Flowise Chatflow RCE
Flowise CVE-2026-40933 can turn a malicious chatflow import into server-side command execution.…
7-Zip CVE-2026-48095 Fix
CVE-2026-48095 is a 7-Zip NTFS handler heap overflow fixed in 7-Zip 26.01.…
UniFi OS Patch Guide
Ubiquiti patched five UniFi OS vulnerabilities, including three CVSS 10 critical flaws.…
MiniPlasma Windows Zero-Day PoC Gives Local Users SYSTEM Access
A public MiniPlasma proof-of-concept shows local privilege escalation to SYSTEM on fully…
Anthropic Mythos Helped Build a macOS M5 Kernel Exploit
Calif says researchers used Anthropic’s Mythos Preview to build a local macOS…
Avada Builder CVEs Put WordPress Sites at File Read and SQLi Risk
Avada Builder patched two WordPress vulnerabilities that could expose server files or…
FunnelKit Checkout Skimmer Hits WooCommerce Payment Pages
Attackers are abusing vulnerable FunnelKit/Funnel Builder installations to inject checkout skimmers into…
NGINX CVE-2026-42945 Exposes Rewrite Rules to Crash and RCE Risk
CVE-2026-42945 affects NGINX rewrite rules that combine unnamed PCRE captures with question-mark…
Burst Statistics CVE-2026-8181 Exploited for WordPress Admin Takeover
Attackers are exploiting CVE-2026-8181 in the Burst Statistics WordPress plugin. Update to…
Cisco Catalyst SD-WAN CVE-2026-20182 Exploited in Limited Attacks
Cisco patched CVE-2026-20182, a critical Catalyst SD-WAN authentication bypass under limited exploitation.…
Fragnesia CVE-2026-46300 Gives Linux Attackers Root Access
Fragnesia is a separate Linux kernel flaw in the Dirty Frag class.…
cPanel CVE-2026-41940 Exploited to Drop Filemanager Backdoor
Attackers are exploiting cPanel & WHM CVE-2026-41940 to deploy a Filemanager backdoor,…