CISA has warned about active exploitation of a vulnerability impacting the GlobalProtect portal and gateway of Palo Alto Networks’ PAN-OS software. Tracked as CVE-2026-0257, the vulnerability may allow a remote unauthenticated attacker to successfully establish a VPN connection through the GlobalProtect gateway of an affected appliance. Palo Alto has also mentioned in their advisory that they are aware of limited exploit attempts on unpatched PAN-OS devices without … Continue reading “CISA Warns of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)”
Tag: CISA Known Exploitable Vulnerabilities Catalog
Drupal Core SQL injection Vulnerability Added to CISA KEV (CVE-2026-9082)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Drupal Core active exploited vulnerability to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2026-9082, successful exploitation of the vulnerability may allow an attacker to elevate privileges and execute code remotely. CISA urged users to patch the vulnerability before May 27, 2026. Drupal mentioned in the advisory that exploit attempts are now being detected in the wild.
Microsoft Exchange Server Spoofing Vulnerability Exploited in Attack (CVE-2026-42897)
Microsoft has addressed a new security vulnerability impacting on-premises versions of Exchange Server that is being exploited in the wild. Tracked as CVE-2026-42897, the vulnerability may allow an attacker to perform network spoofing.
Cisco Releases Patches for SD-WAN Vulnerability Exploited in the Wild (CVE-2026-20182)
Cisco warned users about a critical vulnerability impacting the Catalyst SD-WAN Controller, tracked as CVE-2026-20182. Successful exploitation of the vulnerability may allow an attacker to bypass authentication and obtain administrative privileges on an affected system. CISA also acknowledged the active exploitation of the CVE-2026-20182 and added it to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the vulnerability before May 17, 2026.
Ivanti Endpoint Manager Mobile Vulnerability Exploited in the Wild (CVE-2026-6973)
Ivanti released security updates to address five high-severity vulnerabilities impacting Endpoint Manager Mobile (EPMM). One of these vulnerabilities, tracked as CVE-20260-6973, is said to be exploited in zero-day attacks. This Improper Input Validation vulnerability in Ivanti EPMM requires Admin authentication for successful exploitation. A remote authenticated user with administrative access may exploit the vulnerability to execute arbitrary code … Continue reading “Ivanti Endpoint Manager Mobile Vulnerability Exploited in the Wild (CVE-2026-6973)”
PAN-OS User-ID Authentication Portal Vulnerability Exploited in Attacks (CVE-2026-0300)
Palo Alto has warned its users about the active exploitation of a vulnerability in the Palo Alto User-ID Authentication Portal (aka Captive Portal) service running on PAN-OS. Tracked as CVE-2026-0300, the vulnerability has a critical severity rating with a CVSS score of 9.3. Successful exploitation of the vulnerability can lead to arbitrary code execution. Palo Alto has mentioned in their advisory that they are aware … Continue reading “PAN-OS User-ID Authentication Portal Vulnerability Exploited in Attacks (CVE-2026-0300)”
Linux Kernel Vulnerability Exploited in the Wild (Copy Fail) (CVE-2026-31431)
Threat actors are exploiting a vulnerability in the Linux Kernel tracked as CVE-2026-31431. Named Copy Fail, it’s a critical Linux kernel local privilege escalation vulnerability that allows unprivileged users to gain root by corrupting the page cache of setuid binaries via the AF_ALG crypto API. The vulnerability was discovered and reported by Theori and Xint. CISA also acknowledged the active exploitation of the vulnerability … Continue reading “Linux Kernel Vulnerability Exploited in the Wild (Copy Fail) (CVE-2026-31431)”
cPanel and WHM Authentication Bypass Vulnerability Exploited in the Wild (CVE-2026-41940)
Security researchers have identified a critical severity vulnerability impacting cPanel and WHM (Web Host Manager). Tracked as CVE-2026-41940, the vulnerability is being actively exploited in the wild. Successful exploitation of the vulnerability may allow an attacker to take control over the cPanel host system, its configurations and databases, and the websites it manages.
Apache ActiveMQ Remote Code Execution Vulnerability Added to CISA KEV (CVE-2026-34197)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of active exploitation of the Apache ActiveMQ vulnerability (CVE-2026-34197). CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch before April 30, 2026. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on vulnerable installations.
Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability Exploited in the Wild (CVE-2026-34621)
Adobe released a security update to address an actively exploited vulnerability impacting Adobe Acrobat and Reader. Tracked as CVE-2026-34621, the vulnerability may allow an attacker to run malicious code on affected installations. Haifei Li from EXPMON discovered and reported the vulnerability to Adobe. CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urges users to patch the vulnerability before April 27, … Continue reading “Adobe Acrobat and Reader Arbitrary Code Execution Vulnerability Exploited in the Wild (CVE-2026-34621)”