CVE-2026-20245

Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) CLI is affected by CVE-2026-20245. A authenticated, local attacker can inject commands as root by uploading a crafted file due to insufficient input validation. Exploitation requires netadmin privileges (valid credentials or other vector not...

PT-2026-46400

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description Insufficient validation of user-supplied input in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, allows an authenticated local attacker with netadmin...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 Detector Safe detection script for CVE-2026-...

Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin

On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that...

This Week in Spring - June 2nd, 2026

Hi, Spring fans, and welcome to another momentous installment of This Week in Spring! A lot to get into this week, but let's first take some time to address the meta: where are the May releases? If you read our May 11th post, you know they've been delayed. We wanted to speak a bit more about why ...

MAL-2026-5131 Malicious code in @redhat-cloud-services/sources-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

PT-2026-45209

CVE-2026-0142 does not exist. No NVD record, no CISA KEV entry, no published advisory. The identifier follows valid CVE format but carries nothing behind it — no CVSS score, no affected product, no CNA assignment. If a vendor, scanner, or third-party report handed you that number, the source...

MAL-2026-5091 Malicious code in discord-ban (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4e19806a65bf83b5648eb280baedca899972d98e8c3f921080390458e8394413 Package steals data from web browsers credentials, credit cards, history, ... --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

CVE-2026-10162

creationtimestamp| type| source ---|---|--- 2026-05-30 11:14:14+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116663232233376212 2026-05-31 03:00:26+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mn4l5tcb7b2k 2026-05-31 03:00:29+00:00| seen|...

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 CVSS score: 7.8, refers to a case of authentication bypass that could be exploited b...

MAL-2026-5063 Malicious code in customerdigital-service-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d58926a994bd05ac4db3c984f96186b2d52da1235a3f56f34843c01dd2246408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in customerdigital-service-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d58926a994bd05ac4db3c984f96186b2d52da1235a3f56f34843c01dd2246408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5059 Malicious code in chai-bundle (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5110f40393583ef41ebcfa3558d782310a40a78227a040480d871c25311b79ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @trp-individual-investor-adv-disc/adv-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fc0ed55f4ec8a9ae7dd408c68635f245461c319bf4e7a0ca85adb25c9eb317b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5066 Malicious code in ethers-hash (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d77270819f9736bb8e5eaba898605cbe713dfaf9b06c2ad539aa29f77651aba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes May 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and...

CVE-2026-44596

creationtimestamp| type| source ---|---|--- 2026-05-29 15:00:15+00:00| seen| Telegram/a86W4JR7O--z7UEFDSjPGooPu8cJg6Qw5misZZ2a8xOkaUM 2026-05-29 21:00:04+00:00| seen| Telegram/7EeES1995AuZh7L7sqmaK3TqJ83qHuwNNd4oo-aSS2rD4M...

CVE-2026-49196

creationtimestamp| type| source ---|---|--- 2026-05-29 11:38:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyh6rpkeo2i...

CVE-2026-33386

creationtimestamp| type| source ---|---|--- 2026-05-29 07:15:00+00:00| seen| https://cert.pl/en/posts/2026/05/CVE-2026-33384...

CVE-2026-41236

creationtimestamp| type| source ---|---|--- 2026-05-29 06:30:36+00:00| published-proof-of-concept| https://github.com/froxlor/froxlor/security/advisories/GHSA-mq5v-pxpm-8jw2 2026-06-04 18:44:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnibsgjzcn2y...