Cisco warned of active exploitation of a vulnerability in Catalyst SD-WAN Manager. Tracked as CVE-2026-20245, the vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urges users to patch the vulnerability … Continue reading “Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability Exploited in Attack (CVE-2026-20245)”
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability (CVE-2026-20230)
Security researchers identified a critical severity vulnerability impacting Cisco Unified Communications Manager. Tracked as CVE-2026-20230, the vulnerability may allow an attacker to conduct server-side request forgery (SSRF) attacks through an affected device.
CISA Warns of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
CISA has warned about active exploitation of a vulnerability impacting the GlobalProtect portal and gateway of Palo Alto Networks’ PAN-OS software. Tracked as CVE-2026-0257, the vulnerability may allow a remote unauthenticated attacker to successfully establish a VPN connection through the GlobalProtect gateway of an affected appliance. Palo Alto has also mentioned in their advisory that they are aware of limited exploit attempts on unpatched PAN-OS devices without … Continue reading “CISA Warns of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)”
Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code (CVE-2026-48778)
Notepad++ released a security advisory addressing three vulnerabilities, including two arbitrary code execution flaws, that could allow attackers to silently run malicious code on a victim’s machine. The most critical vulnerability among the three is CVE-2026-48778, which can lead to an arbitrary code execution issue via config.xml files.
Drupal Core SQL injection Vulnerability Added to CISA KEV (CVE-2026-9082)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Drupal Core active exploited vulnerability to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2026-9082, successful exploitation of the vulnerability may allow an attacker to elevate privileges and execute code remotely. CISA urged users to patch the vulnerability before May 27, 2026. Drupal mentioned in the advisory that exploit attempts are now being detected in the wild.
Microsoft Exchange Server Spoofing Vulnerability Exploited in Attack (CVE-2026-42897)
Microsoft has addressed a new security vulnerability impacting on-premises versions of Exchange Server that is being exploited in the wild. Tracked as CVE-2026-42897, the vulnerability may allow an attacker to perform network spoofing.
Cisco Releases Patches for SD-WAN Vulnerability Exploited in the Wild (CVE-2026-20182)
Cisco warned users about a critical vulnerability impacting the Catalyst SD-WAN Controller, tracked as CVE-2026-20182. Successful exploitation of the vulnerability may allow an attacker to bypass authentication and obtain administrative privileges on an affected system. CISA also acknowledged the active exploitation of the CVE-2026-20182 and added it to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the vulnerability before May 17, 2026.
Linux Kernel Local Privilege Escalation Vulnerability Exploited in Attacks (Fragnesia) (CVE-2026-46300)
Cybersecurity researchers have identified a new variant in the DirtyFrag family of Linux local privilege escalation vulnerabilities, named ‘Fragnesia’. Tracked as CVE-2026-46300, successful exploitation of the vulnerability may allow an unprivileged local attacker to modify read-only file contents in the kernel page cache and gain root privileges. The vulnerability has been named Fragnesia because the core bug … Continue reading “Linux Kernel Local Privilege Escalation Vulnerability Exploited in Attacks (Fragnesia) (CVE-2026-46300)”
F5 Nginx Remote Code Execution Vulnerability (CVE-2026-42945)
Threat researchers identified a critical severity vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945. The vulnerability discovered by depthfirst is an 18-year-old memory corruption flaw in NGINX Plus and NGINX Open Source. Successful exploitation of the vulnerability may allow an unauthenticated attacker to cause a denial-of-service (DoS) on the NGINX system or to trigger code execution. NGINX is an open-source, high-performance HTTP web server, reverse proxy, … Continue reading “F5 Nginx Remote Code Execution Vulnerability (CVE-2026-42945)”
Ivanti Addresses Multiple Vulnerabilities Impacting EPM, Xtraction, Secure Access Client, & Virtual Traffic Manager
Ivanti has released its May 2026 security updates, addressing security vulnerabilities across its popular products. The list of vulnerabilities and impacted products includes: Ivanti Xtraction — CVE-2026-8043 Ivanti Virtual Traffic Manager (vTM) — CVE-2026-8051 Ivanti Secure Access Client — CVE-2026-7431 and CVE-2026-7432 Ivanti Endpoint Manager (EPM) — CVE-2026-8109, CVE-2026-8110, CVE-2026-811