CVE Index

A threat actor gained access via compromised FortiGate SSL VPN credentials and deployed three publicly available Nightmare-Eclipse privilege escalation tools just eight days after release. A previously undocumented Go-ba

A critical out-of-bounds read vulnerability (CVE-2026-7482, CVSS 9.1) in Ollama enables unauthenticated attackers to exfiltrate entire process memory from over 300,000 servers. Two additional unpatched Windows vulnerabil

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

A critical out-of-bounds read vulnerability (CVE-2026-7482, CVSS 9.1) in Ollama enables unauthenticated attackers to exfiltrate entire process memory from over 300,000 servers. Two additional unpatched Windows vulnerabil

A critical out-of-bounds read vulnerability (CVE-2026-7482, CVSS 9.1) in Ollama enables unauthenticated attackers to exfiltrate entire process memory from over 300,000 servers. Two additional unpatched Windows vulnerabil

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

Twelve critical vulnerabilities in the widely-used vm2 Node.js sandbox library allow attackers to escape isolation and execute arbitrary code on host systems. Three vulnerabilities scored perfect 10.0 CVSS ratings, affec

New credential theft framework PCPJack exploits five CVEs to spread worm-like across cloud environments while deliberately removing TeamPCP artifacts. The campaign targets Docker, Kubernetes, and multiple cloud services

New credential theft framework PCPJack exploits five CVEs to spread worm-like across cloud environments while deliberately removing TeamPCP artifacts. The campaign targets Docker, Kubernetes, and multiple cloud services

New credential theft framework PCPJack exploits five CVEs to spread worm-like across cloud environments while deliberately removing TeamPCP artifacts. The campaign targets Docker, Kubernetes, and multiple cloud services

New credential theft framework PCPJack exploits five CVEs to spread worm-like across cloud environments while deliberately removing TeamPCP artifacts. The campaign targets Docker, Kubernetes, and multiple cloud services

New credential theft framework PCPJack exploits five CVEs to spread worm-like across cloud environments while deliberately removing TeamPCP artifacts. The campaign targets Docker, Kubernetes, and multiple cloud services

A use-after-free in Chrome

An auth bypass in cPanel/WHM was exploited as a zero-day from February 23 to April 28, compromising 44,000+ servers before a patch existed. 1.5 million servers remain at risk.

Microsoft

Microsoft

Microsoft

A 9-year-old Linux kernel bug in the AEAD crypto interface lets any local user overwrite any file

A command injection vulnerability in four end-of-life D-Link router models has been exploited by a Mirai variant since November 2025. D-Link confirmed no patch is coming. The only fix is hardware replacement.

GRU-affiliated APT28 exploited unpatched TP-Link routers to perform DNS hijacking against NATO members and Ukraine, capturing M365 credentials via adversary-in-the-middle infrastructure.

Anthropic

CVE-2026-50751, a critical logic flaw in Check Point VPN certificate validation, allows unauthenticated attackers to bypass passwords in IKEv1 configurations. Exploitation tied to Qilin ransomware began May 7, targeting

CVE-2026-50751, a critical logic flaw in Check Point VPN certificate validation, allows unauthenticated attackers to bypass passwords in IKEv1 configurations. Exploitation tied to Qilin ransomware began May 7, targeting

A critical path traversal flaw in Langflow enables unauthenticated remote code execution and is being actively exploited in the wild. With 7,000 exposed instances and no patch available, organizations running AI developm

Three chained vulnerabilities in LiteLLM let low-privilege users escalate to admin and execute code on AI gateway servers. Critical-severity chain exposes all provider keys, credentials, and prompts flowing through the p

Three chained vulnerabilities in LiteLLM let low-privilege users escalate to admin and execute code on AI gateway servers. Critical-severity chain exposes all provider keys, credentials, and prompts flowing through the p

TeamPCP threat actors compromised 42 TanStack packages and infiltrated npm/PyPI repositories from Mistral AI, UiPath, OpenSearch, and Guardrails AI using GitHub Actions OIDC token hijacking. The worm produces validly att

CVE-2026-44338, a critical authentication bypass in PraisonAI

University of Toronto researchers built a proof-of-concept AI worm that uses local open-weight LLMs to autonomously reason through networks, generate runtime exploits, and self-replicate—compromising 62% of test hosts wi

University of Toronto researchers built a proof-of-concept AI worm that uses local open-weight LLMs to autonomously reason through networks, generate runtime exploits, and self-replicate—compromising 62% of test hosts wi

Critical heap buffer overflow in NGINX versions 0.6.27 through 1.30.0 is being actively exploited in the wild. The vulnerability, introduced in 2008, allows unauthenticated attackers to crash worker processes or achieve

A single line of debug code left in production builds of six Microsoft 365 Android apps disabled authentication checks, allowing any app on the device to steal user account tokens without password prompts or user interac

Three chained vulnerabilities in LiteLLM let low-privilege users escalate to admin and execute code on AI gateway servers. Critical-severity chain exposes all provider keys, credentials, and prompts flowing through the p

A single line of debug code left in production builds of six Microsoft 365 Android apps disabled authentication checks, allowing any app on the device to steal user account tokens without password prompts or user interac

A single line of debug code left in production builds of six Microsoft 365 Android apps disabled authentication checks, allowing any app on the device to steal user account tokens without password prompts or user interac

A single line of debug code left in production builds of six Microsoft 365 Android apps disabled authentication checks, allowing any app on the device to steal user account tokens without password prompts or user interac

Three chained vulnerabilities in LiteLLM let low-privilege users escalate to admin and execute code on AI gateway servers. Critical-severity chain exposes all provider keys, credentials, and prompts flowing through the p

Threat actors deployed an LLM agent for post-exploitation after breaching a Marimo notebook via CVE-2026-39987, exfiltrating a complete PostgreSQL database in under two minutes. The attack demonstrates how AI agents enab

A security startup

A security startup

Threat actors are exploiting CVE-2026-35616, a critical authentication bypass in FortiClient EMS, to deploy credential-stealing malware disguised as legitimate Fortinet updates. The attack abuses trusted endpoint managem

The ShinyHunters extortion crew exploited CVE-2026-35273, a 9.8-severity zero-day in Oracle PeopleSoft, to breach over 100 organizations—68% of them universities. Oracle patched after attackers had already exfiltrated st

A critical path traversal flaw in Langflow enables unauthenticated remote code execution and is being actively exploited in the wild. With 7,000 exposed instances and no patch available, organizations running AI developm

Critical heap buffer overflow in NGINX versions 0.6.27 through 1.30.0 is being actively exploited in the wild. The vulnerability, introduced in 2008, allows unauthenticated attackers to crash worker processes or achieve

Critical heap buffer overflow in NGINX versions 0.6.27 through 1.30.0 is being actively exploited in the wild. The vulnerability, introduced in 2008, allows unauthenticated attackers to crash worker processes or achieve

Critical heap buffer overflow in NGINX versions 0.6.27 through 1.30.0 is being actively exploited in the wild. The vulnerability, introduced in 2008, allows unauthenticated attackers to crash worker processes or achieve

CVE-2026-23111, a one-character typo in nf_tables, lets unprivileged users escalate to root and escape containers. Patched February 5, exploits published in April and June—update and reboot now.

Russian FSB-linked threat group Gamaredon weaponizes CVE-2025-8088 WinRAR vulnerability to deliver modular malware framework targeting Ukrainian organizations. Attack chain deploys GammaPhish HTML applications, GammaWorm

A critical path traversal flaw in Langflow enables unauthenticated remote code execution and is being actively exploited in the wild. With 7,000 exposed instances and no patch available, organizations running AI developm

A critical 9.8 CVSS vulnerability in Splunk Enterprise allows unauthenticated attackers to achieve remote code execution through exposed PostgreSQL sidecar endpoints. WatchTowr Labs published a detailed exploit chain exp

A security startup

A critical path traversal flaw in Langflow enables unauthenticated remote code execution and is being actively exploited in the wild. With 7,000 exposed instances and no patch available, organizations running AI developm

Palo Alto Networks CVE-2026-0257 authentication bypass vulnerability is being actively exploited in the wild, allowing attackers to establish unauthorized VPN connections. Rapid7 confirms successful exploitation across n

Russian FSB-linked threat group Gamaredon weaponizes CVE-2025-8088 WinRAR vulnerability to deliver modular malware framework targeting Ukrainian organizations. Attack chain deploys GammaPhish HTML applications, GammaWorm

Anonymous researcher Chaotic Eclipse disclosed two critical Windows zero-days: YellowKey enables BitLocker bypass through Windows Recovery Environment in minutes, while GreenPlasma allows SYSTEM-level privilege escalatio

A critical path traversal flaw in Langflow enables unauthenticated remote code execution and is being actively exploited in the wild. With 7,000 exposed instances and no patch available, organizations running AI developm

Chinese APT group Velvet Ant compromised the Linux login layer itself—backdooring PAM modules and OpenSSH binaries on air-gapped networks since 2016. Sygnia researchers found nine variants recording credentials where ord

A newly disclosed Windows zero-day vulnerability dubbed MiniPlasma allows unprivileged users to escalate to SYSTEM-level access through a flaw in the Print Spooler service. Proof-of-concept code is now publicly available