Gogs RCE Zero-Day: Check Open Registration
Rapid7 disclosed a critical unpatched Gogs RCE path. Check open registration, repository…
MiniPlasma Windows Zero-Day PoC Gives Local Users SYSTEM Access
A public MiniPlasma proof-of-concept shows local privilege escalation to SYSTEM on fully…
Avada Builder CVEs Put WordPress Sites at File Read and SQLi Risk
Avada Builder patched two WordPress vulnerabilities that could expose server files or…
FunnelKit Checkout Skimmer Hits WooCommerce Payment Pages
Attackers are abusing vulnerable FunnelKit/Funnel Builder installations to inject checkout skimmers into…
NGINX CVE-2026-42945 Exposes Rewrite Rules to Crash and RCE Risk
CVE-2026-42945 affects NGINX rewrite rules that combine unnamed PCRE captures with question-mark…
Burst Statistics CVE-2026-8181 Exploited for WordPress Admin Takeover
Attackers are exploiting CVE-2026-8181 in the Burst Statistics WordPress plugin. Update to…
Exchange Server CVE-2026-42897 Exploited Through Crafted OWA Email
Microsoft says Exchange Server CVE-2026-42897 has exploitation detected. The current protection path…
Cisco Catalyst SD-WAN CVE-2026-20182 Exploited in Limited Attacks
Cisco patched CVE-2026-20182, a critical Catalyst SD-WAN authentication bypass under limited exploitation.…
Fragnesia CVE-2026-46300 Gives Linux Attackers Root Access
Fragnesia is a separate Linux kernel flaw in the Dirty Frag class.…
Microsoft Word Preview Pane RCE Bugs Put Outlook Users at Risk
Microsoft patched two critical Word RCE bugs where the Preview Pane is…
Fortinet Fixes Critical RCE Flaws in FortiAuthenticator and FortiSandbox
Fortinet patched critical unauthenticated RCE flaws in FortiAuthenticator and FortiSandbox, making exposure…
Exim CVE-2026-45185 Dead.Letter Can Lead to Mail Server RCE
Exim 4.99.3 fixes CVE-2026-45185 Dead.Letter, a GnuTLS/BDAT use-after-free that can expose internet-facing…