Vulnerabilities

Severity High Detail Microsoft has disclosed two zero-day vulnerabilities affecting Microsoft Defender that are currently being actively exploited in the wild. The vulnerabilities may allow attackers to escalate privileges or disrupt system availability, creating significant risk for enterprise environments. The issues are tracked as CVE-2026-41091 and CVE-2026-45498 and were publicly disclosed on May 19, 2026. […]

Severity High Detail A vulnerability has been identified in VMware Fusion that allows a local attacker to escalate privileges to root on affected systems. The issue, tracked as CVE-2026-41702, stems from a Time-of-Check Time-of-Use (TOCTOU) race condition within a SETUID binary. This occurs when a system validates a condition but later acts on it without […]

Severity Critical Detail A critical heap-based buffer overflow vulnerability, tracked as CVE-2026-41096, has been identified within the Microsoft WindowsDNS Client. The vulnerability centers on DNSAPI[.]dll, the foundational library used by every Windows process to translate domain names into IP addresses. Under normal conditions, this library allocates a specific amount of memory known as a buffer […]

Severity Critical Detail A critical security vulnerability has been discovered in SandboxJS, a widely used JavaScript sandboxing library available on npm. The vulnerability tracked as CVE-2026-43898, allows attackers to escape the sandbox environment and execute arbitrary code directly on the underlying host system potentially resulting in full Remote Code Execution (RCE) without requiring authentication or […]

Severity Medium Detail Microsoft has disclosed a security vulnerability affecting Microsoft Teams for Android that could allow attackers to perform spoofing attacks against users and organizations. The vulnerability tracked as CVE-2026-32185, was released as part of Microsoft’s May 2026 Patch Tuesday security updates. The flaw is caused by improper handling of file and directory access […]

Severity High Detail A high-severity vulnerability has been identified in Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO). The flaw tracked as CVE-2026-20188 is caused by insufficient rate limiting on incoming network connections. An unauthenticated remote attacker can exploit the vulnerability using low-complexity attacks to exhaust available connection resources and force affected […]

Severity Critical Detail A critical vulnerability has been identified in Palo Alto Networks PAN-OS software impacting PA-Series and VM-Series firewalls. The flaw tracked as CVE-2026-0300, is a buffer overflow vulnerability affecting the User-ID Authentication Portal (also known as the Captive Portal). This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges by […]

Severity High Detail A critical vulnerability has been identified in Apache HTTP Server, one of the most widely used web servers globally. The flaw, tracked as CVE-2026-23918, could allow attackers to execute malicious code remotely on affected systems. The vulnerability is caused by a “double free” memory corruption issue in the handling of HTTP/2 requests. […]

Severity Critical Detail A proof-of-concept (PoC) exploit has been publicly released for a critical vulnerability affecting Fortinet’s FortiSandbox, enabling attackers to execute arbitrary commands on vulnerable systems. Tracked as CVE-2026-39808, the vulnerability is classified as an OS command injection (CWE-78) issue caused by improper neutralization of special elements in system commands. This flaw allows a […]

Severity Medium Detail Microsoft has addressed a moderate-severity vulnerability in the Windows Snipping Tool that could allow attackers to steal user credentials through a spoofing attack. Tracked as CVE-2026-33829, the flaw was patched as part of the April 14, 2026, security updates. The vulnerability was discovered and reported by security researchers at Blackarrow (Tarlogic), highlighting […]

Updated on Apr 18, 2026 Detail Cisco has released security updates addressing multiple critical vulnerabilities affecting Identity Services Engine (ISE), ISE Passive Identity Connector (ISE-PIC), and Webex Services. These vulnerabilities could allow attackers to execute arbitrary code, impersonate legitimate users, or gain unauthorized control over affected systems. The issues primarily stem from insufficient validation of […]

Severity High Detail Microsoft has disclosed a high-severity vulnerability affecting Windows Active Directory, which could allow attackers to execute malicious code within enterprise environments. Tracked as CVE-2026-33826, the flaw enables authenticated attackers to perform remote code execution over an adjacent network, posing significant risk to affected systems. CVE ID Summary CVSS Score CVE-2026-33826 Improper input […]

Severity High Detail Cybersecurity researchers have identified a critical vulnerability affecting Adobe Acrobat Reader that is being actively exploited in the wild. The flaw, tracked as CVE-2026-34621, allows attackers to execute arbitrary code on affected systems. This vulnerability is associated with improper memory handling, which can be triggered when a user opens a specially crafted […]

Severity Critical Detail Cybersecurity researchers have identified a critical security vulnerability affecting Juniper Networks Support Insights Virtual Lightweight Collector (vLWC) appliances. This vulnerability allows unauthenticated attackers to remotely gain full administrative access to affected devices. The issue is caused using a default password that is pre-configured in the system and not enforced to be changed […]

Severity High Detail Cybersecurity researchers have identified five distinct security vulnerabilities affecting the TP-Link Archer AX53 v1.0 router. These flaws impact core components, including OpenVPN, dnsmasq, and tmpServer modules. When exploited, the vulnerabilities allow attackers on the same network (adjacent access) to execute system commands, crash services, and access sensitive configuration files, potentially leading to […]

Severity Critical Detail Palo Alto Networks has released an urgent update addressing a critical vulnerability in the Microsoft Teams integration for Cortex XSOAR and Cortex XSIAM, tracked as CVE-2026-0234. The flaw could allow unauthenticated attackers to access and modify sensitive data within affected systems. CVE ID Summary CVSS Score CVE-2026-0234 An improper verification of cryptographic […]

Severity critical Detail A critical zero-day vulnerability has been identified in Fortinet FortiClient Endpoint Management Server (EMS), allowing unauthenticated attackers to execute arbitrary commands on affected systems. The flaw, tracked as CVE-2026-35616, is actively exploited in the wild and poses a significant risk to enterprise environments relying on Fortinet endpoint management solutions. The vulnerability originates […]

Severity High Detail Apple has issued an emergency security update to address a critical vulnerability within its WebKit engine that affects iPhone, iPad, and Mac devices. The flaw, identified as CVE-2026-20643, has the potential to allow attackers to bypass core browser security protections through specially crafted web content. The vulnerability originates from improper handling within […]

Severity High Details Microsoft has released an out-of-band (OOB) hotpatch for Windows 11 to address multiple Remote Code Execution (RCE) vulnerabilities in the Routing and Remote Access Service (RRAS) management component. The vulnerabilities could allow attackers to execute arbitrary code on affected systems by tricking users into connecting to malicious servers or processing specially crafted […]

Severity High Detail Google has released an emergency update for the Chrome browser after discovering two high-severity zero-day vulnerabilities, tracked as CVE‑2026‑3909 and CVE‑2026‑3910, which are actively exploited in the wild. These vulnerabilities could allow attackers to execute arbitrary code, bypass browser protections, and potentially compromise host systems. CVE ID Summary Impact CVSS Score CVE‑2026‑3909 […]

Severity High Detail Cybersecurity researchers have discovered multiple security vulnerabilities in the Linux kernel’s AppArmor module that could allow unprivileged users to bypass security protections, escalate privileges to root, and weaken container isolation mechanisms. These vulnerabilities were identified by the Qualys Threat Research Unit (TRU) and are collectively referred to as CrackArmor. The flaws are […]

Severity High Detail A high-severity elevation of privilege vulnerability has been identified in Active Directory Domain Services (AD DS). The flaw allows an authenticated attacker with low privileges to escalate their access to SYSTEM level by exploiting improper validation of resource names within the service. This vulnerability was addressed by Microsoft during the Microsoft Patch […]

Severity High Detail Fortinet has released a security advisory regarding a high severity vulnerability affecting FortiManager. The vulnerability, tracked as CVE-2025-54820, has a CVSS score of 7.0 and may allow remote, unauthenticated attackers to execute unauthorized commands on affected systems. CVE ID Descrption CVSS Score CVE-2025-54820 A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet […]

Severity High Detail Microsoft released its February 2026 Patch Tuesday security updates addressing 58 vulnerabilities across Windows operating systems and related software components. This Patch Tuesday release also addresses five vulnerabilities rated Critical, including several Elevation of Privilege and Information Disclosure flaws. The update includes six zero-day vulnerabilities actively exploited in the wild, which may […]

Severity High Detail Google has released its March 2026 Android Security Bulletin, delivering patches for 129 security vulnerabilities — among them an actively exploited zero-day in a Qualcomm display/graphics component affecting a wide range of Android devices. CVE ID Vulnerability Type Impact CVSS Score CVE-2026-21385 Buffer Over-Read Occurs when user-supplied data causes an integer overflow […]

Severity High Detail A newly disclosed vulnerability has revealed that the AI-powered answer panel in Google’s Gemini can be manipulated by malicious websites, potentially allowing attackers to hijack the AI-generated content displayed to users. The issue affects how Gemini processes and summarizes web content for its AI Overview panel in search results. Security researchers demonstrated […]

Severity Critical Detail Cisco has released a critical security advisory detailing an actively exploited authentication bypass vulnerability in Cisco Catalyst SD-WAN products, tracked as CVE‑2026‑20127. This flaw has been exploited in targeted attacks and poses a severe risk to SD-WAN deployments. CVE ID Vulnerability Type Impact CVSS Score CVE‑2026‑20127 Improper Authentication (CWE-287) The flaw exists […]

SolarWinds has issued security updates addressing four critical remote code execution (RCE) vulnerabilities affecting its Serv-U file transfer software. If left unpatched, these flaws could allow attackers to gain root-level access to impacted servers. Serv-U is a self-hosted file transfer solution for Windows and Linux environments, offering Managed File Transfer (MFT) and FTP server capabilities. […]

Severity Critical Detail A critical security advisory has been released by HPE Aruba Networking to address several vulnerabilities in its Private 5G Core Platform that could allow hackers access to sensitive system data, disrupt services, and create unauthorized administrative accounts. The vulnerabilities, identified by the Communications Security Establishment (CSE) as CVE-2026-23595, CVE-2026-23596, CVE-2026-23597, and CVE-2026-23598, […]

Severity High Detail Microsoft has announced a zero-day vulnerability in Microsoft Office Word that enables attackers to bypass built-in security protections. Tracked as CVE-2026-21514, the issue was formally documented on February 10, 2026, and presents considerable risk to users globally. CVE-2026-21514 is categorized as a Security Feature Bypass vulnerability within Microsoft Word. The root cause […]

Severity: High Detail Fortinet has revealed a high-severity vulnerability in FortiOS, identified as CVE-2026-22153 (FG-IR-25-1052), which enables unauthenticated attackers to bypass LDAP authentication in Agentless VPN or Fortinet Single Sign-On (FSSO) policies. The flaw, categorized under CWE-305 (Authentication Bypass by Primary Weakness), resides in the fnbamd daemon and is triggered by specific LDAP server configurations […]

SeverityCritical Detail The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. The vulnerability stems from a deserialization of untrusted data issue that allows attackers to execute arbitrary commands on affected systems. Successful […]

Severity Critical Detail Ivanti has released updates for Endpoint Manager Mobile (EPMM) which addresses two critical severity vulnerabilities. Successful exploitation could lead to unauthenticated remote code execution. CVE Number  Description  CVSS Score (Severity) CVE-2026-1281 A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. 9.8 (Critical) CVE-2026-1340 A code […]

Severity Critical Detail Fortinet has confirmed an actively exploited, critical authentication bypass vulnerability affecting FortiCloud Single Sign-On (SSO), tracked as CVE-2026-24858. The flaw allows attackers to gain administrative access to FortiOS, FortiManager, and FortiAnalyzer devices belonging to other customers through FortiCloud SSO, even when devices were fully patched. CVE Number  Description  CVSS Score (Severity) CVE-2026-24858 […]

Severity High Detail Microsoft has released emergency out-of-band security updates to address a high-severity zero-day vulnerability in Microsoft Office that is actively being exploited in the wild. Tracked as CVE-2026-21509, the vulnerability is classified as a security feature bypass vulnerability and affects multiple Microsoft Office versions. CVE Number  Description  CVSS Score (Severity) CVE-2026-21509 Allows a […]

Severity: Critical Detail Cisco released security updates Thursday to address a maximum-severity bug in AsyncOS Software for Secure Email Gateway and Secure Email and Web Manager, following last month’s disclosure that the flaw was abused as a zero-day by China-linked threat group UAT-9686. CVE Number  Description  CVSS Score (Severity) CVE-2025-20393 A remote code execution issue […]

Severity:High DetailPalo Alto Networks has issued patches to address a critical vulnerability affecting the GlobalProtect Gateway and Portal. Identified as CVE-2026-0227, the flaw impacts next-generation firewalls running PAN-OS 10.1 or newer, as well as Prisma Access deployments where the GlobalProtect gateway or portal is activated. CVE-ID: CVE-2026-0227 CVSS Score (Severity): 7.7 (High) Description: A vulnerability […]

SeverityHigh DetailA high-severity RCE vulnerability affecting FortiOS and FortiSwitchManager has been disclosed by Fortinet. CVE Number  Description  CVSS Score (Severity) CVE-2025-25249 A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiSwitchManager cw_acd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. 7.4 (High) According to Fortinet, the […]

SeverityCritical Detail Trend Micro has released security updates to address multiple vulnerabilities affecting on-premise Windows installations of Apex Central, including a critical remote code execution (RCE) flaw that could allow attackers to execute arbitrary code with elevated privileges. The most severe vulnerability, CVE-2025-69258, is caused by improper handling of the LoadLibraryEX function. An unauthenticated remote […]

Severity : Critical Detail A newly identified vulnerability in the Net-SNMP suite, tracked as CVE-2025-68615, poses significant risks to organizations that depend on SNMP for network monitoring and management. CVE-2025-68615 carries a CVSS score of 9.8, placing it in the Critical category. The metrics highlight a High impact on confidentiality, integrity, and availability. In security […]

Severity Critical Detail CVE-2025-14847 is a critical vulnerability caused by improper handling of uninitialized heap memory in MongoDB’s zlib network message compression implementation. The flaw allows unauthenticated remote attackers to extract uninitialized memory contents from the MongoDB server by sending specially crafted compressed network messages. This exposed memory may contain sensitive information such as credentials, […]

Severity High Detail Security researchers have identified a critical vulnerability in the Windows Remote Access Connection Manager (RasMan) service that can be abused to crash the service and enable local arbitrary code execution with Local System privileges. The issue was discovered during an investigation of CVE-2025-59230, which Microsoft patched in October 2025. CVE-2025-59230 is an […]

Severity Critical Detail CVE-2025-59718 and CVE-2025-59719, both rated 9.8 on the CVSS scale, stem from flaws in how cryptographic signatures are checked. These vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. CVE Number  Description  CVSS Score (Severity) CVE-2025-59718 CVE-2025-59719 An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager may allow an […]

Severity Medium Detail Cybersecurity firm SonicWall has issued an urgent advisory instructing customers to apply patches for a high severity SonicOS SSLVPN flaw that could enable attackers to crash affected firewalls. Identified as CVE-2025-40601, this denial-of-service vulnerability is caused by a stack-based buffer overflow impacting Gen8 and Gen7 (hardware and virtual) firewalls. CVE Number  Description  […]

Severity High Detail NHS England Digital has issued a security alert regarding a 7-Zip vulnerability, CVE-2025-11001, that is currently being actively exploited in the wild. The advisory does not specify who detected the attacks or whether they are targeted or widespread. This vulnerability, along with CVE-2025-11002, was introduced in 7-Zip v21.02 and later fixed in […]

SubjectNew FortiWeb 0-Day Code Execution Flaw Actively Exploited Severity Medium Detail Fortinet has released a new security advisory addressing a critical OS command injection vulnerability impacting multiple FortiWeb versions. The flaw, tracked as CVE-2025-58034, has been confirmed to be actively exploited in real-world attacks. The vulnerability allows authenticated attackers to execute unauthorized commands on affected […]

Severity:High Detail:Google has rolled out new security updates for its Chrome browser to fix two vulnerabilities, one of which, CVE-2025-13223 — is already being actively exploited in the wild. The vulnerability was discovered and reported on November 12, 2025, by Clément Lecigne from Google’s Threat Analysis Group (TAG). CVE Number  Description  CVSS Score (Severity) CVE-2025-13223 […]

Severity Critical Detail Microsoft released an out-of-band update to fix a critical remote code execution vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287 (CVSS 9.8). The flaw is currently under active exploitation, with a public proof-of-concept (PoC) available. CVE Number  Description  CVSS Score (Severity) CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution […]

SeverityHigh Detail The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert for an actively exploited vulnerability in Microsoft Windows Remote Access Connection Manager. Tracked as CVE-2025-59230, this vulnerability stems from improper access control (CWE-284) in the Remote Access Connection Manager component, which fails to enforce adequate permission checks on critical system functions. […]

Severity High Detail Fortinet recently revealed a high-severity security flaw impacting its FortiPAM and FortiSwitch Manager products, which could allow attackers to bypass authentication through brute-force techniques. Identified as CVE-2025-49201, the vulnerability was internally discovered by Gwendal Guégniaud from Fortinet’s Product Security team and publicly disclosed on October 14, 2025. The issue arises from a […]