Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
CVE-2026-0300: Siemens RUGGEDCOM APE1808 RCE via PAN-OS Vulnerability
Critical RCE (CVE-2026-0300) in Siemens RUGGEDCOM APE1808 devices via PAN-OS User-ID Captive Portal buffer overflow. Unauthenticated root code execution possible. Patch
CVE-2026-4293: Kieback & Peter DDC XSS — Mitigate Building Controller Risks
CISA warns of CVE-2026-4293, a Cross-site Scripting vulnerability in Kieback & Peter DDC Building Controllers. Attackers could control victim browsers, affecting
Highly Critical Drupal Vulnerability Requires Immediate Patching
Drupal users face a highly critical, quickly exploitable vulnerability. Attackers may develop exploits within hours. Patch immediately to secure your sites.
CVE-2026-31635: DirtyDecrypt Linux Kernel LPE PoC Released
Exploit code for DirtyDecrypt (CVE-2026-31635) has been released, allowing local privilege escalation via vulnerabilities in the Linux kernel crypto API.
ChromaDB RCE via CVE-2024-34359 — Mitigation and Patch Guide
Discover how unauthenticated attackers exploit CVE-2024-34359 in ChromaDB for remote code execution. Learn detection strategies and patch requirements now.
Drupal Core Security Update May 2026: Critical Patch Advisory
Drupal warns of an urgent core security update on May 20, 2026. Security teams must prepare for immediate patching to prevent exploit development.
Universal Robots PolyScope 5 RCE via CVE-2024-8153 — Patch Now
Critical OS command injection vulnerability in Universal Robots PolyScope 5 allows attackers to compromise industrial robot fleets. Patch to version 5.19.0.
OpenClaw 'Claw Chain' Vulnerabilities: Credential Theft, Persistence
Analysis of 'Claw Chain' vulnerabilities in OpenClaw, an AI agent framework, detailing credential theft, privilege escalation, and persistence risks. Patching guidance
CVE-2026-42897: Microsoft Exchange OWA XSS Zero-Day Under Attack
Active Zero-Day XSS vulnerability, CVE-2026-42897, impacts Microsoft Exchange OWA, allowing mailbox compromise. No patch available.
Microsoft Exchange Zero-Day and npm Supply Chain Worm Under Active Use
Critical security briefing on the active exploitation of an Exchange Server zero-day, npm supply chain worms, and Cisco network control vulnerabilities.
YellowKey: Bypassing Windows 11 BitLocker TPM Protections
Technical analysis of YellowKey, a zero-day exploit bypassing Windows 11 BitLocker. Learn how physical access allows attackers to extract encryption keys.
CVE-2024-41662: Chaining OpenClaw Flaws for Sandbox Escape
CyberArk researchers uncover the Claw Chain in OpenClaw, allowing attackers to escape sandboxes, steal credentials, and deploy persistent backdoors.