389 matches found
About Cross Site Scripting - Microsoft Exchange (CVE-2026-42897) vulnerability
About Cross Site Scripting - Microsoft Exchange CVE-2026-42897 vulnerability. The vulnerability was fixed on May 14 outside the regular Microsoft Patch Tuesday cycle. Improper neutralization of input during web page generation CWE-79, XSS in Microsoft Exchange Server allows an unauthorized attack...
June Linux Patch Wednesday
June Linux Patch Wednesday. A total of 1,888 vulnerabilities 324 in the Linux kernel, and a whopping 728 in Chromium ❗️. For comparison, there were 1,638 vulnerabilities in May. The increase isn't as dramatic as it was from April to May, but it's still a new record. One of the vulnerabilities has...
June "In the Trend of VM" (#28): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities
June "In the Trend of VM" 28: Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. In the previous May edition, we covered four vulnerabilities. This time, there...
June Microsoft Patch Tuesday
June Microsoft Patch Tuesday. Last week I was on vacation in Veliky Novgorod, so I'm publishing this overview only now. A total of 202 vulnerabilities were addressed, approximately twice as many as in May. There are currently no vulnerabilities marked as exploited in the wild. However, there are...
About Elevation of Privilege - Microsoft Defender "RedSun" (CVE-2026-41091) vulnerability
About Elevation of Privilege - Microsoft Defender "RedSun" CVE-2026-41091 vulnerability. Microsoft Defender is a built-in security solution developed by Microsoft to protect the Windows operating system and user data from viruses, malware, and other cyber threats in real time. An improper link...
About Remote Code Execution - PAN-OS (CVE-2026-0300) vulnerability
About Remote Code Execution - PAN-OS CVE-2026-0300 vulnerability. PAN-OS is an operating system for Palo Alto Networks firewalls and security platforms. User-ID™ Authentication Portal also known as Captive Portal is a non-default PAN-OS feature used to map IP addresses to usernames. By exploiting...
May Linux Patch Wednesday
May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...
About Elevation of Privilege - Linux Kernel "Fragnesia" (CVE-2026-46300) vulnerability
About Elevation of Privilege - Linux Kernel "Fragnesia" CVE-2026-46300 vulnerability. The vulnerability was discovered by researcher William Bowling together with the V12 team. Fragnesia belongs to the class of Dirty Frag vulnerabilities. It is an error in the ESP/XFRM subsystem, distinct from...
May "In the Trend of VM" (#27): high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader
May "In the Trend of VM" 27: high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. While the previous April edition featured only one vulnerability, this one...
May Microsoft Patch Tuesday
May Microsoft Patch Tuesday. A total of 119 vulnerabilities, approximately 1.5 times fewer than in April. There are currently no vulnerabilities marked as actively exploited in the wild. However, there is one vulnerability with a public exploit: 🔸 EoP - Windows Kernel CVE-2026-40369. A detailed...
About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability
About Remote Code Execution - Apache ActiveMQ CVE-2026-34197 vulnerability. Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them. This...
Про уязвимость Spoofing - Microsoft SharePoint Server (CVE-2026-32201)
About Spoofing - Microsoft SharePoint Server CVE-2026-32201 vulnerability. A vulnerability from the April Microsoft Patch Tuesday. The description provided by Microsoft experts is extremely vague: "Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform...
About Elevation of Privilege vulnerability - Linux Kernel "Dirty Frag" (CVE-2026-43284, CVE-2026-43500) vulnerability
About Elevation of Privilege vulnerability - Linux Kernel "Dirty Frag" CVE-2026-43284, CVE-2026-43500 vulnerability. According to information from researcher Hyunwoo Kim @v4bel, Dirty Frag is a vulnerability a class of vulnerabilities that allows a local unprivileged attacker to obtain root...
About Elevation of Privilege - Linux Kernel "Copy Fail" (CVE-2026-31431) vulnerability
About Elevation of Privilege - Linux Kernel "Copy Fail" CVE-2026-31431 vulnerability. A local privilege escalation vulnerability in the Linux kernel AFALG component, which is caused by a memory handling flaw, allows an unprivileged user to escalate privileges to root. By exploiting this...
April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability
April "In the Trend of VM" 26: one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. Once again, it is single-vendor, Microsoft-related, and this time it could not be more compact. While the previous Marc...
April Linux Patch Wednesday
April Linux Patch Wednesday. In April, Linux vendors addressed 1,035 vulnerabilities - nearly twice as many as in March. One might assume that most of these would again be Linux Kernel vulnerabilities, but that's not the case! Linux Kernel vulnerabilities were relatively few - just 209. The...
April Microsoft Patch Tuesday
April Microsoft Patch Tuesday. A total of 167 vulnerabilities, about twice as many as in March. There is one vulnerability already being exploited in the wild: 🔻 Spoofing - Microsoft SharePoint Server CVE-2026-32201. ZDI experts say "Spoofing bugs in SharePoint often manifest as cross-site...
About Remote Code Execution - Adobe Reader (CVE-2026-34621) vulnerability
About Remote Code Execution - Adobe Reader CVE-2026-34621 vulnerability. Adobe Acrobat Reader from 2003 to 2015, "Adobe Reader" is a free PDF viewer developed by Adobe. Versions are available for Windows, macOS, Android, and iOS. The remote code execution vulnerability in Adobe Acrobat for Window...
About Remote Code Execution - Microsoft SharePoint (CVE-2026-20963) vulnerability
About Remote Code Execution - Microsoft SharePoint CVE-2026-20963 vulnerability. This vulnerability was fixed in the January MSPT. At the time of the MSPT release on January 13, VM vendors did not highlight this vulnerability in their reviews, and Microsoft reported no evidence of exploitation in...
March Linux Patch Wednesday
MarchLinux Patch Wednesday. In March, Linux vendors began addressing 575 vulnerabilities, which is 57 fewer than in February. Of these, 93 are in the Linux Kernel ⬇️ a significant decrease - there were 305 in February. There are two vulnerabilities with signs of in-the-wild exploitation: 🔻 RCE -...
March "In the Trend of VM" (#25): once again, vulnerabilities are only in Microsoft products
March "In the Trend of VM" 25: once again, vulnerabilities are only in Microsoft products. I present the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. As in February, it turned out to be quite compact and focused on a single vendor. 🗞 Post on Habr rus...
About the Remote Code Execution Vulnerability - n8n (CVE-2025-68613)
About Remote Code Execution Vulnerability - n8n CVE-2025-68613. n8n is a workflow automation platform available under a fair-code license. Improper Control of Dynamically-Managed Code Resources CWE-913 in the n8n workflow expression evaluation system allows a remote authenticated attacker without...
About Elevation of Privilege - Desktop Window Manager (CVE-2026-21519) vulnerability
About Elevation of Privilege - Desktop Window Manager CVE-2026-21519 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Desktop Window Manager is a compositing window manager included in Windows starting with Windows Vista. A Type Confusion error CWE-843 in Desktop...
About Elevation of Privilege - Windows RDS (CVE-2026-21533) vulnerability
About Elevation of Privilege - Windows RDS CVE-2026-21533 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Remote Desktop Services RDS is a component of Microsoft Windows that allows a user to initiate and control an interactive session on a remote computer or virtua...
March Microsoft Patch Tuesday
March Microsoft Patch Tuesday. A total of 79 vulnerabilities, about one and a half times more than in February. What's truly unusual is that this time there were no vulnerabilities with signs of exploitation in the wild or a public exploit! 🤔 At least not yet. 😏 The following vulnerabilities can ...
About Remote Code Execution – Windows Shell (CVE-2026-21510) vulnerability
About Remote Code Execution - Windows Shell CVE-2026-21510 vulnerability. A vulnerability from the February Microsoft Patch Tuesday. The Windows Shell is the primary interface through which users interact with the Windows operating system. It includes visible elements such as the Desktop, Taskbar...
About Remote Code Execution – Microsoft Word (CVE-2026-21514) vulnerability
About Remote Code Execution - Microsoft Word CVE-2026-21514 vulnerability. This vulnerability is from February Microsoft Patch Tuesday. Reliance on Untrusted Inputs in a Security Decision CWE-807 in Microsoft Office Word allows an unauthenticated attacker to bypass OLE security features when...
February Linux Patch Wednesday
FebruaryLinux Patch Wednesday. In February, Linux vendors addressed 632 vulnerabilities - 1.5× fewer than in January, including 305 in the Linux Kernel. Two vulnerabilities show signs of in-the-wild exploitation: 🔻 RCE - Chromium CVE-2026-2441 🔻 InfDisc - MongoDB "MongoBleed" CVE-2025-14847 Publi...
February “In the Trend of VM” (#24): vulnerabilities in Microsoft products
February "In the Trend of VM" 24: vulnerabilities in Microsoft products. A traditional monthly roundup of trending vulnerabilities. This time, compact and all-Microsoft. 🗞 Post on Habr rus 🗒 Digest on the PT website rus In total, two vulnerabilities: 🔻 RCE - Microsoft Office CVE-2026-21509 🔻...
February Microsoft Patch Tuesday
February Microsoft Patch Tuesday. A total of 55 vulnerabilities, half as many as in January. There are as many as six ❗️ vulnerabilities being exploited in the wild: 🔻 SFB/RCE - Windows Shell CVE-2026-21510 🔻 SFB/RCE - Microsoft Word CVE-2026-21514 🔻 SFB - MSHTML Framework CVE-2026-21513 🔻 EoP -...
I released Vulristics 1.0.11: added Server-Side Request Forgery (SSRF) as a distinct vulnerability type
I releasedVulristics 1.0.11: added Server-Side Request Forgery SSRF as a distinct vulnerability type. I try to use a very small set of base vulnerability types around 20 in Vulristics and map everything else to them. With a few exceptions, these are the same types Microsoft uses - and Microsoft...
About Remote Code Execution – Microsoft Office (CVE-2026-21509) vulnerability
About Remote Code Execution - Microsoft Office CVE-2026-21509 vulnerability. The vulnerability was urgently fixed on January 26, outside the regular Microsoft Patch Tuesday. Microsoft classified it as a Security Feature Bypass, but in fact, it is more of a Remote Code Execution. The vulnerability...
January “In the Trend of VM” (#23): vulnerabilities in Windows, React and MongoDB
January "In the Trend of VM" 23: vulnerabilities in Windows, React and MongoDB. Traditional monthly roundup of trending vulnerabilities. Launching the 2026 season. 🙂 🗞 Post on Habr rus 🗒 Digest on the PT website rus In total, three vulnerabilities: 🔻 EoP - Windows Cloud Files Mini Filter Driver...
January Linux Patch Wednesday
JanuaryLinux Patch Wednesday. In January, Linux vendors started fixing 918 vulnerabilities, one and a half times more than in December. Of these, 616 are in the Linux Kernel. Three show signs of exploitation in the wild: 🔻 AuthBypass - GNU Inetutils telnetd CVE-2026-24061 🔻 RCE - Safari...
Our PR team awarded me the “The Best Positive Speaker 2025” metal pin for public speaking, articles, and media commentary
Our PR team awarded me the “The Best Positive Speaker 2025” metal pin for public speaking, articles, and media commentary. Huge thanks to my colleagues for this! I’m very pleased. 😇 The collection is growing. 😉 This time, the pin is styled like the Friends sitcom logo. It’s made of metal, coated...
About Information Disclosure – Desktop Window Manager (CVE-2026-20805) vulnerability
About Information Disclosure - Desktop Window Manager CVE-2026-20805 vulnerability. Desktop Window Manager is a compositing window manager that has been part of Windows since Windows Vista. Exploitation of the vulnerability, which was addressed in the January Microsoft Patch Tuesday, allows a loc...
About Authentication Bypass – GNU Inetutils (CVE-2026-24061) vulnerability
About Authentication Bypass - GNU Inetutils CVE-2026-24061 vulnerability. GNU Inetutils is a collection of common network programs, including, among other things, a Telnet server telnetd. A vulnerability in GNU Inetutils telnetd allows a remote attacker to obtain a root shell on the host without...
About Information Disclosure – MongoDB “MongoBleed” (CVE-2025-14847) vulnerability
About Information Disclosure - MongoDB "MongoBleed" CVE-2025-14847 vulnerability. MongoDB is a popular NoSQL database that stores data as JSON-like documents with an optional schema. The project is licensed under the SSPL. A flaw in MongoDB’s handling of the data length parameter during zlib...
About SQL Injection – Django (CVE-2025-64459) vulnerability
About SQL Injection - Django CVE-2025-64459 vulnerability. Django is a free and open-source high-level Python web framework. The vulnerability allows attackers to manipulate database query logic by injecting internal query parameters connector and negated when applications pass user-controlled...
November Linux Patch Wednesday
NovemberLinux Patch Wednesday. In November, Linux vendors began fixing 516 vulnerabilities, one and a half times fewer than in October. Of these, 232 are in the Linux Kernel. One vulnerability is exploited in the wild: MemCor - Chromium CVE-2025-13223. Added to CISA KEV on November 19. For 64 mor...
November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux
November "In the Trend of VM" 21: vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux. The usual monthly roundup. After several months, here's a big one. Post on Habr rus Post on SecurityLab rus Digest on the PT website rus A total of nine vulnerabilities: RCE -...
November Microsoft Patch Tuesday
November Microsoft Patch Tuesday. A total of 65 vulnerabilities. I'm not comparing this with the October report because I've decided to cover only MSPT-day vulnerabilities. The thing is, Microsoft has started massively adding Linux-product vulnerabilities to their official website, and these...
About Remote Code Execution – Microsoft SharePoint “ToolShell” (CVE-2025-49704) vulnerability
About Remote Code Execution - Microsoft SharePoint "ToolShell" CVE-2025-49704 vulnerability. This vulnerability is from the Microsoft's July Patch Tuesday. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work...
About Elevation of Privilege – Windows Remote Access Connection Manager (CVE-2025-59230) vulnerability
About Elevation of Privilege - Windows Remote Access Connection Manager CVE-2025-59230 vulnerability. A vulnerability from the October Microsoft Patch Tuesday. The Windows Remote Access Connection Manager RasMan service is a core Windows component that manages dial-up and Virtual Private Network...
About Remote Code Execution – Windows LNK File (CVE-2025-9491) vulnerability
About Remote Code Execution - Windows LNK File CVE-2025-9491 vulnerability. A vulnerability in the Microsoft Windows shortcut .LNK handling mechanism allows malicious command-line arguments to be hidden in the Target field using whitespace characters, making them invisible to standard tools...
About Remote Code Execution – XWiki Platform (CVE-2025-24893) vulnerability
About Remote Code Execution - XWiki Platform CVE-2025-24893 vulnerability. XWiki is a free and open-source wiki platform written in Java, with a strong focus on extensibility. It supports WYSIWYG visual editing, importing and exporting documents in OpenDocument format, adding annotations and tags...
About Elevation of Privilege – Linux Kernel (CVE-2025-38001) vulnerability
About Elevation of Privilege - Linux Kernel CVE-2025-38001 vulnerability. It affects the Linux HFSC network scheduler module. An authenticated attacker can exploit this flaw to gain root privileges. This vulnerability is from the June Linux Patch Wednesday. In the Vulristics report, it was no...
About Remote Code Execution – Redis “RediShell” (CVE-2025-49844) vulnerability
About Remote Code Execution - Redis "RediShell" CVE-2025-49844 vulnerability. Redis is a popular in-memory key–value database, used as a distributed cache and message broker, with optional durability. This vulnerability allows a remote authenticated attacker to execute arbitrary code via a...
About Elevation of Privilege – Windows Agere Modem Driver (CVE-2025-24990) vulnerability
About Elevation of Privilege - Windows Agere Modem Driver CVE-2025-24990 vulnerability. The vulnerability is from Microsoft's October Patch Tuesday. Agere Modem Driver ltmdm64.sys is a software component that allows a computer to communicate with an Agere or LSI modem for dial‑up or fax...
About Cross Site Scripting – Zimbra Collaboration (CVE-2025-27915) vulnerability
About Cross Site Scripting - Zimbra Collaboration CVE-2025-27915 vulnerability. Zimbra Collaboration is a collaboration software suite, somewhat similar to Microsoft Exchange. Exploiting this vulnerability in the web mail client Classic Web Client allows an unauthenticated attacker to execute...