MetInfo CMS vulnerability exploited by threat actors
The vulnerability, identified as CVE-2026-29014 with a CVSS score of 9.8, is a PHP code injection flaw that allows unauthenticated remote attackers to execut...
CVE
20 articles
Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
Overview On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecti...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-0300 Palo Alto ...
Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE
Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution.
Palo Alto Networks PAN-OS flaw exploited for remote code execution
Palo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution. Palo Alto Net...
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The ...
Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years
Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems.
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnera...
Critical Android vulnerability CVE-2026-0073 fixed by Google
Google patched a critical Android flaw (CVE‑2026‑0073) that lets attackers run code remotely without user action. Google released a security update for Andro...
ABB B&R Automation Runtime
View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulner...
ABB B&R Automation Studio
View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulner...
Hitachi Energy PCM600
View CSAF Summary Hitachi Energy is aware of a vulnerability that affects the Hitachi Energy PCM600 product versions listed in this document. An attacker suc...
Johnson Controls CEM AC2000
View CSAF Summary Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. The following version...
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new fi...
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploit...
Copy Fail lands in CISA KEV as actively exploited Linux flaw threatens widespread privilege escalation
The Cybersecurity and Infrastructure Security Agency (CISA) has added another Linux kernel vulnerability, CVE-2026-31431, also known as Copy Fail, to the Kno...
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
The U.S.
CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments
A high-severity Linux vulnerability, “Copy Fail” (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads. With...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-31431 Linux Ker...
ZDI-26-307: FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Flowise. Authentication is not required to exploit this vul...