31 articles tagged #cve
CVE-2026-23111 is a Linux nf_tables privilege escalation, CVSS 7.8. A full working exploit dropped June 8. Patches available since February — if you haven't applied them yet, now is the deadline.
CVE-2026-46243 (CIFSwitch) is a Linux kernel LPE in the CIFS client, CVSS 7.8. Public PoC available since 27 May 2026. Patches are out — patch and reboot.
CVE-2026-28318: unauthenticated POST crashes SolarWinds Serv-U. CVSS 7.5, CISA KEV listed June 5, deadline June 19. Apply Serv-U 15.5.4 Hotfix 1.
CVE-2026-45247 Mirasvit Magento RCE via PHP deserialization in the Cache Warmer extension. CVSS 9.8. Active exploitation confirmed. Patch to 1.11.12.
CVE-2026-20230 affects Cisco Unified CM WebDialer. SSRF leads to arbitrary file write and root privilege escalation. Advisory published June 3, PoC confirmed.
CVE-2022-0492 is a logic bug in Linux cgroups v1 that lets a local attacker escape a container and get root on the host. CISA added it to KEV on June 2, 2026. Active exploitation is confirmed.
Docker Engine 29.5.3 patches CVE-2026-46680 via containerd 2.2.4 -- a flaw where containers with oversized USER IDs silently run as root despite runAsNonRoot: true.
CVE-2026-9256 (Poolslip) is a heap buffer overflow in NGINX's rewrite module affecting versions 0.1.17 through 1.31.0. Patching for Rift in May left you exposed. You need 1.30.2 or 1.31.1.
Google's June 2026 Android Security Bulletin includes CVE-2025-48595, an integer overflow in Framework that enables local privilege escalation. Google confirms active targeted exploitation. CISA added it to KEV on June 2 with a federal remediation deadline of June 5.
Seven kernel branches shipped June 1. Three security fixes land in 7.0.11 — TCP ISN leak, tap stack leak, and a keyring race. Dirty Frag is now half-patched: CVE-2026-43500 fixed, CVE-2026-43284 still open upstream.
Prometheus 3.12.0 (released May 28) patches two security issues: STACKIT service discovery exposed credentials in plaintext via the config endpoint, and remote write receivers had no limit on snappy decompression size.
CVE-2026-34040 lets attackers bypass Docker AuthZ plugins with a padded API request — upgrade to Moby 29.3.1 or later.
PAN-OS GlobalProtect has an authentication bypass via forged override cookies. Exploitation confirmed since May 17. Patch or disable the feature now.
The 23 May batch release patched a UDP/IPsec corruption bug, a ptrace vulnerability, and the Copy Fail LPE across all active LTS branches.
OpenSSH 10.3 patches five CVEs including a privilege escalation via legacy scp. Juniper confirmed Junos OS and Junos Evolved are affected.
CVE-2026-31431 lets any local user escalate to root on Linux 4.14+ via a logic flaw in the AF_ALG crypto socket interface. A 732-byte Python script works every time, on every major distro. Here is how to check your exposure and apply the fix.
CVE-2025-34291 in Langflow is a CVSS 9.4 chain that hands an attacker your entire SaaS stack — API keys, OAuth tokens, database credentials — from a single page visit. CISA added it to KEV on May 21 with a June 4 federal deadline.
Docker Engine 29.5.1 patches three vulnerabilities in docker cp, including one that let a malicious container execute arbitrary code as root on the host by hijacking the decompression binary lookup.
CVE-2026-9082 is an unauthenticated SQL injection in Drupal core affecting all PostgreSQL-backed installations from 8.9 through 11.3.9. CISA added it to the KEV catalog on May 22 — active exploitation confirmed.
Three Linux kernel LPEs in 14 days. This is a triage guide for sysadmins deciding which reboot to schedule first — and what to do until you can.
CVE-2026-20182: CVSS 10.0 auth bypass in Cisco SD-WAN, exploited by UAT-8616. No credentials needed. Patch now and audit SSH authorized_keys for backdoors.
CVE-2026-46333 lets unprivileged users steal SSH host keys and shadow passwords. Here is how to patch, mitigate, rotate keys, and audit for breach.
Google Project Zero built a zero-click root exploit for Pixel 10 in under a day. Arbitrary kernel read/write in 5 lines. 71 days to patch.
Researchers at Calif published the first public kernel exploit for macOS on M5 hardware that survives Apple's Memory Integrity Enforcement — a data-only LPE chain completed in five days.
CVE-2026-42945 is a critical heap buffer overflow in NGINX's rewrite module, present since 2008. Unauthenticated remote attackers can crash worker processes or achieve RCE. Patch now.
CVE-2026-7482 'Bleeding Llama' in Ollama leaks heap memory (API keys, env vars, chat history) to unauthenticated attackers. Patched in 0.17.1.
12 CVEs in vm2 disclosed May 7, 2026 — CVSS 9.1-10.0, all sandbox escapes. Patched in 3.11.2. If you run untrusted code under vm2, update today.
CVE-2026-41940 is a critical cPanel/WHM auth bypass via CRLF injection. CVSS 9.8. Shadowserver counted 44,000 compromised IPs by April 30. Patch now.
CVE-2026-31431 (Copy Fail) is a Linux kernel LPE, CVSS 7.8. Working PoC is public. CISA KEV. Patches out for Ubuntu, Debian, AlmaLinux, and RHEL.
Traefik 3.6.14 patches five CVEs. The critical one: CVE-2026-40912 bypasses ForwardAuth, BasicAuth, and DigestAuth via percent-encoded paths. Upgrade now.
Wazuh 4.14.5 hid five security advisories in routine release notes. One is a pre-auth stack overflow on port 1514. Upgrade today — a PoC lands in late July.