Advertisement
Cisco Unified Communications Manager: Urgent Patch for Active Exploitation
CISA mandates urgent patching for an actively exploited vulnerability in Cisco Unified Communications Manager, posing immediate risk to federal agencies and beyond.

Cisco CUCM SSRF Flaw: Rapid Exploitation & Root Privilege Escalation
Attackers are rapidly weaponizing a Cisco Unified CM server-side request forgery (SSRF) flaw, escalating privileges to root. Immediate patching is critical.
CVE-2024-20230: Critical RCE in Cisco Unified CM Actively Exploited
Cisco confirms active exploitation of CVE-2024-20230, a critical 9.9 CVSS vulnerability in Unified Communications Manager. Urgent patching is required.
CVE-2026-54420: LiteSpeed cPanel Plugin Flaw Under Active Exploit
CISA warns of active exploitation targeting CVE-2026-54420 in LiteSpeed cPanel user-end plugin, urging immediate patching for server security.

Fortinet FortiSandbox: Attackers Exploit CVE-2026-39813, -39808, -25089
Critical Fortinet FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) are under active exploitation. Patch immediately.
CVE-2024-21182: Oracle WebLogic Server Under Active Exploitation
CISA added CVE-2024-21182, an unspecified vulnerability in Oracle WebLogic Server, to its KEV Catalog due to active exploitation. Immediate patching required.
_Sergey_Tarasov_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Palo Alto PAN-OS GlobalProtect VPN: Active Auth Bypass Exploitation
Urgent advisory on the active exploitation of an authentication bypass vulnerability affecting Palo Alto Networks PAN-OS GlobalProtect VPN. Patch immediately.
CVE-2024-10642: WP Maps Pro Exploited to Create WordPress Admin Accounts
Attackers are exploiting a critical privilege escalation flaw in the WP Maps Pro WordPress plugin to create rogue admin accounts without authentication.
CVE-2026-0257: Palo Alto PAN-OS Auth Bypass Under Active Attack
CISA adds CVE-2026-0257, an actively exploited authentication bypass in Palo Alto Networks PAN-OS, to its KEV catalog. Immediate patching is critical for all
Ghost CMS CVE-2022-41654: Over 700 Websites Compromised
Attackers are exploiting a critical Ghost CMS vulnerability to inject malicious scripts into sites belonging to Harvard, Oxford, and DuckDuckGo.
CVE-2026-9082: Drupal Core SQL Injection Under Active Exploitation
CISA adds CVE-2026-9082, a critical Drupal Core SQL Injection vulnerability, to KEV Catalog due to active exploitation. Immediate patching required for all organizations.
CVE-2026-9082: Drupal Under Active Exploitation – Patch Now
Critical Drupal vulnerability CVE-2026-9082 is actively exploited shortly after disclosure. Urgent patching is required to prevent compromise of thousands of websites.