vulnerability

PoC Code Published for Critical NGINX Vulnerability

PoC Code Published for Critical NGINX Vulnerability 2026-05-16 at 14:43 By Ionut Arghire Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

PoC Code Published for Critical NGINX Vulnerability Read More »

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) 2026-05-15 at 14:32 By Zeljka Zorz A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) Read More »

Chrome 148 Update Patches Critical Vulnerabilities

Chrome 148 Update Patches Critical Vulnerabilities 2026-05-15 at 11:02 By Ionut Arghire The refresh resolves critical-severity use-after-free and other types of bugs in various browser components. The post Chrome 148 Update Patches Critical Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 148 Update Patches Critical Vulnerabilities Read More »

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) 2026-05-14 at 17:34 By Zeljka Zorz Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) Read More »

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure 2026-05-14 at 12:48 By Ionut Arghire The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure Read More »

High-Severity Vulnerability Patched in VMware Fusion

High-Severity Vulnerability Patched in VMware Fusion 2026-05-14 at 12:48 By Eduard Kovacs The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

High-Severity Vulnerability Patched in VMware Fusion Read More »

Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code

Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code 2026-05-13 at 19:01 By Eduard Kovacs Microsoft’s MDASH discovered 16 of the Patch Tuesday vulnerabilities, and Palo Alto used Mythos to find dozens of flaws.  The post Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code

Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code Read More »

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises 2026-05-13 at 13:33 By Eduard Kovacs CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises Read More »

Fortinet, Ivanti Patch Critical Vulnerabilities

Fortinet, Ivanti Patch Critical Vulnerabilities 2026-05-13 at 12:36 By Ionut Arghire Successful exploitation of these flaws could lead to arbitrary code execution and information disclosure. The post Fortinet, Ivanti Patch Critical Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Fortinet, Ivanti Patch Critical Vulnerabilities Read More »

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities 2026-05-13 at 11:37 By Ionut Arghire The two chip giants have published over two dozen advisories describing recently identified security defects. The post Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities Read More »

Microsoft Patches 137 Vulnerabilities

Microsoft Patches 137 Vulnerabilities 2026-05-12 at 21:50 By Ionut Arghire Fresh security updates resolve critical flaws in Azure, Windows, Dynamics 365, and the SSO Plugin for Jira & Confluence. The post Microsoft Patches 137 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches 137 Vulnerabilities Read More »

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) 2026-05-12 at 20:12 By Zeljka Zorz Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability

Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) Read More »

Amazon Quick authorization bypass let users reach blocked AI chat agents

Amazon Quick authorization bypass let users reach blocked AI chat agents 2026-05-12 at 20:12 By Mirko Zorz Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those

Amazon Quick authorization bypass let users reach blocked AI chat agents Read More »

Adobe Patches 52 Vulnerabilities in 10 Products

Adobe Patches 52 Vulnerabilities in 10 Products 2026-05-12 at 20:12 By Ionut Arghire While none of the flaws have been exploited in the wild, many of them could lead to arbitrary code execution. The post Adobe Patches 52 Vulnerabilities in 10 Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Adobe Patches 52 Vulnerabilities in 10 Products Read More »

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413) 2026-05-12 at 17:35 By Zeljka Zorz JetBrains has patched a high-severity vulnerability (CVE-2026-44413) in TeamCity, its popular continuous integration and continuous delivery platform, and is urging organizations with on-premises and self-managed deployments to upgrade to the fixed version or implement a security patch. About CVE-2026-44413 CVE-2026-44413

JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413) Read More »

SAP Patches Critical S/4HANA, Commerce Vulnerabilities

SAP Patches Critical S/4HANA, Commerce Vulnerabilities 2026-05-12 at 15:18 By Ionut Arghire The flaws could allow attackers to inject malicious code, leading to information disclosure and code execution. The post SAP Patches Critical S/4HANA, Commerce Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SAP Patches Critical S/4HANA, Commerce Vulnerabilities Read More »

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root 2026-05-12 at 14:18 By Sinisa Markovic Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root Read More »

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means 2026-05-12 at 14:18 By Eduard Kovacs Curl’s lead developer says Mythos claims are marketing, but many in the industry believe the results stem from Curl’s robust security. The post Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means Read More »

Dirty Frag: Unpatched Linux vulnerability delivers root access

Dirty Frag: Unpatched Linux vulnerability delivers root access 2026-05-08 at 18:03 By Zeljka Zorz A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284, aka

Dirty Frag: Unpatched Linux vulnerability delivers root access Read More »

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) 2026-05-08 at 13:30 By Zeljka Zorz Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,” the

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) Read More »

Scroll to Top