U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog
U.S.
CVE
20 articles
ZDI-26-326: TrendAI Vision One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtai...
ZDI-26-325: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtai...
ZDI-26-324: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtai...
ZDI-26-323: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtai...
ZDI-26-322: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtai...
ZDI-26-321: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtai...
ZDI-26-320: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtai...
High-severity Starlette vulnerability 'BadHost' could expose sensitive data
The flaw, tracked as CVE-2026-48710, arises from the framework's handling of malformed Host headers.
FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework
A single malformed character in a web request can let an unauthenticated attacker slip past the access controls that guard applications built on Starlette, t...
BadHost Vulnerability Exposes Sensitive AI Agent Server Endpoints to Attackers
A critical vulnerability, “BadHost” (CVE-2026-48710), has been identified in the Starlette web framework, exposing thousands of AI-powered applications and A...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-8398 Daemon...
CISA Warns LiteSpeed cPanel Plugin Vulnerability Is Being Exploited in Attacks
CISA has issued an urgent warning after adding a critical vulnerability in the LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, ...
Windows Kernel Vulnerability Lets Attackers Modify Kernel Memory Counters
A critical Windows kernel vulnerability, CVE-2026-40369, allows any unprivileged process, including a browser renderer sandbox, to increment arbitrary kernel...
Gitea Vulnerability Exposes Private Container Images without Authentication
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remo...
Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.
A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microso...
Microsoft SharePoint Server Flaw Enables Remote Code Execution Attacks
Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow attackers to execute arbitrary code remotely, raising signifi...
Drupal bug added to CISA list of known exploited vulnerabilities
Drupal SQL injection flaw CVE-2026-9082 added to CISA KEV as active attacks target sites.
Critical vulnerability in Universal Robots' PolyScope OS allows remote command execution
The vulnerability, tracked as CVE-2026-8153 with a CVSS score of 9.8, affects all PolyScope software versions prior to 5.
Zero-click attack hijacks WhatsApp accounts on iOS 16
The attack exploits vulnerabilities in iOS 16, specifically CVE-2025-43300 within the ImageIO framework and potentially CVE-2025-55177, to gain unauthorized ...