325 items
Unread (2117) All Dismissed
CRITICAL
CVE-2026-23652 (CVSS 10) — Improper neutralization of special elements used in a command ('command injection') in Microsoft Pow...
NVD CVE-2026-23652 14d ago
CRITICAL
CVE-2026-9082: Drupal Core SQL Injection Vulnerability (Drupal Core)
CISA KEV CVE-2026-9082actively-exploited +4 15d ago
INFO
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
The Hacker News 15d ago
INFO
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
SecurityWeek 15d ago
INFO
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
SecurityWeek 14d ago
INFO
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The Hacker News 13d ago
CRITICAL
CVE-2026-6960 (CVSS 9.8) — The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil...
NVD CVE-2026-6960 15d ago
CRITICAL
CVE-2026-5118 (CVSS 9.8) — The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, ...
NVD CVE-2026-5118 15d ago
CRITICAL
CVE-2026-6279 (CVSS 9.8) — The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code...
NVD CVE-2026-6279 15d ago
CRITICAL
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability (LiteSpeed cPanel Plugin)
CISA KEV CVE-2026-48172actively-exploited +2 11d ago
CRITICAL
CVE-2026-48172 (CVSS 9.8) — LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp...
NVD 16d ago
INFO
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
The Hacker News 13d ago
CRITICAL
CVE-2025-34291: Langflow Origin Validation Error Vulnerability (Langflow Langflow)
CISA KEV CVE-2025-34291actively-exploited +1 16d ago
HIGH
CVE-2025-34291 (CVSS 8.8) — Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account tak...
NVD 182d ago
CRITICAL
CVE-2026-34926: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability (Trend Micro Apex One)
CISA KEV CVE-2026-34926actively-exploited +1 16d ago
INFO
TrendAI Patches Apex One Zero-Day Exploited in the Wild
SecurityWeek 14d ago
CRITICAL
CVE-2026-8631 (CVSS 9.8) — A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software...
NVD CVE-2026-8631 16d ago
CRITICAL
CVE-2026-9141 (CVSS 9.8) — Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability...
NVD CVE-2026-9141 16d ago
CRITICAL
CVE-2026-9139 (CVSS 9.8) — Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability ...
NVD CVE-2026-9139 16d ago
CRITICAL
CVE-2026-20223 (CVSS 10) — A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could a...
NVD CVE-2026-20223 +1 16d ago
INFO
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
The Hacker News 14d ago
CRITICAL
CVE-2026-42960 (CVSS 10) — NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous rec...
NVD CVE-2026-42960CVE-2025-11411 16d ago
CRITICAL
CVE-2026-33278 (CVSS 9.8) — NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC valid...
NVD CVE-2026-33278 16d ago
CRITICAL
CVE-2026-7637 (CVSS 9.8) — The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and includin...
NVD CVE-2026-7637 16d ago
CRITICAL
CVE-2026-7284 (CVSS 9.8) — The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to p...
NVD CVE-2026-7284 17d ago
CRITICAL
CVE-2026-6555 (CVSS 9.8) — The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up...
NVD CVE-2026-6555 17d ago
CRITICAL
CVE-2008-4250: Microsoft Windows Buffer Overflow Vulnerability (Microsoft Windows)
CISA KEV CVE-2008-4250actively-exploited 17d ago
CRITICAL
CVE-2009-1537: Microsoft DirectX NULL Byte Overwrite Vulnerability (Microsoft DirectX)
CISA KEV CVE-2009-1537actively-exploited 17d ago
CRITICAL
CVE-2009-3459: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability (Adobe Acrobat and Reader)
CISA KEV CVE-2009-3459actively-exploited 17d ago
CRITICAL
CVE-2010-0806: Microsoft Internet Explorer Use-After-Free Vulnerability (Microsoft Internet Explorer)
CISA KEV CVE-2010-0806actively-exploited 17d ago
CRITICAL
CVE-2026-41091: Microsoft Defender Link Following Vulnerability (Microsoft Defender)
CISA KEV CVE-2026-41091actively-exploited +2 17d ago
HIGH
CVE-2026-41091 (CVSS 7.8) — Improper link resolution before file access ('link following') in Microsoft Defender allows an autho...
NVD 16d ago
INFO
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
The Hacker News 15d ago
CRITICAL
CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability (Microsoft Defender)
CISA KEV CVE-2026-45498actively-exploited +1 17d ago
MEDIUM
CVE-2026-45498 (CVSS 4) — Microsoft Defender Denial of Service Vulnerability
NVD 16d ago
CRITICAL
CVE-2026-33642 (CVSS 9.9) — Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_comma...
NVD CVE-2026-33642 17d ago
CRITICAL
CVE-2026-8605 (CVSS 9.8) — In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to a...
NVD CVE-2026-8605 17d ago
CRITICAL
CVE-2026-8603 (CVSS 9.8) — In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute c...
NVD CVE-2026-8603 17d ago
CRITICAL
CVE-2026-8602 (CVSS 9.1) — In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow a...
NVD CVE-2026-8602 17d ago
CRITICAL
CVE-2026-43633 (CVSS 10) — HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal co...
NVD CVE-2026-43633 17d ago
CRITICAL
CVE-2026-4883 (CVSS 9.8) — The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file ty...
NVD CVE-2026-4883 17d ago
CRITICAL
CVE-2026-4885 (CVSS 9.8) — The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due...
NVD CVE-2026-4885 17d ago
CRITICAL
CVE-2026-42822 (CVSS 10) — Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to el...
NVD CVE-2026-42822 18d ago
CRITICAL
CVE-2018-25332 (CVSS 9.8) — GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attacke...
NVD CVE-2018-25332 19d ago
CRITICAL
CVE-2026-44774 (CVSS 9.9) — Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's K...
NVD CVE-2026-44774 21d ago
CRITICAL
CVE-2026-45772 (CVSS 9.8) — Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to ...
NVD CVE-2026-45772 21d ago
CRITICAL
CVE-2026-41315 (CVSS 9.8) — mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthoriz...
NVD CVE-2026-41315 22d ago
CRITICAL
CVE-2026-44484 (CVSS 9.8) — PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 an...
NVD CVE-2026-44484 22d ago
CRITICAL
CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (Palo Alto Networks PAN-OS)
CISA KEV CVE-2026-0257actively-exploited +5 8d ago
CRITICAL
CVE-2026-0257 (CVSS 9.1) — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks ...
NVD 23d ago
INFO
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
The Hacker News 6d ago
INFO
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
BleepingComputer 6d ago
INFO
Recent Palo Alto Networks Vulnerability Exploited for Weeks
SecurityWeek 4d ago
INFO
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
rss:unit42 13h ago
CRITICAL
CVE-2026-42557 (CVSS 9.6) — jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jup...
NVD CVE-2026-42557 23d ago
CRITICAL
CVE-2025-11159 (CVSS 9.1) — Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 da...
NVD CVE-2025-11159 23d ago
CRITICAL
CVE-2026-44343 (CVSS 9.8) — WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities aff...
NVD CVE-2026-44343 24d ago
CRITICAL
CVE-2026-40379 (CVSS 9.3) — Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized ...
NVD CVE-2026-40379 24d ago
CRITICAL
CVE-2026-7210 (CVSS 9.8) — `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding pro...
NVD CVE-2026-7210 25d ago
CRITICAL
CVE-2026-43995 (CVSS 9.8) — Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3....
NVD CVE-2026-43995 25d ago
CRITICAL
CVE-2026-42298 (CVSS 10) — Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability...
NVD CVE-2026-42298 28d ago
CRITICAL
CVE-2026-41889 (CVSS 9.8) — pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when ...
NVD CVE-2026-41889 28d ago
CRITICAL
CVE-2026-42796 (CVSS 9.8) — Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/c...
NVD CVE-2026-42796 32d ago
CRITICAL
CVE-2026-6942 (CVSS 9.8) — radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows rem...
NVD CVE-2026-6942 43d ago
CRITICAL
CVE-2026-6887 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vul...
NVD CVE-2026-6887 43d ago
CRITICAL
CVE-2026-6886 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication By...
NVD CVE-2026-6886 43d ago
CRITICAL
CVE-2026-6885 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File U...
NVD CVE-2026-6885 43d ago
CRITICAL CISA KEV Fri, 22 May 2026 00:00:00 UTC
CVE-2026-9082: Drupal Core SQL Injection Vulnerability (Drupal Core)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
TL;DR AI
A recent incident involved a vulnerability in the Zoom video conferencing platform, allowing hackers to gain unauthorized access to company systems and steal sensitive data. This vulnerability was discovered by the company in March 2023. The affected users are Zoom customers who used the company's free version.
CVE-2026-9082actively-exploited
Read full story ↗
Related coverage (4)
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
The Hacker News 15d ago
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
SecurityWeek 15d ago
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
SecurityWeek 14d ago
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The Hacker News 13d ago