Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Vulnerability
Latest news

CVE-2026-9256 “nginx-poolslip”: Critical NGINX Flaw Enables Unauthenticated DoS and Code Execution

25 May 2026  |  dark6  |  Vulnerability

A critical heap buffer overflow in the NGINX rewrite module (CVE-2026-9256, "nginx-poolslip") allows unauthenticated remote attackers to crash NGINX workers or execute code. Proof-of-concept activity is already circulating...

>> read more

CISA Flags Actively Exploited Langflow Flaw CVE-2025-34291 — AI Workflow Deployments at Risk

24 May 2026  |  dark6  |  Vulnerability

CISA has added CVE-2025-34291, a critical CORS misconfiguration in the Langflow AI workflow platform, to its Known Exploited Vulnerabilities catalog, confirming active exploitation. Organizations using Langflow face the...

>> read more

Ubiquiti Issues Emergency Patches for Five Critical UniFi OS Vulnerabilities, Three Rated Maximum CVSS 10.0

23 May 2026  |  dark6  |  Vulnerability

Ubiquiti Networks has released urgent firmware updates addressing five critical vulnerabilities in its UniFi OS platform, including three flaws rated CVSS 10.0 — the maximum severity score. The...

>> read more

CISA Adds Two Actively Exploited Microsoft Defender Zero-Days to KEV Catalog — Patch by June 3

23 May 2026  |  dark6  |  Vulnerability

CISA has added two critical Microsoft Defender vulnerabilities — CVE-2026-45498 and CVE-2026-41091 — to its Known Exploited Vulnerabilities catalog following evidence of active exploitation in the wild. Federal...

>> read more

LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access

23 May 2026  |  dark6  |  Vulnerability

LiteSpeed has disclosed and patched a critical zero-day privilege escalation flaw (CVE-2026-48172) in its cPanel user-end plugin that is already being actively exploited in the wild to gain...

>> read more

Google Patches Two Critical Chrome RCE Flaws in Urgent Update — Update to 148.0.7778.178 Now

22 May 2026  |  dark6  |  Vulnerability

Google has released an emergency Chrome security update addressing 16 vulnerabilities including two Critical-rated remote code execution flaws in WebRTC and Chrome's UI layer. Users should update to...

>> read more

Claude Code’s Five-Month Network Sandbox Bypass Silently Exposed Developer Credentials and Source Code

21 May 2026  |  dark6  |  Vulnerability

Anthropic's Claude Code harbored a critical SOCKS5 null-byte injection sandbox bypass for over five months, allowing attackers to silently exfiltrate developer credentials, source code, and API keys. The...

>> read more

CVE-2026-2005: Public PoC Released for Critical 20-Year-Old PostgreSQL pgcrypto RCE Vulnerability

20 May 2026  |  dark6  |  Vulnerability

A public proof-of-concept exploit has been released for CVE-2026-2005, a critical remote code execution flaw in PostgreSQL's pgcrypto extension rooted in nearly 20-year-old code. The exploit chains a...

>> read more