Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
PraisonAI Auth Bypass CVE-2026-44338 Exploited — Patching Guide
Threat actors are actively exploiting CVE-2026-44338, a critical authentication bypass in the PraisonAI framework, just hours after public disclosure.
Outlook Junk Folder Bypass: How Attackers Hide Malicious URLs
Discover how attackers bypass Microsoft Outlook's Junk folder link preview protection using HTML manipulation to hide malicious phishing URLs from users.
Windows Zero-Days: Analyzing YellowKey and GreenPlasma Exploits
A technical breakdown of the unpatched YellowKey BitLocker bypass and GreenPlasma local privilege escalation vulnerabilities affecting Windows systems.
CVE-2024-38812: How to Mitigate VMware Fusion Privilege Escalation
VMware Fusion 13.6 fixes a high-severity local privilege escalation flaw (CVE-2024-38812) that allows attackers to gain root access on macOS hosts.
CVE-2026-46300: Linux Fragnesia Kernel Privilege Escalation Analysis
Critical analysis of the Fragnesia Linux kernel vulnerability (CVE-2026-46300), enabling local root access via IP fragmentation flaws. Includes mitigation steps.
CVE-2026-42945: NGINX Rewrite Module Heap Overflow Enables RCE
A critical 18-year-old heap buffer overflow in the NGINX rewrite module allows unauthenticated RCE. Learn how to detect and patch CVE-2026-42945.
CVE-2026-46300: Fragnesia Linux Kernel LPE Grants Root Access
A technical analysis of CVE-2026-46300, a Linux kernel LPE vulnerability dubbed Fragnesia that enables root access via XFRM page cache corruption.
Pixel 10 0-Click Exploit Chain: Re-Targeting CVE-2025-54957 for Root
Analysis of a zero-click exploit chain targeting the Google Pixel 10, achieving root via an adapted Dolby vulnerability (CVE-2025-54957). Critical threat. Patch now.
Exim RCE: Unauthenticated Remote Code Execution Critical Flaw
A new critical flaw in Exim mailer allows unauthenticated remote code execution on certain configurations. Immediate patching is vital for security professionals.
FamousSparrow APT: China-Linked Group Targets Caucasus Energy Sector
China-linked FamousSparrow APT expands targeting to include Azerbaijani energy infrastructure, signaling a shift in strategic objectives for the threat group.
Sweet Attack: Using Agentic AI for Continuous Runtime Red Teaming
Sweet Security launches Sweet Attack, using agentic AI and runtime intelligence to provide autonomous attack path analysis and identify exploitable chains.
Microsoft and Palo Alto Networks Use AI to Identify Dozens of Vulnerabilities
Microsoft and Palo Alto Networks leverage AI-powered tools MDASH and Mythos to identify dozens of critical software vulnerabilities before exploitation.