895 items
Unread (4634) All Dismissed
CRITICAL
CVE-2026-5118 (CVSS 9.8) — The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, ...
NVD CVE-2026-5118 28d ago
CRITICAL
CVE-2026-6279 (CVSS 9.8) — The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code...
NVD CVE-2026-6279 29d ago
CRITICAL
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability (LiteSpeed cPanel Plugin)
CISA KEV CVE-2026-48172actively-exploited +2 24d ago
CRITICAL
CVE-2026-48172 (CVSS 9.8) — LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp...
NVD 29d ago
INFO
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
The Hacker News 27d ago
CRITICAL
CVE-2025-34291: Langflow Origin Validation Error Vulnerability (Langflow Langflow)
CISA KEV CVE-2025-34291actively-exploited +1 29d ago
HIGH
CVE-2025-34291 (CVSS 8.8) — Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account tak...
NVD 195d ago
CRITICAL
CVE-2026-34926: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability (Trend Micro Apex One)
CISA KEV CVE-2026-34926actively-exploited +1 29d ago
INFO
TrendAI Patches Apex One Zero-Day Exploited in the Wild
SecurityWeek 28d ago
CRITICAL
CVE-2026-8631 (CVSS 9.8) — A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software...
NVD CVE-2026-8631 29d ago
CRITICAL
CVE-2026-9141 (CVSS 9.8) — Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability...
NVD CVE-2026-9141 29d ago
CRITICAL
CVE-2026-9139 (CVSS 9.8) — Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability ...
NVD CVE-2026-9139 29d ago
CRITICAL
CVE-2026-20223 (CVSS 10) — A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could a...
NVD CVE-2026-20223 +1 29d ago
INFO
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
The Hacker News 28d ago
CRITICAL
CVE-2026-42960 (CVSS 10) — NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous rec...
NVD CVE-2026-42960CVE-2025-11411 29d ago
CRITICAL
CVE-2026-33278 (CVSS 9.8) — NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC valid...
NVD CVE-2026-33278 29d ago
CRITICAL
CVE-2026-7637 (CVSS 9.8) — The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and includin...
NVD CVE-2026-7637 30d ago
CRITICAL
CVE-2026-7284 (CVSS 9.8) — The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to p...
NVD CVE-2026-7284 30d ago
CRITICAL
CVE-2026-6555 (CVSS 9.8) — The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up...
NVD CVE-2026-6555 30d ago
CRITICAL
CVE-2008-4250: Microsoft Windows Buffer Overflow Vulnerability (Microsoft Windows)
CISA KEV CVE-2008-4250actively-exploited 30d ago
CRITICAL
CVE-2009-1537: Microsoft DirectX NULL Byte Overwrite Vulnerability (Microsoft DirectX)
CISA KEV CVE-2009-1537actively-exploited 30d ago
CRITICAL
CVE-2009-3459: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability (Adobe Acrobat and Reader)
CISA KEV CVE-2009-3459actively-exploited 30d ago
CRITICAL
CVE-2010-0806: Microsoft Internet Explorer Use-After-Free Vulnerability (Microsoft Internet Explorer)
CISA KEV CVE-2010-0806actively-exploited 30d ago
CRITICAL
CVE-2026-41091: Microsoft Defender Link Following Vulnerability (Microsoft Defender)
CISA KEV CVE-2026-41091actively-exploited +2 30d ago
HIGH
CVE-2026-41091 (CVSS 7.8) — Improper link resolution before file access ('link following') in Microsoft Defender allows an autho...
NVD 29d ago
INFO
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
The Hacker News 28d ago
CRITICAL
CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability (Microsoft Defender)
CISA KEV CVE-2026-45498actively-exploited +1 30d ago
MEDIUM
CVE-2026-45498 (CVSS 4) — Microsoft Defender Denial of Service Vulnerability
NVD 29d ago
CRITICAL
CVE-2026-33642 (CVSS 9.9) — Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handle_compose_comma...
NVD CVE-2026-33642 30d ago
CRITICAL
CVE-2026-8605 (CVSS 9.8) — In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to a...
NVD CVE-2026-8605 30d ago
CRITICAL
CVE-2026-8603 (CVSS 9.8) — In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute c...
NVD CVE-2026-8603 30d ago
CRITICAL
CVE-2026-8602 (CVSS 9.1) — In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow a...
NVD CVE-2026-8602 30d ago
CRITICAL
CVE-2026-43633 (CVSS 10) — HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal co...
NVD CVE-2026-43633 30d ago
CRITICAL
CVE-2026-4883 (CVSS 9.8) — The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file ty...
NVD CVE-2026-4883 30d ago
CRITICAL
CVE-2026-4885 (CVSS 9.8) — The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due...
NVD CVE-2026-4885 31d ago
CRITICAL
CVE-2026-42822 (CVSS 10) — Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to el...
NVD CVE-2026-42822 31d ago
CRITICAL
CVE-2018-25332 (CVSS 9.8) — GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attacke...
NVD CVE-2018-25332 32d ago
CRITICAL
CVE-2026-44774 (CVSS 9.9) — Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's K...
NVD CVE-2026-44774 34d ago
CRITICAL
CVE-2026-45772 (CVSS 9.8) — Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to ...
NVD CVE-2026-45772 34d ago
CRITICAL
CVE-2026-41315 (CVSS 9.8) — mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthoriz...
NVD CVE-2026-41315 35d ago
CRITICAL
CVE-2026-44484 (CVSS 9.8) — PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 an...
NVD CVE-2026-44484 35d ago
CRITICAL
CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (Palo Alto Networks PAN-OS)
CISA KEV CVE-2026-0257actively-exploited +6 21d ago
CRITICAL
CVE-2026-0257 (CVSS 9.1) — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks ...
NVD 36d ago
INFO
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
The Hacker News 20d ago
INFO
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
BleepingComputer 19d ago
INFO
Recent Palo Alto Networks Vulnerability Exploited for Weeks
SecurityWeek 17d ago
INFO
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
rss:unit42 13d ago
INFO
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
The Hacker News 4d ago
CRITICAL
CVE-2026-42557 (CVSS 9.6) — jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jup...
NVD CVE-2026-42557 36d ago
CRITICAL
CVE-2025-11159 (CVSS 9.1) — Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 da...
NVD CVE-2025-11159 37d ago
CRITICAL
CVE-2026-44343 (CVSS 9.8) — WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities aff...
NVD CVE-2026-44343 37d ago
CRITICAL
CVE-2026-40379 (CVSS 9.3) — Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized ...
NVD CVE-2026-40379 37d ago
CRITICAL
CVE-2026-7210 (CVSS 9.8) — `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding pro...
NVD CVE-2026-7210 38d ago
CRITICAL
CVE-2026-43995 (CVSS 9.8) — Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3....
NVD CVE-2026-43995 38d ago
CRITICAL
CVE-2026-42298 (CVSS 10) — Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability...
NVD CVE-2026-42298 41d ago
CRITICAL
CVE-2026-41889 (CVSS 9.8) — pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when ...
NVD CVE-2026-41889 41d ago
CRITICAL
CVE-2026-42796 (CVSS 9.8) — Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/c...
NVD CVE-2026-42796 45d ago
CRITICAL
CVE-2026-42370 (CVSS 9) — A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V...
NVD CVE-2026-42370 46d ago
CRITICAL
CVE-2026-42364 (CVSS 9.9) — An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC20...
NVD CVE-2026-42364 46d ago
CRITICAL
CVE-2025-14543 (CVSS 9.1) — Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Cor...
NVD CVE-2025-14543 49d ago
CRITICAL
CVE-2026-6942 (CVSS 9.8) — radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows rem...
NVD CVE-2026-6942 56d ago
CRITICAL
CVE-2026-6887 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vul...
NVD CVE-2026-6887 56d ago
CRITICAL
CVE-2026-6886 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication By...
NVD CVE-2026-6886 56d ago
CRITICAL
CVE-2026-6885 (CVSS 9.8) — Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File U...
NVD CVE-2026-6885 56d ago
CRITICAL CISA KEV Tue, 26 May 2026 00:00:00 UTC
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability (LiteSpeed cPanel Plugin)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
TL;DR AI
Malicious cyber attackers exploited a publicly available vulnerability in an open-source security framework used by many organizations to protect their networks, compromising sensitive data and disrupting global supply chains. The attackers used the vulnerability to gain access to sensitive data, including financial information, intellectual property, and customer data. The attack highlights the importance of using secure technologies and frameworks to protect against such vulnerabilities.
CVE-2026-48172actively-exploited
Read full story ↗
Related coverage (2)
CVE-2026-48172 (CVSS 9.8) — LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exp...
NVD 29d ago
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
The Hacker News 27d ago