240 matches found
CVE-2026-46394
creationtimestamp| type| source ---|---|--- 2026-06-09 19:00:13+00:00| published-proof-of-concept| Telegram/Twzxtbvyqic9grgE7JaZrbs3i9BOrZG8PBBvMyWgrTB7Ya8 2026-06-09 23:00:05+00:00| published-proof-of-concept| Telegram/avQcqITCN0CdPqbuzPd1c2U29MoQRxNSjCudrYTZic4II...
CVE-2026-00000
creationtimestamp| type| source ---|---|--- 2026-06-09 15:00:12+00:00| published-proof-of-concept| Telegram/TPZhP3a04vI9AManDnxQiLM92frB40hJI3gtpEixtxo5IZo 2026-06-09 23:00:05+00:00| published-proof-of-concept| Telegram/avQcqITCN0CdPqbuzPd1c2U29MoQRxNSjCudrYTZic4II...
PT-2026-47173
$1,000 of compute found 21 zero-days in FFmpeg. An autonomous agent called depthfirst scanned roughly 1.5 million lines of C, then wrote a reproducible proof-of-concept for every bug it reported. The shift is that second half. Not a list of suspicious lines for a human to chase, but 21 crashing...
CVE-2026-41522
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...
PT-2026-46332
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...
PT-2026-46374
Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...
PT-2026-46328
Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...
PT-2026-46324
Unauthenticated Local File Inclusion in Rosaleen = 2.8 versions...
PT-2026-46340
Unauthenticated Local File Inclusion in Especio = 1.0 versions...
PT-2026-46351
Unauthenticated Local File Inclusion in Abelle = 1.22 versions...
PT-2026-46362
Unauthenticated Local File Inclusion in Granola = 1.13 versions...
PT-2026-46368
Unauthenticated Local File Inclusion in Skyward = 1.10 versions...
PT-2026-45932
BREAKING: Samsung discloses critical CVE-2026-23786 and CVE-2024-53922 in semiconductor products, enabling potential unauthorized access with patches pending. https://t.co/As20ekaylO...
USN-8371-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
Wordfence Bug Bounty Program Monthly Report β March 2026
In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure CVD, urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a...
PT-2026-43621
Impact An attacker can cause the creation of unnecessary background threads in the python-engineio server by exploiting the heartbeat mechanism, which launches a thread when a new connection is received, and when the client sends a PONG packet. Note: this issue primarily affects synchronous...
A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure
In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk...
PT-2026-43620
Name of the Vulnerable Software and Affected Versions radvd versions prior to 2.21 Description The radvdump utility contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the print ff function copies up to 2032 bytes of...
A First Measurement Study on Authentication Security in Real-World Remote MCP Servers
The Model Context Protocol MCP is emerging as a common interface connecting large language models LLMs with external services. Remote deployments are becoming increasingly important as agents connect to user-linked online services, such as social, productivity, and financial services. In such...