Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

Windows CTFMON Zero-Day CVE-2026-45586 Lets Low-Privilege Users Escalate to SYSTEM

11 June 2026  |  dark6  |  Vulnerability

A publicly disclosed zero-day in the Windows Collaborative Translation Framework (CTFMON) allows attackers with standard user privileges to escalate to SYSTEM. Tracked as CVE-2026-45586, the flaw affects all...

>> read more

SAP June 2026 Patch Day: Four Critical Flaws Including CVSS 9.9 SAML Bypass in NetWeaver ABAP

10 June 2026  |  dark6  |  Vulnerability

SAP's June 2026 Security Patch Day addressed 15 security notes including four critical vulnerabilities. The most severe — CVE-2026-44748 (CVSS 9.9) — is an XML Signature Wrapping flaw...

>> read more

Google Chrome 149 Patches 429 Vulnerabilities Including 22 Critical — Update Immediately

10 June 2026  |  dark6  |  Vulnerability

Google has released Chrome 149.0.7827.53 with 429 security fixes, including 22 rated critical. The patch covers use-after-free and memory corruption bugs across ANGLE, GPU, Network, Password Manager, and...

>> read more

CVE-2026-23111: Linux Kernel nftables Use-After-Free Enables Root Privilege Escalation — Public Exploit Available

9 June 2026  |  dark6  |  Vulnerability

A use-after-free vulnerability in the Linux kernel nftables subsystem (CVE-2026-23111) allows unprivileged local attackers to escalate privileges to root on Debian and Ubuntu LTS systems. A public exploit...

>> read more

Microsoft Warns: Claude Code GitHub Action Exploitable via Prompt Injection to Leak CI/CD Secrets

8 June 2026  |  dark6  |  Vulnerability

Microsoft Threat Intelligence disclosed a prompt injection flaw in the Claude Code GitHub Action that allowed attackers to access /proc/self/environ and steal API keys from CI/CD runners. Anthropic...

>> read more

CISA Warns: SolarWinds Serv-U CVE-2026-28318 Actively Exploited — Zero-Auth DoS Attack Hits File Transfer Platform

8 June 2026  |  dark6  |  Vulnerability

CISA has added CVE-2026-28318, a zero-authentication denial-of-service flaw in SolarWinds Serv-U, to its Known Exploited Vulnerabilities catalog. Attackers can crash the service remotely with a single crafted HTTP...

>> read more

CISA Adds Actively Exploited Linux Kernel CVE-2022-0492 to KEV Catalog — Patch Now

8 June 2026  |  dark6  |  Vulnerability

CISA has added CVE-2022-0492, a Linux kernel improper authentication flaw, to its Known Exploited Vulnerabilities catalog. The vulnerability enables privilege escalation and container escape attacks and is being...

>> read more

CISA Warns: Hackers Are Targeting U.S. Fuel Tank Monitoring Systems Across Critical Infrastructure

8 June 2026  |  dark6  |  Vulnerability

CISA, the FBI, NSA, and five other federal agencies have issued a joint advisory confirming active cyberattacks against Automatic Tank Gauge (ATG) systems used in US energy, chemical,...

>> read more