Latest news

BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications
Vulnerability

BadHost (CVE-2026-48710): Critical Authentication Bypass Threatens Thousands of AI Agent Applications

28 May 2026 dark6

A newly disclosed critical vulnerability dubbed 'BadHost' (CVE-2026-48710) enables attackers to bypass authentication in FastAPI and Starlette-based AI applications through...
Read more 0
Critical 7-Zip Flaw CVE-2026-48095 (CVSS 8.8) Enables Arbitrary Code Execution via NTFS Vtable Hijack
Vulnerability

Critical 7-Zip Flaw CVE-2026-48095 (CVSS 8.8) Enables Arbitrary Code Execution via NTFS Vtable Hijack

26 May 2026 dark6

A critical heap buffer overflow in 7-Zip 26.00 (CVE-2026-48095, CVSS 8.8) lets attackers execute arbitrary code through an NTFS vtable...
Read more 0
CVE-2026-9256 “nginx-poolslip”: Critical NGINX Flaw Enables Unauthenticated DoS and Code Execution
Vulnerability

CVE-2026-9256 “nginx-poolslip”: Critical NGINX Flaw Enables Unauthenticated DoS and Code Execution

25 May 2026 dark6

A critical heap buffer overflow in the NGINX rewrite module (CVE-2026-9256, "nginx-poolslip") allows unauthenticated remote attackers to crash NGINX workers...
Read more 0
CISA Flags Actively Exploited Langflow Flaw CVE-2025-34291 — AI Workflow Deployments at Risk
Vulnerability

CISA Flags Actively Exploited Langflow Flaw CVE-2025-34291 — AI Workflow Deployments at Risk

24 May 2026 dark6

CISA has added CVE-2025-34291, a critical CORS misconfiguration in the Langflow AI workflow platform, to its Known Exploited Vulnerabilities catalog,...
Read more 0
Ubiquiti Issues Emergency Patches for Five Critical UniFi OS Vulnerabilities, Three Rated Maximum CVSS 10.0
Vulnerability

Ubiquiti Issues Emergency Patches for Five Critical UniFi OS Vulnerabilities, Three Rated Maximum CVSS 10.0

23 May 2026 dark6

Ubiquiti Networks has released urgent firmware updates addressing five critical vulnerabilities in its UniFi OS platform, including three flaws rated...
Read more 0
CISA Adds Two Actively Exploited Microsoft Defender Zero-Days to KEV Catalog — Patch by June 3
Vulnerability

CISA Adds Two Actively Exploited Microsoft Defender Zero-Days to KEV Catalog — Patch by June 3

23 May 2026 dark6

CISA has added two critical Microsoft Defender vulnerabilities — CVE-2026-45498 and CVE-2026-41091 — to its Known Exploited Vulnerabilities catalog following...
Read more 0
LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access
Vulnerability

LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access

23 May 2026 dark6

LiteSpeed has disclosed and patched a critical zero-day privilege escalation flaw (CVE-2026-48172) in its cPanel user-end plugin that is already...
Read more 0
Google Patches Two Critical Chrome RCE Flaws in Urgent Update — Update to 148.0.7778.178 Now
Vulnerability

Google Patches Two Critical Chrome RCE Flaws in Urgent Update — Update to 148.0.7778.178 Now

22 May 2026 dark6

Google has released an emergency Chrome security update addressing 16 vulnerabilities including two Critical-rated remote code execution flaws in WebRTC...
Read more 0
Claude Code’s Five-Month Network Sandbox Bypass Silently Exposed Developer Credentials and Source Code
Vulnerability

Claude Code’s Five-Month Network Sandbox Bypass Silently Exposed Developer Credentials and Source Code

21 May 2026 dark6

Anthropic's Claude Code harbored a critical SOCKS5 null-byte injection sandbox bypass for over five months, allowing attackers to silently exfiltrate...
Read more 0
CVE-2026-2005: Public PoC Released for Critical 20-Year-Old PostgreSQL pgcrypto RCE Vulnerability
Vulnerability

CVE-2026-2005: Public PoC Released for Critical 20-Year-Old PostgreSQL pgcrypto RCE Vulnerability

20 May 2026 dark6

A public proof-of-concept exploit has been released for CVE-2026-2005, a critical remote code execution flaw in PostgreSQL's pgcrypto extension rooted...
Read more 0
CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29
Vulnerability

CISA Warns of Actively Exploited Microsoft Exchange Server XSS Flaw — Patch by May 29

19 May 2026 dark6

CISA has added CVE-2026-42897, a cross-site scripting vulnerability in Microsoft Exchange Server's Outlook Web Access, to its Known Exploited Vulnerabilities...
Read more 0
Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released
Vulnerability

Windows ‘MiniPlasma’ Zero-Day Grants SYSTEM Privileges on Fully Patched Systems — Public PoC Released

19 May 2026 dark6

A critical Windows zero-day dubbed 'MiniPlasma' has surfaced with a public proof-of-concept exploit, allowing unprivileged attackers to achieve full SYSTEM-level...
Read more 0