Lucene search
+L

720 matches found

Wiz blog
Wiz blog
added 2026/05/06 12:33 p.m.8 views

Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wild

Detect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution RCE with root privileges...

9.8CVSS6.7AI score0.32074EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.30 views

PT-2026-46983

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms running Arista EOS with tunnel decapsulation configurations—such as VXLAN Virtual Extensible LAN, decap-groups, or GRE Generic Routing Encapsulation tunnel interfaces—the swit...

6.9CVSS6AI score0.00836EPSS
Exploits1References33
Information Security Automation
Information Security Automation
added 2026/04/28 6:0 p.m.14 views

April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability

April "In the Trend of VM" 26: one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. Once again, it is single-vendor, Microsoft-related, and this time it could not be more compact. While the previous Marc...

9.8CVSS5.8AI score0.2943EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/04/14 9:48 p.m.18 views

Patch Tuesday - April 2026

Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation...

9.8CVSS7.8AI score0.5585EPSS
Exploits6
GithubExploit
GithubExploit
added 2026/04/13 6:49 p.m.195 views

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - FortiClient EMS Pre-Authentication API Bypass...

9.8CVSS6.5AI score0.88505EPSS
Exploits8
Malwarebytes
Malwarebytes
added 2026/04/13 11:38 a.m.14 views

Simply opening a PDF could trigger this Adobe Reader zero-day

Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked normal. A researcher analyzed a malicious PDF and found that it abused a previously unknown flaw a “zero‑day” in Adobe Acrobat Reader. When a vict...

8.6CVSS7.9AI score0.07086EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-32093

Name of the Vulnerable Software and Affected Versions Acrobat DC versions prior to 26.001.21411 Acrobat Reader DC versions prior to 26.001.21411 Acrobat 2024 affected versions not specified Description An Improperly Controlled Modification of Object Prototype Attributes, also known as Prototype...

10CVSS7.3AI score0.07086EPSS
Exploits4References241
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006637 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory-access in registersynthevent In registersynthevent, if...

7.1CVSS5.8AI score0.0017EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/04/07 5:56 a.m.14 views

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Threat actors are exploiting a maximum-severity security flaw in Flowise , an open-source artificial intelligence AI platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 CVSS score: 10.0, a code injection vulnerability that could result in remote cod...

10CVSS6.4AI score0.90183EPSS
Exploits25
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.12 views

FortiClient EMS 7.4.6 Vulnerability Assessment Tool

CVE-2026-35616 is a pre-authentication API bypass in FortiClient EMS 7.4.5 and 7.4.6 that allows remote, unauthenticated attackers to bypass certificate-based authentication through HTTP header spoofing. The Django application trusts user-controllable HTTP headers X-SSL-CLIENT-VERIFY,...

9.8CVSS6.1AI score0.88505EPSS
Exploits8
The Hacker News
The Hacker News
added 2026/04/05 4:32 a.m.9 views

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 CVSS score: 9.1, has been described as a pre-authentication API access bypass leading to privilege escalation...

9.8CVSS7.6AI score0.94085EPSS
Exploits9
The Hacker News
The Hacker News
added 2026/04/01 11:42 a.m.16 views

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 CVSS score: N/A, concerns a use-after-free bug in Dawn, an open-source and...

8.8CVSS7.5AI score0.2202EPSS
Exploits13
Microsoft CVE
Microsoft CVE
added 2026/03/17 1:9 a.m.29 views

Chromium: CVE-2026-3909 Out of bounds write in Skia

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2026-3909 exists in the wild...

8.8CVSS6.9AI score0.01629EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25743

microsoftupdate securityupdate Edge Microsoft Edge Stable Channel Version 146.0.3856.59 ・CVE-2025-0385 ・CVE-2026-3910 「The Chromium team reported that CVE-2026-3910 has an exploit in the wild, and this update contains a fix for it.」...

8.8CVSS5.8AI score0.02EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/03/14 5:11 a.m.18 views

Chromium: CVE-2026-3910 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2026-3910 exists in the wild...

8.8CVSS6.1AI score0.02EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/03/13 9:17 a.m.7 views

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities is as follows - CVE-2026-3909 CVSS score: 8.8 - An out-of-bounds write vulnerability in the Skia 2D graphi...

8.8CVSS6.7AI score0.2202EPSS
Exploits13
Information Security Automation
Information Security Automation
added 2026/03/12 3:14 p.m.14 views

About Elevation of Privilege - Desktop Window Manager (CVE-2026-21519) vulnerability

About Elevation of Privilege - Desktop Window Manager CVE-2026-21519 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Desktop Window Manager is a compositing window manager included in Windows starting with Windows Vista. A Type Confusion error CWE-843 in Desktop...

7.8CVSS6AI score0.0242EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2026/03/12 9:6 a.m.13 views

About Elevation of Privilege - Windows RDS (CVE-2026-21533) vulnerability

About Elevation of Privilege - Windows RDS CVE-2026-21533 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Remote Desktop Services RDS is a component of Microsoft Windows that allows a user to initiate and control an interactive session on a remote computer or virtua...

7.8CVSS6AI score0.03846EPSS
Exploits5
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.11 views

VisualLeakBench: Auditing the Fragility of Large Vision-Language Models against PII Leakage and Social Engineering

As Large Vision-Language Models LVLMs are increasingly deployed in agent-integrated workflows and other deployment-relevant settings, their robustness against semantic visual attacks remains under-evaluated -- alignment is typically tested on explicit harmful content rather than privacy-critical...

5.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2026/03/09 10:59 p.m.49 views

About Remote Code Execution – Windows Shell (CVE-2026-21510) vulnerability

About Remote Code Execution - Windows Shell CVE-2026-21510 vulnerability. A vulnerability from the February Microsoft Patch Tuesday. The Windows Shell is the primary interface through which users interact with the Windows operating system. It includes visible elements such as the Desktop, Taskbar...

8.8CVSS6.6AI score0.25835EPSS
Exploits3
Rows per page
Query Builder