Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
Underminr Vulnerability: Bypassing DNS Filtering via Trusted Domains
The Underminr vulnerability affects 88 million domains, allowing attackers to hide C2 traffic and bypass DNS filtering using shared infrastructure.
CVE-2026-9082: Drupal Core SQL Injection Added to CISA KEV Catalog
CISA warns of active exploitation of CVE-2026-9082, a critical SQL injection vulnerability in Drupal Core. Organizations must patch to prevent data exposure.
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation - Patch Now
Exploitation of CVE-2026-48172 in the LiteSpeed cPanel plugin allows local users to gain root access. Organizations should update to version 1.2.2 immediately.
ABB B&R Automation Studio <6.5: Multiple Critical SQLite Vulnerabilities
Critical SQLite vulnerabilities in ABB B&R Automation Studio <6.5 expose ICS to RCE, data exposure, and unauthorized access. Update to version 6.5 immediately.
CVE-2026-9082: Drupal Core SQL Injection Under Active Exploitation
CISA adds CVE-2026-9082, a critical Drupal Core SQL Injection vulnerability, to KEV Catalog due to active exploitation. Immediate patching required for all organizations.
CVE-2026-9082: Drupal Under Active Exploitation – Patch Now
Critical Drupal vulnerability CVE-2026-9082 is actively exploited shortly after disclosure. Urgent patching is required to prevent compromise of thousands of websites.
Huawei AR2500 Exploitation: Industrial Router Flaw Analysis
An analysis of the Huawei AR2500 industrial router exploitation that triggered a major telecom outage and CISA's new KEV nomination process.
CVE-2023-41179: Trend Micro Apex One RCE Exploited in Attacks
Trend Micro patches CVE-2023-41179, a critical zero-day in Apex One and Worry-Free Business Security exploited to execute arbitrary commands on Windows systems.
Ubiquiti Patches Critical UniFi OS Command Injection Vulnerabilities
Ubiquiti has addressed three critical vulnerabilities (CVE-2024-42025, CVE-2024-42027, CVE-2024-42028) in UniFi OS that allow unauthenticated RCE via local networks.
Bypassing Hardware Gates: Exploitability of Vulnerable Drivers
Technical analysis of how researchers bypass hardware-gating to exploit Windows kernel-mode drivers without physical devices in BYOVD attacks.
CVE-2026-34926: TrendAI Apex One Directory Traversal Exploit Analysis
TrendAI patches a critical zero-day directory traversal vulnerability (CVE-2026-34926) in Apex One on-premise currently exploited in the wild.
CVE-2025-34291 & CVE-2023-41179: CISA Warns of Active Exploitation
CISA adds Langflow and Trend Micro Apex One vulnerabilities to KEV. Learn how to mitigate CVE-2025-34291 and CVE-2023-41179 to prevent active exploitation.