Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
NSA GRASSMARLIN XXE Vulnerability CVE-2026-6807 — Mitigation Guide
CISA warns of a Medium-severity XXE vulnerability in NSA GRASSMARLIN. With the tool reaching end-of-life, defenders must address CVE-2026-6807 via decommissioning.
GitHub Enterprise Server RCE via CVE-2024-6800 — Mitigation Guide
GitHub has patched a critical RCE vulnerability (CVE-2024-6800) in GHES that allows remote attackers to gain administrative access via SAML SSO bypass.
CVE-2026-42208: Active Exploitation of LiteLLM SQL Injection
Attackers are actively exploiting CVE-2026-42208, a critical SQL injection flaw in LiteLLM, within 36 hours of disclosure. Patch to prevent database compromise.
CVE-2026-42208: LiteLLM Pre-Auth SQLi Actively Exploited – Patch Now
Hackers are actively exploiting CVE-2026-42208, a critical pre-authentication SQL injection vulnerability in LiteLLM, to access sensitive data. Urgent patching is
CVE-2026-3854: GitHub RCE via Malicious Git Push Command
A critical command injection vulnerability, CVE-2026-3854, allows authenticated users to achieve RCE on GitHub instances via a single git push operation.
Anthropic Claude Mythos: AI-Driven Vulnerability Discovery and Exploitation
Anthropic’s Claude Mythos Preview demonstrates autonomous discovery and weaponization of vulnerabilities in critical infrastructure and operating systems.
Microsoft RDP Security Warning Display Bug — Mitigation Guide
Microsoft confirms security warnings for Remote Desktop (.rdp) files may display incorrectly on Windows 10 and 11, potentially obscuring risk information.
Hugging Face LeRobot RCE via CVE-2026-25874 — Mitigation Guide
Technical analysis of CVE-2026-25874, a critical unpatched RCE vulnerability in Hugging Face LeRobot robotics platform with a CVSS score of 9.3.
CVE-2026-32202: Active Exploitation of Windows Shell Spoofing Bug
Microsoft confirms CVE-2026-32202, a Windows Shell spoofing flaw, is under active exploitation. Read our analysis and mitigation guide for enterprise security.
CVE-2024-9486: Critical Kubernetes Image Builder Flaws Exposed
Critical vulnerabilities in Kubernetes Image Builder allow root access via hardcoded credentials. Update to version v0.1.38 to mitigate potential exploits.
TeamPCP Supply Chain: Checkmarx KICS, Bitwarden CLI, xinference PyPI Attacks
TeamPCP resumes supply chain attacks with new compromises targeting Checkmarx KICS, Bitwarden CLI, and xinference PyPI. UNC6780 credential theft campaign continues.
_Sergey_Tarasov_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Unpatched PhantomRPC: Windows Privilege Escalation via RPC Flaw
Runtime Rebel analyzes the unpatched 'PhantomRPC' flaw in Windows, detailing how an architectural weakness in RPC enables local privilege escalation. Learn to protect