CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-45247link is external Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector...

📄 MCPJam Inspector 1.4.2 Command Injection

This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and reverse shell access. The script supports multiple payload types, endpoint discovery, listener management, and several...

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 CVSS score: 7.5, allows an...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-0492link is external Linux Kernel Improper Authentication Vulnerability CVE-2025-48595link is external Android Framework Integer Overflow Vulnerability The...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-21182link is external Oracle WebLogic Server Unspecified Vulnerability This type of vulnerability is a frequent attack vectors for malicious cyber actors and...

GCVE: A Decentralized Model for Vulnerability Identification, Publication, and Operational Enrichment

The Global CVE initiative GCVE proposes a decentralized, open, and extensible model for vulnerability identification, publication, and enrichment. It addresses a gap in today's vulnerability ecosystem: centralized systems provide rigorous control and widely recognized identifiers, while many...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-0257link is external Palo Alto Networks PAN-OS Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vectors for malicious cybe...

Cisco IOS XE Web UI - Command Injection

A vulnerability in the web UI component of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system. This vulnerability is due to improper input validation in the web UI. An attacker could exploit...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-8398link is external Daemon Tools Lite Embedded Malicious Code Vulnerability CVE-2026-45321link is external TanStack Unspecified Vulnerability...

PT-2026-43620

Threat Intel May 26, 2026 Vulnerability Intelligence Briefing Curated from daily vulnerability intelligence monitoring and exploitation telemetry analysis by cvelogic. --- 1. Known Exploited Vulnerabilities CISA KEV CVE-2026-48172 LiteSpeed cPanel Plugin Added to the CISA KEV catalog following...

PT-2026-43621

Threat Intel May 26, 2026 Vulnerability Intelligence Briefing Curated from daily vulnerability intelligence monitoring and exploitation telemetry analysis by cvelogic. --- 1. Known Exploited Vulnerabilities CISA KEV CVE-2026-48172 LiteSpeed cPanel Plugin Added to the CISA KEV catalog following...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-48172link is external LiteSpeed cPanel Plugin Privilege Escalation Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

Exploit for Link Following in Microsoft

Microsoft Defender Vulnerability Scanner 🛡️ CVE-2026-41091...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-9082link is external Drupal Core SQL Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below -...

Microsoft Defender vulnerabilities are being exploited in the wild

Two Microsoft Defender vulnerabilities are being actively exploited in the wild. On May 20, 2026, the Cybersecurity and Infrastructure Security Agency CISA added a notable set of actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV catalog. The KEV catalog tracks...

SQL Injection

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to SQL Injection via the process that handles SQL queries. An attacker can execute arbitrary SQL commands by injecting specially...

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2008-4250link is external Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537link is external Microsoft DirectX NULL Byte Overwrite Vulnerability...

Astra Linux - уязвимость в webkit2gtk

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in Safari 16.4.1, iOS 15.7.5, and iPadOS 15.7.5; iOS 16.4.1, and iPadOS 16.4.1; as well as macOS Ventura 13.3.1. Processing maliciously crafted web...