CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 CVSS score: 9.1, has been described as a pre-authentication API access bypass leading to privilege escalation...

Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited

Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2026-21385 CVSS score: 7.8, a buffer over-read in the Graphics component. "Memory corruption when...

CVE-2025-66644

CVE-2025-66644 affects Array Networks ArrayOS AG before 9.4.5.9, with an OS command injection vulnerability that could allow an attacker to execute arbitrary commands. Exploitation has been observed in the wild between August and December 2025, impacting ArrayOS AG versions up to 9.4.5.8. Remedia...

CVE-2025-64446: Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild

Overview On October 6, 2025, the cyber deception company Defused published a proof-of-concept exploit on social media that was captured by one of their Fortinet FortiWeb Manager honeypots. FortiWeb is a Web Application Firewall WAF product that is designed to detect and block malicious traffic to...

CVE-2023-53691

Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025...

PT-2025-42217

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

CVE-2025-42706

A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility LTV...

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The...

CVE-2025-20333, CVE-2025-20362, CVE-2025-20363 - Multiple critical vulnerabilities affecting Cisco products

Overview On September 25, 2025, Cisco published advisories for three notable vulnerabilities affecting many different Cisco products. Two of these vulnerabilities, CVE-2025-20333 and CVE-2025-20362, are known to be exploited in the wild, and CVE-2025-20363 is at high risk for exploitation in the...

CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page

General Bytes Crypto Application Server CAS beginning with version 20201208 prior to 20220531.38 backport and 20220725.22 mainline contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation /...

CVE-2025-8088

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET...

CVE-2025-8088 Path traversal vulnerability in WinRAR

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET...

DEBIAN-CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

Apache Tomcat CVE-2025-24813: What You Need to Know

Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild...

PT-2024-10058

Name of the Vulnerable Software and Affected Versions BeyondTrust Privileged Remote Access PRA and Remote Support RS versions prior to 24.3.1 PostgreSQL affected versions not specified Description A critical command injection vulnerability exists in BeyondTrust Privileged Remote Access PRA and...

Patch Tuesday - November 2024

Microsoft is addressing 90 vulnerabilities this November 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for four of the vulnerabilities published today, although as with last month’s batch, it does not evaluate any of these zero-day vulnerabilities...

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 CV...

SAS CTF and the many ways to persist a kernel shellcode on Windows 7

On May 18, 2024, Kaspersky's Global Research & Analysis Team GReAT, with the help of its partners, held the qualifying stage of the SAS CTF, an international competition of cybersecurity experts held as part of the Security Analyst Summit conference. More than 800 teams from all over the world to...

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager EPM, including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 CVSS score: 10.0 - A deserialization of...