Tag: vulnerability

EMS Patch Trap

FortiClient EMS CVE-2026-35616 was abused to push EKZ Infostealer as a fake…

Brendan Smith

PAN-OS CVE-2026-0257 Patch

CISA added PAN-OS CVE-2026-0257 to KEV after exploitation. Check GlobalProtect portals and…

Stephanie Adlam

Gogs RCE Zero-Day: Check Open Registration

Rapid7 disclosed a critical unpatched Gogs RCE path. Check open registration, repository…

Stephanie Adlam

Ghost CMS Exploit Poisons 700 Sites for ClickFix Malware

Attackers are exploiting Ghost CMS CVE-2026-26980 to inject ClickFix loaders into trusted…

Stephanie Adlam

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited for Root Scripts

LiteSpeed says CVE-2026-48172 is being actively exploited in its user-end cPanel plugin.…

Stephanie Adlam

Langflow CVE-2025-34291: Token Hijack and RCE Added to CISA KEV

Langflow CVE-2025-34291 can turn a malicious webpage into account takeover and RCE…

Stephanie Adlam

Trend Micro Apex One CVE-2026-34926 Exploited in the Wild

Trend Micro patched an Apex One on-prem directory traversal flaw after observing…

Stephanie Adlam

Microsoft Defender CVE-2026-41091 and CVE-2026-45498 Exploited

Microsoft says two Defender flaws have been exploited. CISA added both to…

Stephanie Adlam

Drupal Core CVE-2026-9082: PostgreSQL SQL Injection Patch

Drupal core CVE-2026-9082 is a highly critical PostgreSQL SQL injection flaw. Check…

Stephanie Adlam

SonicWall CVE-2024-12802: MFA Bypass Still Exposes SSL-VPNs

SonicWall CVE-2024-12802 can leave SSL-VPN MFA bypassable when firmware is patched but…

Stephanie Adlam

ChromaDB CVE-2026-45829 Allows Pre-Auth Server Takeover

HiddenLayer disclosed ChromaToast, a pre-auth RCE in ChromaDB Python FastAPI server deployments…

Stephanie Adlam

YellowKey BitLocker Bypass PoC Targets TPM-Only Windows 11 Drives

A public YellowKey proof-of-concept claims a BitLocker bypass path on Windows 11…

Stephanie Adlam

AI Assistant

Hello! 👋 How can I help you today?