched) two weeks ago. CVE-2026-54420: https://t.co/1xR8NH6Yvy

CISA Cyber@CISACyber

2 days ago

🛡️ We added Cisco Catalyst SD-WAN Manager vulnerability CVE-2026-20262 and LiteSpeed cPanel Plugin vulnerability CVE-2026-54420 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity https://t.co/rAEee4kpx6

Marcus Lenngren@lenngrenm

3 days ago

⚠️ CRITICAL: ‼️ CVE-2026-54420: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn b... CVE-2026-54420 is a critical symlink mishandling vulnerability in LiteSpeed cPanel plugin versions before 2.4.8 and LiteSpeed WHM Plugin versions before 5.3.2.0.

Dark Web Informer@DarkWebInformer

3 days ago

‼️ CVE-2026-54420: LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026. CVSS: https://t.co/hQCWaFNk8B

Upwind Security MDR@UpwindMDR

3 days ago

🚨High - LiteSpeed cPanel Plugin Symlink Mishandling / CageFS Bypass (CVE-2026-54420) A symlink-following flaw (CWE-61) in the LiteSpeed cPanel plugin lets an attacker who already holds FTP or web shell access to a user account on a shared hosting server plant crafted symbolic

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

IntegSec@integ_sec

5 days ago

CVE-2026-45659: Microsoft SharePoint Deserialization Bug - What It Means for Your Business and How to Respond https://t.co/BYYpTgPLQT

Xavier Rivera@XavierRiveraX

8 days ago

Microsoft June 2026 Patch Tuesday is live. Exchange CVE-2026-42897 (CVSS 8.1, actively exploited OWA spoofing): permanent patch replaces the EMES temporary mitigation. SharePoint CVE-2026-45659 (CVSS 8.8 RCE) also drops today. Secure Boot legacy UEFI certs expire June 24.

B2B Cyber Security.de@B2bCyber

8 days ago

https://t.co/2yqUGs8mZO Microsoft SharePoint with a highly dangerous security vulnerability Microsoft and CERT-Bund are warning of a highly dangerous vulnerability in Microsoft SharePoint. The flaw, CVE-2026-45659, is rated CVSS 8.8 and allows an authorized attacker to execut… https://t.co/ezgNedgS85

NEWSTECNICAS | Tecnología, IA y Gaming.@newstecnicas

8 days ago

🚨 Guía de remediación urgente: #Vulnerabilidad RCE en SharePoint (CVE-2026-45659) https://t.co/ZiQr2jUmXG

SharkStriker@TheSharkStriker

9 days ago

Through the blog, we will dissect a major RCE flaw CVE-2026-45659 in Microsoft SharePoint from a security POV, understanding how exploitation happens and what enterprises need to do to defend. https://t.co/ao3KsEjgJD . . . #CVE202645659 #sharkstriker

Todd Pigram@pigram86

22 days ago

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions https://t.co/UlBggYeb1R

The Hacker News@TheHackersNews

22 days ago

⚠️ SharePoint RCE Vulnerability. Details → https://t.co/mISXJr3Fvl CVE-2026-45659 allows authenticated attackers with only Site Member permissions to execute code remotely on SharePoint Server. The CVSS 8.8 flaw affects SharePoint Server 2016, 2019, and Subscription Edition.

The Cyber Security Hub™@TheCyberSecHub

22 days ago

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) https://t.co/PmlNdkGO6A

Help Net Security@helpnetsecurity

22 days ago

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) - https://t.co/BpQYrHsJsa - @Microsoft #SecurityUpdate #SharePoint #Vulnerability #Cybersecurity #CybersecurityNews https://t.co/l2OTReiwiL

Shah Sheikh@shah_sheikh

22 days ago

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659): Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the… https://t.co/6ZVh4JKjCR https://t.co/w304aKS2V4

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted call to PHP's native unserialize() function combined with gadget chains available in Magento and its dependencies to execute arbitrary code on the server.

Lyrie.ai@lyrie_ai

7 days ago

03:00 UTC: First exploit attempt in the wild. CVE-2026-45247 added to CISA KEV: Mirasvit Mirasvit Full Page Cache Warmer

The Daily Tech Feed@dailytechonx

12 days ago

Critical RCE vulnerability (CVE-2026-45247) in Magento's Mirasvit Cache Warmer extension actively exploited. Immediate update to version 1.11.12 recommended. Link: https://t.co/Ia2G5ywP8g #Magento #Mirasvit #RCE #Vulnerability #Exploit #Security #Cyberattack #Patch #Update https://t.co/7KnxZxi7m8

AlexAImaginator@TraffAlex

12 days ago

🔒 CYBERSECURITY, PRIVACY & OPEN SOURCE DAILY — June 05, 2026 1️⃣ CISA ADDS CVE-2026-45247 TO KNOWN EXPLOITED VULNERABILITIES CATALOG CISA has added a critical deserialization vulnerability in Mirasvit Full Page Cache Warmer (CVE-2026-45247) to its Known Exploited

Elusive@ElusivePrivacy

12 days ago

🔓 CVE-2026-45247, CVSS 9.8. Unauthenticated PHP object injection in Mirasvit Full Page Cache Warmer for Magento 2 enables remote code execution. Actively exploited in the wild to deploy web shells and create admin accounts. Thousands of Adobe Commerce storefronts affected.

Silent Vector@gh0st_V3ctbrv

12 days ago

🚨-4- CISA Adds Mirasvit Cache Warmer Flaw to Exploited Vulnerabilities Catalog 🎯 Attack: The U.S. CISA added a Mirasvit Full Page Cache Warmer flaw, tracked as CVE-2026-45247 (CVSS 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. 👤 Threat Actor: Unknown 💥 Impact:

DFIR Radar@DFIR_Radar

12 days ago

CISA adds CVE-2026-45247 (CVSS 9.3) to KEV catalog - critical PHP object injection in Mirasvit Cache Warmer for Magento allows unauthenticated RCE via crafted CacheWarmer cookie. Federal agencies must patch by June 6. #DFIR_Radar https://t.co/FHGU3rGtss

ねこさん⚡(ΦωΦ)@catnap707

12 days ago

CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks https://t.co/SPpYeBrNEf"CISA has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247"

Jedi Security •|• OSS@JedisecX

13 days ago

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog https://t.co/9YPRfmbbxb

The Cyber Security Hub™@TheCyberSecHub

13 days ago

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog https://t.co/0ax8TGB5WL

The Hacker News@TheHackersNews

13 days ago

🚨 Attackers are actively exploiting CVE-2026-45247, a critical Magento RCE flaw in Mirasvit Cache Warmer. CISA added it to KEV. The bug scores 9.8 CVSS and allows unauthenticated PHP code execution via crafted CacheWarmer cookies. Patch before June 6. Read: https://t.co/8Mi4jPebwq

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.

Autumn Good@autumn_good_35

2 days ago

⚠️⚠️⚠️ 『Tl;dr Splunk Enterprise on AWS is vulnerable out of the box.』 Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://t.co/WUNt8UBBhP

Elusive@ElusivePrivacy

2 days ago

Splunk Enterprise unauth RCE Critical unauthenticated RCE in Splunk Enterprise CVE-2026-20253 (CVSS 9.8). A PostgreSQL sidecar endpoint (added in v10) with no auth allows arbitrary file write -> remote code execution, reachable through the main web-app proxy. Worst on

Ryan Dewhurst@ethicalhack3r

2 days ago

🚨 KEVIntel has observed active exploitation attempts for CVE-2026-20253 in our honeypots this morning. CVE-2026-20253 is a critical Splunk Enterprise vulnerability affecting the PostgreSQL sidecar service endpoint. What we observed: - First seen: 2026-06-15 05:15 UTC - 15 https://t.co/bbcQRANp1Q

Ryan Dewhurst@ethicalhack3r

2 days ago

ProtAAPP - Protege las AAPP@ProtAAPP

2 days ago

Splunk ha lanzado actualizaciones de seguridad para corregir una vulnerabilidad crítica (CVE-2026-20253) que permite a usuarios no autenticados ejecutar operaciones de archivo y código remoto en versiones anteriores a 10.2.4. Esta falla, valorada en… https://t.co/RMkvzXvLJN https://t.co/T9dtx37kFb

pdnuclei-bot@pdnuclei_bot

2 days ago

🚨 CVE-2026-20253 - critical 🚨 Splunk Enterprise & Cloud Platform - Unrestricted File Upload > In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform vers... 👾 https://t.co/ruMSFh0Xvk @pdnuclei #NucleiTemplates #cve

Jaden Johnson@JadenJohnsNews

6 days ago

🚨 Multiple critical vulnerabilities have been discovered in Splunk Enterprise. The most severe, CVE-2026-20253 (CVSS 9.8), could allow attackers to execute malicious scripts, access sensitive data, and perform unauthorized file operations. #CyberSecurity #InfoSec #Splunk https://t.co/AdUDZCGBR7

VulDB 🛡@vuldb

6 days ago

Attention, elevated activities detected targeting Splunk Enterprise and Cloud Platform (CVE-2026-20253) https://t.co/2PZrAiW2kP

The Daily Tech Feed@dailytechonx

6 days ago

Splunk Enterprise has disclosed critical vulnerabilities, including CVE-2026-20253 (CVSS 9.8), allowing unauthenticated attackers to create or truncate arbitrary files, leading to full system compromise. Users should update to the latest versions to mitigate these risks. #Splunk https://t.co/ocJ35LdhIV

Daily CyberSecurity@the_yellow_fall

6 days ago

A CVSS 9.8 flaw highlights new Splunk Enterprise vulnerabilities. Patch CVE-2026-20253, CVE-2026-20251, and others to prevent remote attacks on your servers. #Splunk #Cybersecurity #Vulnerability #CVE2026_20253 #InfoSec https://t.co/5541WMpWb5 https://t.co/QESmhwfDVE

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.

Kerry Allan@kallan4446

4 days ago

HSC Industry Digest - June 01, 2026 A critical privilege escalation vulnerability in LiteSpeed's cPanel plugin (CVE-2026-48172, CVSS 10.0) is actively being exploited, allowing shared hosting customers to take complete control of ser…… https://t.co/Dxk9bMFIwS https://t.co/QR4gOq3S1X

#MetaProtec@MetaProtec

4 days ago

💡CISA solicitó el parcheo inmediato de CVE-2026-48172, una vulnerabilidad crítica en el plugin LiteSpeed para cPanel explotada como zero-day. ⚠️Permite ejecutar scripts con privilegios de root, afectando a versiones vulnerables del plugin user-end. #Ciberseguridad #CISA https://t.co/ZTbwRkKowA

Kerry Allan@kallan4446

5 days ago

HSC Industry Digest - May 30, 2026 A critical root privilege escalation vulnerability (CVE-2026-48172) in LiteSpeed's cPanel plugin is actively being exploited, demanding immediate patching across affected versions. Meanwhile, the A… R… https://t.co/YQ6iYWIJmn https://t.co/YVUpsvsBjU

Kerry Allan@kallan4446

6 days ago

HSC Industry Digest - May 28, 2026 A critical zero-day vulnerability in LiteSpeed's cPanel plugin (CVE-2026-48172, CVSS 10.0) is being actively exploited, allowing unprivileged users to gain root access on shared hosting servers—an … R… https://t.co/flAjUuQnrj https://t.co/3yuPQrEwDj

Lyrie.ai@lyrie_ai

7 days ago

00:00 UTC: CVE-2026-48172 disclosed. CISA: CVE-2026-48172 added to Known Exploited Vulnerabilities — LiteSpeed cPanel Plugin Status: ✅ Confirmed exploited in the wild Date added: 2026-05-26 Required action: Apply mitigations per vendor instructions, follow applicable…

Lyrie.ai@lyrie_ai

10 days ago

Full Tweet CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Escalation 0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es

Lyrie.ai@lyrie_ai

10 days ago

Source: X search for CVE-2026 critical Posted: 2026-05-22T17:35:17.000Z Likes: 17 0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es

Lyrie.ai@lyrie_ai

10 days ago

0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es

Lyrie.ai@lyrie_ai

10 days ago

CVE-2026-48172: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Escalation 0day Intel: CVE-2026-48172: Critical LiteSpeed cPanel Plugin Flaw Exploited for Privilege Es

MiGuεl CaRvAjAl ®@miguelcarvajalm

15 days ago

#LiteSpeed #cPanel #Plugin CVE-2026-48172 #Exploited to Run #Scripts as #Root https://t.co/MYy23diF1Q

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

Eduard Kovacs@EduardKovacs

1 day ago

Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. https://t.co/YddSoAT8tR

The Hacker News@TheHackersNews

1 day ago

⚠️ Cisco has released patches for a Catalyst SD-WAN Manager flaw now exploited in the wild. CVE-2026-20262 lets an authenticated attacker with write access create or overwrite files on affected systems. Read: https://t.co/Zwt1wXCi9x https://t.co/5jcia48aUm

Threat ResQ™@ThreatResq

1 day ago

Cisco patched CVE-2026-20262 in Catalyst SD-WAN Manager amid active exploitation. The flaw lets attackers upload crafted files to gain root privileges. https://t.co/L9jUGrdqvB #Cisco #CVE #Catalyst #SDWAN #exploit #root #CyberSecurity #CybersecurityNews #ThreatResQ #threatresq

AbOUk | East Africa Tech@abokfelix

1 day ago

1/4 🚨 Cisco SD-WAN Zero-Day Alert 🚨 Cisco has released an emergency patch for a critical SD-WAN zero-day (CVE-2026-20262). It’s being actively exploited to gain root-level access. #CyberSecurity #Cisco #ZeroDay #Infosec

Aviatrix Threat Research Center@aviatrixtrc

1 day ago

Attackers exploited CVE-2026-20262 to escalate from low-privilege credentials to root access on Cisco SD-WAN vManage systems. TRC analysis shows the vulnerability enabled lateral movement across network infrastructure, highlighting risks when management systems lack runtime

Mabior Agau@_CyberMaster

1 day ago

🚨 CVE-2026-20262 is being actively exploited in the wild. Cisco SD-WAN Manager — arbitrary file write via crafted HTTP request to the web UI API. If you're running Cisco SD-WAN, patch NOW. This isn't a theoretical one. #Cybersecurity #Cisco #Infosec

GoCocoaAI@GoCocoaAI

1 day ago

The floor opens up under Cisco SD-WAN Manager — again. CVE-2026-20262, an arbitrary file write via crafted HTTP request to the web UI API, was already under active exploitation before Cisco shipped the fix today. CISA KEV-listed it within hours. Federal agencies have until June

America's Pick@nims213

2 days ago

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks https://t.co/L20M8RqlQ4 Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. Forme…

Trube Technologies@trubetech

2 days ago

Cisco releases security updates for SD-WAN vManage flaw (CVE-2026-20262) exploited in zero-day attacks. The vulnerability allowed privilege escalation to root; updates mitigate the risk. Learn more: https://t.co/VML7KjNQMn

Daily CyberSecurity@the_yellow_fall

2 days ago

Cisco warns CVE-2026-20262, a Cisco SD-WAN vulnerability enabling arbitrary file write, is exploited in the wild. Patch SD-WAN Manager now. #Cisco #SDWAN #CVE202620262 #ArbitraryFileWrite #InfoSec https://t.co/8na0EmGQIl https://t.co/g06TjhufIx

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user.  To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.

The Cyber Security Hub™@TheCyberSecHub

12 days ago

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) https://t.co/wZta2CbSg7

Shah Sheikh@shah_sheikh

12 days ago

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245): A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this… https://t.co/04S1Ud3ABc https://t.co/vLv4sLQ8fl

Eric Vanderburg@evanderburg

12 days ago

#Cisco #SDWAN #0day exploited, no patch available (CVE-2026-20245) https://t.co/6faFLN20IF https://t.co/PjWXQMqF7U

NerdieNews@NewsNerdie

12 days ago

🚨 BREAKING: Cisco alerts users to a high-severity zero-day vulnerability in Catalyst SD-WAN Manager (CVE-2026-20245) that allows root privilege escalation. Active exploitation reported. Stay vigilant! #NerdieNews #CyberSecurity #BreakingNews #InfoSec #ZeroDay #Cisco https://t.co/iwLk6x51mE

America's Pick@nims213

12 days ago

Cisco warns of unpatched SD-WAN zero-day exploited in attacks https://t.co/QjIzpXFadG On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escala…

Trube Technologies@trubetech

12 days ago

Cisco warns of a high-severity unpatched SD-WAN zero-day (CVE-2026-20245) actively exploited to gain root privileges. Read our latest summary on how attackers are leveraging this flaw and what you can do to mitigate exposure. https://t.co/ZA35CkPH2V

Israel@f1tym1

12 days ago

Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 https://t.co/6C6pnkK8pZ The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on …

NerdieNews@NewsNerdie

12 days ago

🚨 BREAKING: Cisco alerts users to a critical SD-WAN zero-day vulnerability, CVE-2026-20245, allowing root command execution. No patch available yet. Stay vigilant and monitor updates. #NerdieNews #CyberSecurity #BreakingNews #InfoSec #ZeroDay #Cisco https://t.co/5XKnbZe9vR

Shah Sheikh@shah_sheikh

12 days ago

Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026: The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on… https://t.co/oUbw3T63E0 https://t.co/BEE1RPeJ8c

Eduard Kovacs@EduardKovacs

12 days ago

Cisco informed customers about CVE-2026-20245, the seventh SD-WAN product vulnerability exploited in the wild in 2026. https://t.co/ojjjaSGQKn

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Carlos Fynn@fynn_JourX

7 days ago

Chrome Zero-Day CVE-2026-11645 Enters KEV After… is the kind of management-plane bug defenders should move on fast. It combines active exploitation with security exposure and auth bypass risk in FortiClient EMS. When endpoint management infrastructure is exposed, the b…

Lucas@lucasverdan

7 days ago

Most people will see the headline. The real signal is what Chrome Zero-Day CVE-2026-11645 E… Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency V8 Patch Google has patched an actively exploited zero-day in 🔗 Details → https://t.co/Ztbp17OJ6w

Carlos Fynn@fynn_JourX

7 days ago

Legacy exposure keeps paying off for attackers. Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Sh… Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency V8 Patch Google has… 🔗 Read → https://t.co/yVENWHGipO

Lucas@lucasverdan

7 days ago

Chrome Zero-Day CVE-2026-11645 Enters KEV After… is already being exploited, and Fortinet says the FortiClient EMS flaw carries security exposure and auth bypass risk. If you run 7.4.5 or 7.4.6, treat it as exposed management-plane risk and hotfix now.

Lucas@lucasverdan

7 days ago

🛑 Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency… Chrome Zero-Day CVE-2026-11645 Enters KEV After Google Ships Emergency V8 Patch Google has… 🔗 Details → https://t.co/Ztbp17OJ6w

Herman Menor@hmenorjr

7 days ago

🚨 Google just patched a critical Chrome bug (CVE-2026-11645) that hackers are already using. It’s in the V8 engine, which runs JavaScript on websites. If you visit a bad site, attackers could run malicious code on your device. This is the 5th zero-day Chrome has fixed in 2026.

androidponsel.com@androidPonsel_

7 days ago

Google menambal zero-day Chrome kelima di 2026. CVE-2026-11645 di V8 engine sudah dieksploitasi di alam liar. Perbarui browser Anda sekarang. Baca selengkapnya > https://t.co/KzmwL1tnIl #Google #Chrome https://t.co/xTON0RPynj

DFIR Radar@DFIR_Radar

7 days ago

CVE-2026-11645 (CVSS 8.8) actively exploited Chrome V8 zero-day enables arbitrary code execution via crafted HTML pages. Google confirms exploit exists in wild. Update to Chrome 149.0.7827.102+ and force browser restart immediately. #DFIR_Radar https://t.co/E65w8VAYBl

Aviatrix Threat Research Center@aviatrixtrc

7 days ago

Attackers exploited CVE-2026-11645 in Chrome's V8 engine to break out of browser sandboxes and establish network footholds. TRC analysis shows the campaign involved lateral movement and C2 establishment after initial browser compromise. Runtime segmentation helps contain such

Elusive@ElusivePrivacy

7 days ago

Chrome 5th zero-day of 2026 Google patched the 5th actively exploited Chrome zero-day of 2026. CVE-2026-11645 out-of-bounds read/write in the V8 engine, confirmed exploited in the wild. Fixed in 149.0.7827.102/.103 (Win/Mac/Linux). Google is withholding details until users

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

Lyrie.ai@lyrie_ai

1 day ago

CVE-2026-39987 | GHSA-2679-6mx9-h9xc | CVSS v4.0: 9.3 (Critical) Affected: All Marimo versions ≤ 0.20.4 (fix landed in 0.23.0 via PR #9098) A missing validateauth() call in Marimo's /terminal/ws WebSocket endpoint handed unauthenticated attackers a full PTY shell on any…

Lyrie.ai@lyrie_ai

1 day ago

CVE-2026-39987: A missing validateauth call in Marimo's /terminal/ws WebSocket endpoint handed unauthenticated attackers a full PTY shell on any internet-exposed notebook server. CVSS 9.3. Exploited within 9 hours and 41 minutes of public disclosure — before a…

Cybersecurity News Everyday@TweetThreatNews

12 days ago

Sysdig TRT observed an agentic AI attacker exploiting CVE-2026-39987 in marimo to automate container escape, host breakout, and Kubernetes secret theft via Docker socket and nsenter. #CVE202639987 #marimo #Kubernetes https://t.co/azfAWQc2zG

IntegSec@integ_sec

13 days ago

CVE-2026-39987: Marimo Remote Code Execution Bug - What It Means for Your Business and How to Respond https://t.co/Lej1Hb8zd7

Divinmentis@Divinmentis

13 days ago

Patching and AV assume fixed exploit signatures. This worm destroys that model. Its on-device LLM adapts to each unique target, no static signature needed. CVE-2026-39987 showed AI pivoting AWS to SSH to PostgreSQL in under 2 min. This is that capability at network scale. The

Radio007@007radiotv

16 days ago

📣 New Podcast! "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit" on @Spreaker #artificialintelligence #cyber #cybercrime #cybercriminals #cyberinvestigation https://t.co/wD3vSjrbzo

CloudSecurityAlliance@cloudsa

16 days ago

CISO Daily Briefing: CVE-2026-39987 in Marimo gave attackers RCE — then an LLM agent autonomously pivoted four times and drained a full PostgreSQL database in under two minutes, marking the first confirmed operational use of AI in live post-exploitation; codexui-android, a

Jim Rigney@RigneySec

16 days ago

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/QSVoof9aEe https://t.co/NDEHnu9iyd

ReconBee@ReconBee

16 days ago

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit https://t.co/tdHPRje6ut #LLM #Marimo #largelanguagemodels #llmagent #cybersecurity

Gray Hats@the_yellow_fall

16 days ago

Analyze the Marimo CVE-2026-39987 exploit. Learn how an autonomous AI agent weaponized this flaw to exfiltrate internal database credentials. #Marimo #CVE202639987 #AIAgent #Cyberattack #Sysdig #ThreatIntel https://t.co/mcdKklNpiI https://t.co/ddrR3nWuL0

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Lyrie.ai@lyrie_ai

1 day ago

You cannot understand CVE-2026-35616 without its predecessor. CVE-2026-21643 — a separate unauthenticated RCE — hit FortiClient EMS weeks earlier, also under active exploitation. Fortinet's advisory pushed affected organizations toward version 7.4.5.

DFIR Radar@DFIR_Radar

6 days ago

Chinese 🇨🇳-linked JDY botnet evolved after KV takedown, now using 1,500+ compromised SOHO/IoT devices to reconnaissance US 🇺🇸 military networks. Scanned Fortinet devices hours after CVE-2026-35616 disclosure. #DFIR_Radar https://t.co/udinTgpyyb

Aviatrix Threat Research Center@aviatrixtrc

6 days ago

TRC analysis shows the China-linked JDY botnet rapidly weaponizing CVE-2026-35616 to compromise 1,500+ SOHO/IoT devices targeting U.S. military networks. Attackers performed high-speed scanning and lateral movement to map vulnerable infrastructure before exfiltrating

DFIR Radar@DFIR_Radar

7 days ago

China-linked JDY botnet grows to 1,500+ compromised SOHO/IoT devices, rapidly scanning US 🇺🇸 military networks for newly disclosed vulnerabilities. Operators quickly targeted CVE-2026-35616 after Fortinet disclosure. #DFIR_Radar https://t.co/BcyyWqetbf

CSIRT Financiero Asobancaria@CSIRTFinanciero

12 days ago

⚠️ ¿Sabías que un atacante puede acceder a todos los equipos de tu organización sin necesitar una sola contraseña? CVE-2026-35616 lo hace posible y ya está siendo explotada activamente contra el sector financiero. 🔴 Riesgo alto | TLP: White | 28 may 2026 https://t.co/kUUc5pKBsh

DC3 DCISE@DC3DCISE

12 days ago

🛡️ Threat actors are actively exploiting a critical #FortiClient EMS flaw (CVE-2026-35616) to deploy credential stealers disguised as endpoint updates! Visit @thehackernews for more.  #InfoSec

MprintedIT@MprintedIT

15 days ago

Hackers are exploiting a critical flaw in FortiClient EMS — and disguising their malware as a Fortinet software update. CVE-2026-35616 (CVSS 9.1) lets unauthenticated attackers bypass the API, then push the EKZ infostealer to every managed endpoint on your network. Once inside https://t.co/Kp3zVmwFFB

Carlos Fynn@fynn_JourX

16 days ago

Legacy exposure keeps paying off for attackers. FortiClient EMS exploit turns endpoint management into cr… CVE-2026-35616 shows how a vulnerable FortiClient EMS server can become a malware delivery… 🔗 Read → https://t.co/cBoTi33dIS

Lucas@lucasverdan

16 days ago

🛑 FortiClient EMS exploit turns endpoint management into credential theft… CVE-2026-35616 shows how a vulnerable FortiClient EMS server can become a malware delivery… 🔗 Details → https://t.co/QRuF3O21Vx

Gray Hats@the_yellow_fall

16 days ago

Analyze the recent FortiClient EMS exploit. Learn how attackers leverage CVE-2026-35616 to deliver EKZ Infostealer and bypass endpoint protection. #Fortinet #FortiClientEMS #CVE202635616 #EKZInfostealer #Cybersecurity #ThreatIntel https://t.co/lpGROuJRW3 https://t.co/mkN8wohXif

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

TheNu11Sector@Nu11Sector

1 day ago

4.🧵 Other high-risk surfaces in this update: 🖥️ Remote Desktop Client — 11 CVEs, including critical RCE 🔷 Hyper-V — critical RCE with VM guest escape to host 📧 Exchange Server — CVE-2026-42897 XSS in OWA (CVSS 8.1, exploited)

CyberAlertsHQ@CyberAlertsHQ

7 days ago

🚨 NEW: Microsoft June Patch Tuesday just dropped — a record 200+ CVEs including 6 zero-days. The most urgent: CVE-2026-42897, an Exchange Server zero-day that's been actively exploited for weeks. A crafted email executes JavaScript in the victim's browser. A permanent patch is

Aviatrix Threat Research Center@aviatrixtrc

7 days ago

TRC analysis shows attackers exploiting Microsoft Exchange 'Ghost-Sender' vulnerability (CVE-2026-42897) to bypass SPF, DKIM, and DMARC protections. Spoofed emails land directly in inboxes, enabling credential harvesting and internal impersonation attacks. #EmailSecurity

Cybersecurity News Everyday@TweetThreatNews

7 days ago

Microsoft has patched CVE-2026-42897, an actively exploited Exchange Server XSS flaw that can run arbitrary JavaScript in Outlook Web Access. Affects Exchange 2016, 2019, and Subscription Edition. #Microsoft #ExchangeServer #CVE202642897 https://t.co/tR95RQLt2x

The Hacker News@TheHackersNews

7 days ago

UPDATE: Microsoft has patched the actively exploited on-prem Exchange flaw (CVE-2026-42897). Patch now, and keep the existing mitigation on for extra protection. Affects Exchange Server 2016, 2019, and SE. Details 👇 https://t.co/7CUgmom0Jh

辻伸弘 (nobuhiro tsuji)@ntsuji

7 days ago

Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 | Microsoft Community Hub https://t.co/z4ZvR8tWWG

iSECTECH@isectech_

7 days ago

CVE-2026-42897 — Exchange Server XSS zero-day. No privileges needed. Attacker sends a crafted email. User opens it in OWA. Arbitrary JavaScript runs in their browser. CISA added it to KEV on May 15. Microsoft patched it June 10. That's 26 days attackers had a free pass. #CVE

Packet Ninjas@packetninjas

7 days ago

20 Exchange Server vulnerabilities added to CISA's exploited list in the last 5 years. 14 of them exploited by ransomware gangs. CVE-2026-42897 is now #21. XSS via a specially crafted email. No privileges required. Patch Tuesday is not a security program. 🥷

John McClure@johnmcclure00

12 days ago

CVE-2026-42897: unauthenticated RCE on Exchange Server — no patch, mitigation-only via EM Service. Echoes ProxyLogon and ProxyShell. If your EM Service is off, you're exposed. Verify your status today. #Cybersecurity #InfoSec https://t.co/MfWNkHPzIf

Rich Greene@secgreene

12 days ago

Monday. You open the third email. Nothing visible happens. A piece of JavaScript just grabbed the proof you were logged in. That's CVE-2026-42897. The Microsoft Exchange zero-day under active attack. New Plaintext with Rich is live. https://t.co/GZSDj57EpZ https://t.co/X4WQEIgM9d

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access

F.A.Q.

Find answers to common questions about CVEs and vulnerability intelligence