Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
Ivanti, Fortinet, and n8n Disclose Critical RCE and Auth Bypass Flaws
Ivanti, Fortinet, n8n, and SAP release urgent security patches for critical vulnerabilities including CVE-2026-5444 and CVE-2026-8043. Update systems now.
CVE-2024-31079: Critical NGINX RCE Vulnerability Exploitation
Active exploitation of CVE-2024-31079 in the NGINX HTTP/3 module allows for RCE and DoS. Security teams must patch NGINX Open Source and Plus immediately.
DirtyDecrypt: How Attackers Exploit Linux Kernel rxgk for Root Access
Learn about DirtyDecrypt, a local privilege escalation vulnerability in the Linux rxgk module. Discover how to detect and mitigate this root access threat.
Windows 11 KB5089549 Security Update Installation Failure Analysis
Microsoft confirms Windows 11 KB5089549 security update fails with error 0x800f0922. Learn how to troubleshoot and resolve these installation issues.
MiniPlasma 0-Day: Windows SYSTEM Privilege Escalation via cldflt.sys
Technical analysis of the MiniPlasma zero-day vulnerability in cldflt.sys enabling SYSTEM privilege escalation on fully patched Windows systems.
Pwn2Own Berlin 2026: Critical RCE and Escalation Targets Identified
Security researchers demonstrate critical zero-day exploits against Windows, VMware, and AI systems at Pwn2Own Berlin 2026, earning over $1.3 million.
Windows MiniPlasma Zero-Day Exploit: How to Mitigate LPE Threats
A new zero-day exploit dubbed MiniPlasma allows local attackers to gain SYSTEM privileges on fully patched Windows systems. Learn detection and mitigation steps.
NGINX CVE-2026-42945: Heap Buffer Overflow Exploited — Patch Now
Active exploitation of CVE-2026-42945 in NGINX ngx_http_rewrite_module allows for worker process crashes and remote code execution. Update to version 1.31.0.
Funnel Builder Plugin Exploited for WooCommerce Checkout Skimming
Attackers are exploiting a vulnerability in the Funnel Builder WordPress plugin to inject skimming scripts and steal payment data from WooCommerce sites.
NGINX HTTP/3 RCE via CVE-2024-24989 — Mitigation Guide
Proof of Concept code released for critical NGINX CVE-2024-24989 and CVE-2024-24990. Learn how to detect and patch these HTTP/3 vulnerabilities immediately.
AI-Generated Code and Autonomous Agents: New Risks for Defenders
AI agents are automating vulnerability discovery in AI-generated codebases, forcing a shift in defensive security strategies and response times.
CVE-2026-42897: Microsoft Exchange XSS Under Active Exploitation
CISA adds CVE-2026-42897, a Microsoft Exchange Server Cross-Site Scripting vulnerability, to KEV Catalog due to active exploitation. Immediate patching advised.