CVE-2026-9256 “nginx-poolslip”: Critical NGINX Flaw Enables Unauthenticated DoS and Code Execution
A critical heap buffer overflow in the NGINX rewrite module (CVE-2026-9256, "nginx-poolslip") allows unauthenticated remote attackers to crash NGINX workers or execute code. Proof-of-concept activity is already circulating...
CISA Flags Actively Exploited Langflow Flaw CVE-2025-34291 — AI Workflow Deployments at Risk
CISA has added CVE-2025-34291, a critical CORS misconfiguration in the Langflow AI workflow platform, to its Known Exploited Vulnerabilities catalog, confirming active exploitation. Organizations using Langflow face the...
Ubiquiti Issues Emergency Patches for Five Critical UniFi OS Vulnerabilities, Three Rated Maximum CVSS 10.0
Ubiquiti Networks has released urgent firmware updates addressing five critical vulnerabilities in its UniFi OS platform, including three flaws rated CVSS 10.0 — the maximum severity score. The...
CISA Adds Two Actively Exploited Microsoft Defender Zero-Days to KEV Catalog — Patch by June 3
CISA has added two critical Microsoft Defender vulnerabilities — CVE-2026-45498 and CVE-2026-41091 — to its Known Exploited Vulnerabilities catalog following evidence of active exploitation in the wild. Federal...
LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access
LiteSpeed has disclosed and patched a critical zero-day privilege escalation flaw (CVE-2026-48172) in its cPanel user-end plugin that is already being actively exploited in the wild to gain...
Google Patches Two Critical Chrome RCE Flaws in Urgent Update — Update to 148.0.7778.178 Now
Google has released an emergency Chrome security update addressing 16 vulnerabilities including two Critical-rated remote code execution flaws in WebRTC and Chrome's UI layer. Users should update to...
Claude Code’s Five-Month Network Sandbox Bypass Silently Exposed Developer Credentials and Source Code
Anthropic's Claude Code harbored a critical SOCKS5 null-byte injection sandbox bypass for over five months, allowing attackers to silently exfiltrate developer credentials, source code, and API keys. The...
CVE-2026-2005: Public PoC Released for Critical 20-Year-Old PostgreSQL pgcrypto RCE Vulnerability
A public proof-of-concept exploit has been released for CVE-2026-2005, a critical remote code execution flaw in PostgreSQL's pgcrypto extension rooted in nearly 20-year-old code. The exploit chains a...