Vulnerability Archives - Page 2 of 20

Latest news

Vulnerability

Critical Fortinet FortiSandbox Vulnerabilities Actively Exploited in the Wild

17 June 2026 dark6

Threat actors are actively exploiting three critical Fortinet FortiSandbox vulnerabilities — including CVE-2026-39813, which has no prior exploitation history. All...

Read more 0

Vulnerability

Microsoft Lets connectivity.office.com TLS Certificate Expire, Breaking Enterprise Microsoft 365 Diagnostics

16 June 2026 dark6

Microsoft allowed the TLS certificate for connectivity.office.com — a critical enterprise Microsoft 365 diagnostic endpoint — to expire on June...

Read more 0

Vulnerability

CVE-2026-48558: Critical SimpleHelp Auth Bypass Exposes 14,000 RMM Servers to Unauthenticated Access

16 June 2026 dark6

Horizon3.ai disclosed CVE-2026-48558, a critical authentication bypass in SimpleHelp's OIDC integration that allows unauthenticated attackers to create privileged technician accounts...

Read more 0

Vulnerability

CVE-2026-20262: Cisco Catalyst SD-WAN vManage Zero-Day Actively Exploited in Enterprise Attacks

16 June 2026 dark6

Cisco has confirmed active zero-day exploitation of CVE-2026-20262, an arbitrary-file-write vulnerability in Catalyst SD-WAN Manager (vManage) that allows attackers to...

Read more 0

Vulnerability

CVE-2026-54420: LiteSpeed cPanel Plugin Zero-Day Actively Exploited to Escalate Privileges to Root

16 June 2026 dark6

A critical actively exploited zero-day in the LiteSpeed cPanel user-end plugin (CVE-2026-54420) enables attackers to escalate privileges to root, breaking...

Read more 0

Vulnerability

CISA BOD 26-04: Federal Agencies Must Patch Critical Vulnerabilities Within 3 Days Under New Risk-Based Mandate

12 June 2026 dark6

CISA has issued Binding Operational Directive BOD 26-04, requiring federal civilian agencies to patch the most critical vulnerabilities — those...

Read more 0

Vulnerability

CVE-2026-5027: Critical Langflow Path Traversal Flaw Actively Exploited for Remote Code Execution

12 June 2026 dark6

A critical path traversal vulnerability (CVE-2026-5027, CVSS 8.8) in Langflow is being actively exploited to achieve remote code execution on...

Read more 0

Vulnerability

ServiceNow Confirms Unauthorized Access Vulnerability Exposing Enterprise Customer Data

11 June 2026 dark6

ServiceNow has confirmed a security vulnerability allowing unauthorized actors to query customer instance tables without proper authentication, potentially exposing sensitive...

Read more 0

Vulnerability

Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM

11 June 2026 dark6

A publicly disclosed zero-day in the Windows Collaborative Translation Framework (CTFMON) allows attackers with standard user privileges to escalate to...

Read more 0

Vulnerability

SAP June 2026 Patch Day: Four Critical Flaws Including CVSS 9.9 SAML Bypass in NetWeaver ABAP

10 June 2026 dark6

SAP's June 2026 Security Patch Day addressed 15 security notes including four critical vulnerabilities. The most severe — CVE-2026-44748 (CVSS...

Read more 0

Vulnerability

Google Chrome 149 Patches 429 Vulnerabilities Including 22 Critical — Update Immediately

10 June 2026 dark6

Google has released Chrome 149.0.7827.53 with 429 security fixes, including 22 rated critical. The patch covers use-after-free and memory corruption...

Read more 0

Vulnerability

CVE-2026-23111: Linux Kernel nftables Use-After-Free Enables Root Privilege Escalation — Public Exploit Available

9 June 2026 dark6

A use-after-free vulnerability in the Linux kernel nftables subsystem (CVE-2026-23111) allows unprivileged local attackers to escalate privileges to root on...

Read more 0