Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

WatchGuard Agent Vulnerabilities Allow Attackers to Escalate to Full SYSTEM Privileges on Windows

10 May 2026  |  dark6  |  Vulnerability

WatchGuard has released urgent security updates patching four high-severity vulnerabilities in the WatchGuard Agent for Windows, including chained CVE-2026-6787 and CVE-2026-6788 flaws (CVSS 8.5) that grant NT AUTHORITY\SYSTEM...

>> read more

Critical Next.js and React Server Components Vulnerabilities: SSRF, DoS, and Middleware Bypass Patched

9 May 2026  |  dark6  |  Vulnerability

Vercel has released a sweeping set of security advisories for Next.js addressing more than a dozen vulnerabilities including denial-of-service, SSRF via WebSocket upgrades, and middleware bypass flaws. All...

>> read more

New Ivanti EPMM Zero-Day CVE-2026-6973 Actively Exploited — Patch Immediately

8 May 2026  |  dark6  |  Vulnerability

Ivanti has confirmed active exploitation of CVE-2026-6973, a new zero-day vulnerability in its on-premises Endpoint Manager Mobile (EPMM) product. The flaw requires admin authentication and is part of...

>> read more

Dirty Frag: New Linux Kernel Vulnerability Chains Two Flaws to Grant Root Privileges — Public PoC Released

8 May 2026  |  dark6  |  Vulnerability

A newly disclosed Linux kernel vulnerability dubbed Dirty Frag chains two page-cache write flaws to achieve full root access on virtually all major Linux distributions. A public PoC...

>> read more

Critical Palo Alto PAN-OS Zero-Day CVE-2026-0300 Actively Exploited — Root Access Granted on 5,800+ Exposed Firewalls

7 May 2026  |  dark6  |  Vulnerability

A critical buffer overflow zero-day in Palo Alto Networks PAN-OS (CVE-2026-0300, CVSS 9.3) is being actively exploited in the wild. Unauthenticated attackers can gain full root access to...

>> read more

Critical Apache HTTP Server 2.4.67 Patches RCE Flaw CVE-2026-23918 — Upgrade All Servers Immediately

5 May 2026  |  dark6  |  Vulnerability

Apache has released HTTP Server 2.4.67, patching five vulnerabilities including a critical double-free bug CVE-2026-23918 (CVSS 8.8) in the HTTP/2 implementation that can enable Remote Code Execution. All...

>> read more

Critical Android Zero-Click Vulnerability CVE-2026-0073 Allows Remote Shell Access Without User Interaction

5 May 2026  |  dark6  |  Vulnerability

Google has disclosed a critical zero-click remote code execution vulnerability tracked as CVE-2026-0073 in the Android System component. The flaw allows attackers on the same local network to...

>> read more

Microsoft Defender False Positive Quarantines DigiCert Root Certificates, Risks Breaking SSL Across Enterprise Networks

4 May 2026  |  dark6  |  Vulnerability

A faulty Microsoft Defender antimalware definition update incorrectly flagged two legitimate DigiCert root certificates as malware, automatically quarantining them from the Windows trust store on enterprise endpoints. The...

>> read more