LiteSpeed cPanel Plugin CVE-2026-48172 Exploited for Root Scripts
LiteSpeed says CVE-2026-48172 is being actively exploited in its user-end cPanel plugin.…
Langflow CVE-2025-34291: Token Hijack and RCE Added to CISA KEV
Langflow CVE-2025-34291 can turn a malicious webpage into account takeover and RCE…
Trend Micro Apex One CVE-2026-34926 Exploited in the Wild
Trend Micro patched an Apex One on-prem directory traversal flaw after observing…
Microsoft Defender CVE-2026-41091 and CVE-2026-45498 Exploited
Microsoft says two Defender flaws have been exploited. CISA added both to…
Drupal Core CVE-2026-9082: PostgreSQL SQL Injection Patch
Drupal core CVE-2026-9082 is a highly critical PostgreSQL SQL injection flaw. Check…
SonicWall CVE-2024-12802: MFA Bypass Still Exposes SSL-VPNs
SonicWall CVE-2024-12802 can leave SSL-VPN MFA bypassable when firmware is patched but…
ChromaDB CVE-2026-45829 Allows Pre-Auth Server Takeover
HiddenLayer disclosed ChromaToast, a pre-auth RCE in ChromaDB Python FastAPI server deployments…
YellowKey BitLocker Bypass PoC Targets TPM-Only Windows 11 Drives
A public YellowKey proof-of-concept claims a BitLocker bypass path on Windows 11…
Microsoft Word Preview Pane RCE Bugs Put Outlook Users at Risk
Microsoft patched two critical Word RCE bugs where the Preview Pane is…
Fortinet Fixes Critical RCE Flaws in FortiAuthenticator and FortiSandbox
Fortinet patched critical unauthenticated RCE flaws in FortiAuthenticator and FortiSandbox, making exposure…
Exim CVE-2026-45185 Dead.Letter Can Lead to Mail Server RCE
Exim 4.99.3 fixes CVE-2026-45185 Dead.Letter, a GnuTLS/BDAT use-after-free that can expose internet-facing…
Ollama CVE-2026-7482 Can Leak Prompts and API Keys
Cyera disclosed Bleeding Llama, an Ollama memory-leak flaw that can expose prompts,…