VULNERABILITY 124

• New Ubuntu Flaw Enables Local Attackers to Gain Root Access Mar 18, 2026
• Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access Mar 18, 2026
• Schneider Electric SCADAPack and RemoteConnect Vulnerability Advisory Mar 17, 2026
• Researchers Find Data Leak Risk in AWS Bedrock AI Code Interpreter Mar 16, 2026
• This Android Vulnerability Can Break Your Lock Screen in Under 60 Seconds Mar 12, 2026
• Hewlett Packard Enterprise Fixes Critical Authentication Bypass in Aruba AOS-CX Mar 11, 2026
• Honeywell IQ4x BMS Controller Vulnerability Advisory Mar 10, 2026
• Improper File Access Permission Settings in Digital Arts Products Mar 9, 2026
• Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking Mar 8, 2026
• Delta Electronics CNCSoft-G2 Vulnerability Advisory Mar 5, 2026
• High-severity Qualcomm Bug Hits Android Devices in Targeted Attacks Mar 4, 2026
• Critical Juniper Networks PTX Flaw Allows Full Router Takeover Feb 26, 2026
• Critical Cisco SD-WAN Bug Exploited in Zero-Day Attacks 🚨 Feb 25, 2026
• RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN Feb 24, 2026
• Welker OdorEyes EcoSystem Pulse Bypass System Vulnerability Alert Feb 19, 2026
• Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot Feb 18, 2026
• Chinese APT Group Exploits Dell Zero-Day for Two Years Feb 18, 2026
• Delta Electronics ASDA-Soft Vulnerability Advisory Feb 17, 2026
• RoguePilot - Exploiting GitHub Copilot for a Repository Takeover Feb 16, 2026
• Full Disclosure Authenticated RCE Vulnerabilities in Netgate pfSense Feb 16, 2026
• Siemens Siveillance Video Management Servers Vulnerability Advisory Feb 12, 2026
• Critical Vulnerability in Airleader Master Exposed Feb 12, 2026
• Were Telcos Warned About the Ancient Telnet Bug? Feb 11, 2026
• BeyondTrust Fixes Critical Pre-Auth Bug Allowing Remote Code Execution Feb 9, 2026
• Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks Feb 6, 2026
• APT28 - Geofencing as a Targeting Signal (CVE-2026-21509 Campaign) Feb 4, 2026
• Vulnerability Alert Mitsubishi Electric FREQSHIP-mini for Windows Feb 3, 2026
• Critical Vulnerability in Synectix LAN 232 TRIO Exposed Feb 3, 2026
• Mutagen Astronomy From Discovery to CISA Recognition—A Seven-Year Journey Feb 2, 2026
• Mutagen Astronomy - From Discovery to CISA Recognition—A Seven-Year Journey Feb 2, 2026
• Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys Feb 1, 2026
• Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core Jan 27, 2026
• Critical sandbox escape flaw found in popular vm2 NodeJS library Jan 27, 2026
• Ticket to Shell - Exploiting PHP Filters and CNEXT in osTicket (CVE-2026-22200) Jan 22, 2026
• Delta Electronics DIAView Vulnerability Advisory Jan 22, 2026
• Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems Jan 20, 2026
• New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs Jan 19, 2026
• Fast Pair, loose security - Bluetooth accessories open to silent hijack Jan 17, 2026
• A single click mounted a covert, multistage attack against Copilot Jan 14, 2026
• CVE-2025-64155 | Fortinet FortiSIEM Jan 13, 2026
• CVE-2026-22200 Jan 12, 2026
• Public PoC prompts Cisco patch for ISE, ISE-PIC vulnerability Jan 8, 2026
• Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers Jan 7, 2026
• High-Severity Flaw in Open WebUI Affects AI Connections Jan 6, 2026
• Hackers attack WatchGuard Firebox firewalls 120K IPs exposed and vulnerable Dec 22, 2025
• New React Rsc Vulnerabilities Enable.Html Dec 14, 2025
• CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks Dec 14, 2025
• Multiple India-based CCTV Cameras Dec 9, 2025
• King Addons flaw lets anyone become WordPress admin Dec 3, 2025
• Weaponized file name flaw makes updating glob an urgent job Nov 23, 2025
• Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges Nov 23, 2025
• Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update Nov 23, 2025
• Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage Nov 17, 2025
• U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog Nov 15, 2025
• Patch now Samsung zero-day lets attackers take over your phone Nov 11, 2025
• Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover Nov 5, 2025
• OpenAI Atlas Browser Vulnerability Allows Malicious Code Injection into ChatGPT Oct 27, 2025
• Hackers exploiting Windows updates Microsoft urges users to patch Oct 27, 2025
• 706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online – PoC Released Oct 26, 2025
• Hackers exploiting critical vulnerability in Windows Server Update Service Oct 25, 2025
• Anomali Cyber Watch - Nimbus Manticore, Spoofed IC3 Portals, a Record-Breaking DDoS Attack, and More Oct 23, 2025
• PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability Oct 20, 2025
• WatchGuard VPN Vulnerability Let Remote Attacker Execute Arbitrary Code Oct 19, 2025
• New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login Oct 12, 2025
• The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn Oct 7, 2025
• 13-year-old Critical Redis RCE Vulnerability Let Attackers Gain Full Access to Host System Oct 7, 2025
• Microsoft Critical GoAnywhere bug exploited in ransomware attacks Oct 6, 2025
• New WireTap Attack Breaks Server SGX to Exfiltrate Sensitive Data Oct 5, 2025
• Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems Sep 25, 2025
• Cisco warns of IOS zero-day vulnerability exploited in attacks Sep 24, 2025
• CISA Details That Hackers Gained Access to a U.S. Federal Agency Network Via GeoServer RCE Vulnerability Sep 24, 2025
• Microsoft Fixed Entra ID Vulnerability Allowing Global Admin Impersonation Sep 23, 2025
• Microsoft Entra ID flaw allowed hijacking any company's tenant Sep 22, 2025
• Google Chrome 0-Day Vulnerability Actively Exploited in the Wild – Patch Now Sep 18, 2025
• How a Plaintext File On Users’ Desktops Exposed Secrets Leads to Akira Ransomware Attacks Sep 17, 2025
• IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions Sep 15, 2025
• New HybridPetya Weaponizing UEFI Vulnerability to Bypass Secure Boot on Outdated Systems Sep 12, 2025
• DELMIA Factory Software Vulnerability Exploited in Attacks Sep 12, 2025
• Microsoft Patch Tuesday, September 2025 Edition Sep 9, 2025
• Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack Sep 8, 2025
• Severe Hikvision HikCentral Product Flaws What You Need to Know Sep 4, 2025
• CMS Provider Sitecore Patches Exploited Critical Zero Day Sep 4, 2025
• Hidden Commands in Images Exploit AI Chatbots and Steal Data Sep 1, 2025
• Critical Next.js Framework Vulnerability Let Attackers Bypass Authorization Sep 1, 2025
• WhatsApp patches vulnerability exploited in zero-day attacks Aug 29, 2025
• Critical Docker Desktop flaw lets attackers hijack Windows hosts Aug 25, 2025
• Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in Aug 19, 2025
• Critical RCE Vulnerability in Cisco Firewall Management Software Under Active Exploitation Aug 15, 2025
• Update WinRAR tools now RomCom and others exploiting zero-day vulnerability Aug 11, 2025
• New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP Aug 10, 2025
• OWASP AIVSS targets agentic AI risk Aug 6, 2025
• Critical Vulnerability Impacting Over 100K Sites Patched in Everest Forms Plugin Aug 6, 2025
• SonicWall investigates possible zero-day amid Akira ransomware surge Aug 5, 2025
• Cursor IDE Persistent Code Execution via MCP Trust Bypass Aug 5, 2025
• Critical Vulnerability in NestJS Devtools Localhost RCE via Sandbox Escape Aug 1, 2025
• AI-powered Cursor IDE vulnerable to prompt-injection attacks Aug 1, 2025
• Attackers Actively Exploiting Critical Vulnerability in Alone Theme Jul 29, 2025
• Account Takeover Vulnerability Affecting Over 400K Installations Patched in Post SMTP Plugin Jul 23, 2025
• How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance Jul 22, 2025
• BIDI Swap Unmasking the Art of URL Misleading with Bidirectional Text Tricks Jul 22, 2025
• The Internet Red Button a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks Jul 21, 2025
• Microsoft Fix Targets Attacks on SharePoint Zero-Day Jul 21, 2025
• Flaw in Signal App Clone Could Leak Passwords — GreyNoise Identifies Active Reconnaissance and Exploit Attempts Jul 17, 2025
• Zyxel security advisory for path traversal vulnerability in APs Jul 15, 2025
• eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks Jul 14, 2025
• Critical RCE Vulnerability in mcp-remote CVE-2025-6514 Threatens LLM Clients Jul 9, 2025
• Count(er) Strike – Data Inference Vulnerability in ServiceNow Jul 9, 2025
• Critical Sudo bugs expose major Linux distros to local Root exploits Jul 4, 2025
• Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks Jul 2, 2025
• Critical Vulnerability in Microsens Devices Exposes Systems to Hackers Jul 1, 2025
• Zero-day Bluetooth gap turns millions of headphones into listening stations Jun 26, 2025
• Gogs Remote Command Execution Vulnerability (CVE-2024-56731) Jun 26, 2025
• Cisco ISE Vulnerability Allows Remote Attackers to Execute Malicious Commands Jun 26, 2025
• Realtek Bluetooth Flaw Allows Attackers to Launch DoS Attacks During Pairing Jun 25, 2025
• Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent Jun 24, 2025
• Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack Jun 24, 2025
• Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User Jun 13, 2025
• Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction Jun 12, 2025
• EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data Jun 12, 2025
• Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited Jun 11, 2025
• NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073 Jun 11, 2025
• iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals Jun 9, 2025
• Qualcomm fixes three Adreno GPU zero-days exploited in attacks Jun 2, 2025
• Bypassing MTE with CVE-2025-0072 May 23, 2025