Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

CVE-2026-8178: Critical Amazon Redshift JDBC Driver Flaw Enables RCE via Malicious Connection URLs — Patch Now

16 May 2026  |  dark6  |  Vulnerability

A critical vulnerability (CVE-2026-8178) in the Amazon Redshift JDBC driver allows remote code execution through manipulated database connection URLs. The flaw exploits unsafe class loading in the com.amazon.redshift:redshift-jdbc42...

>> read more

CVE-2026-44338: PraisonAI Framework Actively Exploited Within Hours of Disclosure — No Auth Required

16 May 2026  |  dark6  |  Vulnerability

A critical authentication bypass flaw in PraisonAI's legacy API server (CVE-2026-44338) shipped with auth disabled by default, allowing unauthenticated attackers to hijack AI workflows and drain API quotas....

>> read more

BitUnlocker: New Tool Breaks BitLocker on Patched Windows 11 Systems in Under 5 Minutes

15 May 2026  |  dark6  |  Vulnerability

A publicly released tool called BitUnlocker demonstrates a practical downgrade attack against BitLocker on fully-patched Windows 11 machines, exploiting a gap between CVE-2025-48804 patching and certificate revocation to...

>> read more

CVE-2026-26083: Critical Fortinet FortiSandbox Flaw Allows Unauthenticated Remote Code Execution — Patch Now

15 May 2026  |  dark6  |  Vulnerability

Fortinet has disclosed CVE-2026-26083, a critical (CVSS 9.1) missing-authorization vulnerability in FortiSandbox that lets unauthenticated attackers execute arbitrary code remotely across on-prem, cloud, and PaaS deployments. Enterprises should...

>> read more

CVE-2026-43898: Critical SandboxJS Escape (CVSS 10.0) Enables Full Host Takeover via npm

15 May 2026  |  dark6  |  Vulnerability

A maximum-severity (CVSS 10.0) vulnerability in the SandboxJS npm library allows attackers to completely escape the JavaScript sandbox and execute arbitrary code on the host system — no...

>> read more

CVE-2026-32185: Microsoft Teams for Android Vulnerability Enables Local Spoofing Attacks — Patch Available

14 May 2026  |  dark6  |  Vulnerability

Microsoft has patched CVE-2026-32185, a spoofing vulnerability in Microsoft Teams for Android that allows local attackers to impersonate trusted devices or content. The flaw requires no privileges to...

>> read more

Critical Exim Vulnerability (EXIM-Security-2026-05-01.1): Remote Code Execution via GnuTLS BDAT Flaw — Patch Now

14 May 2026  |  dark6  |  Vulnerability

A critical use-after-free vulnerability in Exim mail servers (versions 4.97–4.99.2 with GnuTLS) allows unauthenticated remote attackers to corrupt heap memory and potentially execute arbitrary code. Patch to version...

>> read more

CISA Adds CVE-2026-32202 to KEV Catalog as APT28 Actively Exploits Zero-Click Windows Shell Flaw

13 May 2026  |  dark6  |  Vulnerability

CISA has added CVE-2026-32202, a zero-click Windows Shell authentication coercion flaw, to its KEV catalog following confirmed active exploitation by Russia's APT28 group. The April 2026 Patch Tuesday...

>> read more