58 matches found
EUVD-2026-34858
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...
PT-2026-46983
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...
Astra Linux - уязвимость в firefox
An unexpected message in the WebGPU IPC framework could lead to a use-after-free error and an exploitable sandbox escape. There have been reports of attacks exploiting this flaw in real-world scenarios. This vulnerability affects Firefox versions earlier than 97.0.2, Firefox ESR versions earlier...
PT-2026-39534
Critical cPanel vulnerabilities CVE-2026-41940, CVE-2026-41941, CVE-2026-41942 exploited in the wild. Update your servers immediately to protect against unauthorized access. Link: https://t.co/BvY5rEh9wr cPanel Cybersecurity Vulnerabilities Exploits Patching Servers Security Infosec Malware Threa...
PT-2026-32093
Name of the Vulnerable Software and Affected Versions Acrobat DC versions prior to 26.001.21411 Acrobat Reader DC versions prior to 26.001.21411 Acrobat 2024 affected versions not specified Description An Improperly Controlled Modification of Object Prototype Attributes, also known as Prototype...
Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026-20127)
Overview On February 25, 2026, Cisco disclosed a critical authentication bypass vulnerability in Cisco Catalyst SD‑WAN Controller and Cisco Catalyst SD‑WAN Manager, tracked as CVE‑2026‑20127, that allows an unauthenticated attacker to gain administrative access to affected systems. The Cisco...
February Microsoft Patch Tuesday
February Microsoft Patch Tuesday. A total of 55 vulnerabilities, half as many as in January. There are as many as six ❗️ vulnerabilities being exploited in the wild: 🔻 SFB/RCE - Windows Shell CVE-2026-21510 🔻 SFB/RCE - Microsoft Word CVE-2026-21514 🔻 SFB - MSHTML Framework CVE-2026-21513 🔻 EoP -...
PT-2026-6632
Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions through 7.6.6 Description Fortinet FortiOS through version 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files. This issue was exploited in the wild between December 16, 2025, and...
VulnCheck KEV: CVE-2026-25815
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 by default, the encryption key is the same across all customers' installations. NOTE: the Supplier's position is that the instanc...
Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)
Overview On January 29, 2026, Ivanti disclosed two new critical vulnerabilities affecting Endpoint Manager Mobile EPMM: CVE-2026-1281 and CVE-2026-1340. The vendor has indicated that exploitation in the wild has already occurred prior to disclosure. This has been echoed by CISA who added...
About Remote Code Execution – Microsoft Office (CVE-2026-21509) vulnerability
About Remote Code Execution - Microsoft Office CVE-2026-21509 vulnerability. The vulnerability was urgently fixed on January 26, outside the regular Microsoft Patch Tuesday. Microsoft classified it as a Security Feature Bypass, but in fact, it is more of a Remote Code Execution. The vulnerability...
EUVD-2025-201500
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...
CVE-2025-66644
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...
CVE-2025-66644
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025...
November Linux Patch Wednesday
NovemberLinux Patch Wednesday. In November, Linux vendors began fixing 516 vulnerabilities, one and a half times fewer than in October. Of these, 232 are in the Linux Kernel. One vulnerability is exploited in the wild: MemCor - Chromium CVE-2025-13223. Added to CISA KEV on November 19. For 64 mor...
PT-2025-46508
Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A race condition exists within the Windows Kernel, allowing an authorized attacker with local access to elevate privileges. This issue is actively exploited and has been identified ...
PT-2025-44459
Name of the Vulnerable Software and Affected Versions Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 Description The software does not properly decode and parse the enc parameter in the thirdpartyController.do endpoint. The decoded map values can influence session...
CVE-2011-10033
The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...
⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for...
Type Confusion
Overview Affected versions of this package are vulnerable to Type Confusion in v8. This vulnerability has been reported exploited in the wild. Remediation Upgrade chromium to version 140.0.7339.185 or higher. References - Chrome Releases - CISA - Known Exploited Vulnerabilities...