Lucene search
K

395 matches found

The Hacker News
The Hacker News
added 2026/04/14 5:50 a.m.10 views

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 aka CNVD-2020-26585, which carries a CVSS score of 9.4 out of 10.0. It relates to a...

9.4CVSS6.4AI score0.00976EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/04/13 6:49 p.m.190 views

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - FortiClient EMS Pre-Authentication API Bypass...

9.8CVSS6.5AI score0.88505EPSS
Exploits8
NCSC
NCSC
added 2026/04/04 1:49 p.m.12 views

Vulnerability fixed in Fortinet's FortiClient EMS

Fortinet has fixed a vulnerability in FortiClient EMS. The vulnerability involves improper access controls in FortiClient EMS. Unauthenticated attackers can bypass security controls by sending specially crafted requests and execute unauthorized code or commands. The vulnerability can be exploited...

9.8CVSS6AI score0.88505EPSS
Exploits8References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29591

https://t.co/UOa9QBXyfb BSI: Critical SharePoint vulnerability is being actively attacked The German Federal Office for Information Security BSI is warning of a critical vulnerability in Microsoft SharePoint version 9.8 CVE-2026-238220-1032 that, according to available ev… https://t.co/QFBtTAIUNm...

5.9AI score
Exploits0References1
HackRead
HackRead
added 2026/03/31 11:36 a.m.7 views

Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild

F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately...

9.8CVSS6.1AI score0.02213EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.12 views

PT-2026-27202

Name of the Vulnerable Software and Affected Versions NetScaler ADC versions prior to 14.1-60.58 NetScaler Gateway versions prior to 13.1-662.23 Description Insufficient input validation in the SAML processing module of NetScaler ADC and NetScaler Gateway, when configured as a SAML Identity...

10CVSS7.5AI score0.83996EPSS
Exploits7References304
The Hacker News
The Hacker News
added 2026/03/17 5:23 a.m.7 views

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-47813 CVSS score: 4.3, is an information...

10CVSS7.9AI score0.95343EPSS
Exploits24
CISA
CISA
added 2026/03/13 12:0 p.m.10 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-3909link is external Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910link is external Google Chromium V8 Unspecified Vulnerability These types o...

8.8CVSS5.8AI score0.02EPSS
In wildExploits1References7
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.11 views

PT-2026-23031

Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2026/02/21 7:21 a.m.13 views

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 CVSS...

9.9CVSS9.4AI score0.94741EPSS
Exploits30
CISA
CISA
added 2026/02/20 12:0 p.m.19 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-49113link is external RoundCube Webmail Deserialization of Untrusted Data Vulnerability CVE-2025-68461link is external RoundCube Webmail Cross-site Scripti...

9.9CVSS5.5AI score0.94741EPSS
In wildExploits30References7
GithubExploit
GithubExploit
added 2026/02/18 11:46 a.m.255 views

Exploit for Use After Free in Google Chrome

CVE-2026-2441 — Chrome CSSFontFeatureValuesMap Use-After-Free...

8.8CVSS6.2AI score0.2202EPSS
Exploits12
GithubExploit
GithubExploit
added 2026/02/11 11:2 p.m.227 views

Exploit for Protection Mechanism Failure in Microsoft

CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnera...

8.8CVSS6.7AI score0.25835EPSS
Exploits3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.20 views

SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization

SolarWinds Web Help Desk before version 12.8.3 contain a critical Java deserialization vulnerability that enables remote code execution. Attackers can exploit this flaw to execute arbitrary commands on the host machine. Initially reported as unauthenticated, SolarWinds was unable to reproduce...

9.8CVSS8.7AI score0.8833EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2026/01/28 4:49 a.m.17 views

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 CVSS score: 9.4, has been described as an authentication bypass related to FortiOS single...

9.8CVSS6.1AI score0.85844EPSS
Exploits0
CISA
CISA
added 2026/01/26 12:0 p.m.18 views

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2018-14634link is external Linux Kernel Integer Overflow Vulnerability CVE-2025-52691link is external SmarterTools SmarterMail Unrestricted Upload of File with...

10CVSS7.4AI score0.98871EPSS
In wildExploits98References10
The Hacker News
The Hacker News
added 2026/01/24 8:9 a.m.13 views

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerability ...

9.8CVSS7AI score0.54143EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/23 3:24 p.m.14 views

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 CVSS score: 8.8 - A PHP remote fi...

9.2CVSS6.5AI score0.83479EPSS
Exploits17
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.12 views

CVE-2022-42827

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively...

7.8CVSS7.3AI score0.01136EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/01/07 4:31 a.m.7 views

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 CVSS score: 9.3, concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper...

9.3CVSS9.1AI score0.00964EPSS
Exploits0
Rows per page
Query Builder