Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
CVE-2026-6411: MAXHUB Pivot Client Hardcoded AES Key — Patch Guide
Exploit analysis of CVE-2026-6411 in MAXHUB Pivot client. Learn how hardcoded AES keys and MQTT enrollment flaws lead to data disclosure and DoS.
Dirty Frag: Linux Kernel Zero-Day Enables Local Privilege Escalation
The Dirty Frag zero-day vulnerability allows local attackers to gain root access on major Linux distributions via an exploit in kernel fragmentation handling.
"Dirty Frag" Linux Kernel LPE: Unpatched Root Access Risk
An unpatched Linux kernel vulnerability dubbed Dirty Frag allows local privilege escalation to root, building on the exploitation patterns of CVE-2026-31431.
Ivanti EPMM RCE via CVE-2026-6973 — Mitigation Guide
Ivanti warns of active exploitation of CVE-2026-6973, a high-severity RCE flaw in Endpoint Manager Mobile (EPMM) allowing admin-level access on core servers.
CVE-2026-6973: Ivanti EPMM Exploited in the Wild — Patch Guidance
CISA adds CVE-2026-6973, an improper input validation vulnerability in Ivanti Endpoint Manager Mobile, to the KEV catalog following active exploitation.
CVE-2024-3400: Palo Alto PAN-OS RCE Exploited by State Actors
Chinese state actors exploit a critical RCE vulnerability in Palo Alto Networks PAN-OS. Learn how to detect and mitigate CVE-2024-3400 exploitation.
CVE-2023-35081: Ivanti EPMM Remote Code Execution Zero-Day Analysis
Ivanti warns of a high-severity RCE vulnerability in EPMM exploited in zero-day attacks. Secure your systems by patching CVE-2023-35081 today.
PAN-OS RCE via CVE-2026-0300 — Mitigation Guide
Technical analysis of CVE-2026-0300, a critical buffer overflow in PAN-OS User-ID Authentication Portal enabling unauthenticated root access and espionage.
Cisco ISE and Nexus Dashboard RCE via CVE-2024-20469 — Mitigation Guide
Cisco patches high-severity vulnerabilities in ISE, Nexus Dashboard, and Catalyst Center that enable RCE, SSRF, and DoS attacks. Secure your enterprise today.
Microsoft Edge Plaintext Password Exposure and ICS Zero-Day Risks
Analysis of Microsoft Edge plaintext password storage risks, newly disclosed ICS zero-day vulnerabilities, and Telegram-based data exfiltration TTPs.
vm2 Node.js Library RCE: Multiple Sandbox Escape Vulnerabilities
Discovery of a dozen critical vulnerabilities in the vm2 Node.js library allows for sandbox escape and RCE. Learn how to mitigate these security risks now.
Mirai-Based xlabs_v1 Botnet Hijacks IoT Devices via ADB
Learn how the xlabs_v1 botnet exploits Android Debug Bridge (ADB) on port 5555 to enroll IoT devices into a DDoS network and how to secure your hardware.