CVE-2026-33826

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network...

CVE-2026-33826

CVE-2026-33826 is a Windows Active Directory (AD DS) Remote Code Execution vulnerability. Connected documents describe an unauthenticated network-based exploit where malformed Kerberos/RPC authentication requests to a Domain Controller trigger memory corruption in LSASS, allowing arbitrary code e...

Threat Intelligence for Exposure Management: How TI Powers Smarter CTEM Programs

Your security team has access to more vulnerability data than ever before. Scanners produce thousands of findings each week. Threat feeds deliver a steady stream of indicators. Yet most organizations still struggle with the same fundamental problem: deciding what to fix first. The disconnect...

Windows Active Directory Remote Code Execution Vulnerability

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network...

Active Directory Spoofing Vulnerability

Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally...

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 aka CNVD-2020-26585, which carries a CVSS score of 9.4 out of 10.0. It relates to a...

PT-2026-32885

Name of the Vulnerable Software and Affected Versions Windows Active Directory versions prior to April 2026 Patch Tuesday Description Improper input validation in Windows Active Directory allows an authorized attacker to execute arbitrary code over an adjacent network. This issue enables...

PT-2026-32798

CVE-2026-32072 Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally. https://t.co/LqmmLGYoRL...

Microsoft Windows Active Directory 输入验证错误漏洞

Microsoft Windows Active Directory is a centralized directory management service provided by Microsoft for managing large-scale network environments. It stores information about objects on the network, enabling administrators and users to easily find and use this information. There is an input...

PT-2026-32914

CVE-2026-33714 Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an inc… https://t.co/Zf7eLCVgfW...

Microsoft Windows Active Directory 授权问题漏洞

Microsoft Windows Active Directory is a centralized directory management service provided by Microsoft for managing large-scale network environments. It stores information about objects on the network, enabling administrators and users to easily find and use this information. There are...

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - FortiClient EMS Pre-Authentication API Bypass...

Malicious code in @sage-active/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b00241523d12b3a7ef46eb21d2e480e96702d56bd067ace6e34262cedf6747f The package @sage-active/ui was found to contain malicious code. Source: ghsa-malware 87a70bf25b705a32cb00ec306c3a4634f7b7194979aabe11a126cc59a26ffb2...

MAL-2026-2593 Malicious code in @sage-active/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b00241523d12b3a7ef46eb21d2e480e96702d56bd067ace6e34262cedf6747f The package @sage-active/ui was found to contain malicious code. Source: ghsa-malware 87a70bf25b705a32cb00ec306c3a4634f7b7194979aabe11a126cc59a26ffb2...

TEMPLATEFUZZ: Fine-Grained Chat Template Fuzzing for Jailbreaking and Red Teaming LLMs

Large Language Models LLMs are increasingly deployed across diverse domains, yet their vulnerability to jailbreak attacks, where adversarial inputs bypass safety mechanisms to elicit harmful outputs, poses significant security risks. While prior work has primarily focused on prompt injection...

Eaton Discontinued Devices Detection

The current plugin identifies Eaton devices that are currently discontinued. Eaton Lifecycle Statuses: - Active: Most current offering within a product category. - End of Life: Discontinued date announced - actively execute migrations and last time buys. Product generally orderable until the...

Eaton Active Devices Detection

The current plugin identifies Eaton devices that are still under active support. Eaton Lifecycle Statuses: - Active: Most current offering within a product category. - End of Life: Discontinued date announced - actively execute migrations and last time buys. Product generally orderable until the...

Cybersecurity-Detection-Engineering-POC-Event-Generator

Cybersecurity-Detection-Engineering-POC-Event...

infosec-notebook

infosec-notebook Personal cybersecurity notes and references...

Metasploit Wrap-Up 04/10/2026

Speedup Improvements of MSFVenom & New Modules This week, we have added new modules to Metasploit Framework targeting Cisco Catalyst SD-WAN controllers and osTicket as well as updates and improvements to Windows service-for-user persistence, and LDAP/ADCS-related modules to automatically report...