Vulnerability Disclosure

Cisco Advisories Vulnerability Disclosure Cisco Apr 24

Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated...

Cisco Advisories →

Kaspersky Securelist Vulnerability Disclosure Microsoft Apr 24

PhantomRPC: A new privilege escalation technique in Windows RPC

Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.

T1548

Kaspersky Securelist →

Wordfence Blog Vulnerability Disclosure Intel WordPress Apr 23

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)

Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...

Wordfence Blog →

Rapid7 Blog Vulnerability Disclosure Rapid7 Apr 23

AI is Changing Vulnerability Discovery and your Software Supply Chain Strategy has to Change with it

Wade Woolwine is Senior Director, Product Security at Rapid7. The headlines around Glasswing have focused on how quickly AI can surface vulnerabilities, whic...

T1195

Rapid7 Blog →

Cisco Advisories Vulnerability Disclosure Cisco Apr 22

Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cro...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco Apr 22

Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker ...

T1190 T1059

Cisco Advisories →

Recorded Future Vulnerability Disclosure Apr 22

AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation?

AI vulnerability research and discovery capabilities are improving, but they have not changed the fundamentals of vulnerability management.

Recorded Future →

Exploit Database Vulnerability Disclosure Linux Apr 22

[local] Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation

Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation

T1548

Exploit Database →

Zero Day Initiative Vulnerability Disclosure Apr 21

ZDI-26-295: (0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PublicCMS. Authentication is not required to exploi...

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 21

ZDI-26-294: (0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is re...

Zero Day Initiative →

Zero Day Initiative Vulnerability Disclosure Microsoft Apr 21

ZDI-26-293: (0Day) Microsoft Office URI Handler NTLM Response Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Office. User interaction is required to exploit ...

Zero Day Initiative →

Rapid7 Blog Vulnerability Disclosure Amazon Apr 20

Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster Action

Anthropic’s Project Glasswing has sparked plenty of discussion about what AI might soon do for vulnerability discovery, but the more useful question for most...

T1598

Rapid7 Blog →

Rapid7 Blog Vulnerability Disclosure Microsoft Rapid7 Apr 17

Metasploit Wrap-Up 04/17/2026

Happy Friday - Seven New Metasploit Modules We’re happy to announce that Metasploit Framework had a big week, landing seven new modules alongside various bug...

T1053

Rapid7 Blog →

Infosecurity Magazine Vulnerability Disclosure Apr 17

Commercial AI Models Show Rapid Gains in Vulnerability Research

AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds

Infosecurity Magazine →

Cisco Advisories Vulnerability Disclosure Cisco Apr 16

Cisco Webex Services Certificate Validation Vulnerability

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to...

T1598

Cisco Advisories →

Tenable Blog Vulnerability Disclosure Tenable Apr 16

Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching

See how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Proto...

Tenable Blog →

Wordfence Blog Vulnerability Disclosure WordPress Apr 16

Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin

On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an estimated 5...

T1190

Wordfence Blog →

Wordfence Blog Vulnerability Disclosure Intel WordPress Apr 16

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)

Last week, there were 153 vulnerabilities disclosed in 117 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulne...

Wordfence Blog →

Cisco Advisories Vulnerability Disclosure Cisco Apr 16

Cisco Secure Web Appliance Authentication Bypass Vulnerability

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacke...

T1556

Cisco Advisories →

Infosecurity Magazine Vulnerability Disclosure Amazon Apr 16

NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities

NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs

Infosecurity Magazine →