-
A critical zero-day vulnerability in cPanel and WebHost Manager (WHM) is under massive active exploitation following the public release of a sophisticated proof-of-concept exploit. Tracked as CVE-2026-41940, this flaw has already compromised tens of th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injecti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in the nginx-ui backup restore mechanism, tracked as CVE-2026-33026, allows attackers to manipulate encrypted backups and execute arbitrary commands. Proof-of-Concept (PoC) exploit code has been publicly released, prompting an …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical zero-day vulnerability in Cisco Catalyst SD-WAN infrastructure, tracked as CVE-2026-20127, is currently under active exploitation by highly sophisticated threat actors. The situation has grown considerably more severe following the public re…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high-severity local privilege escalation (LPE) vulnerability, identified as CVE-2026-20817, has been publicly documented following the release of a proof-of-concept (PoC) exploit. Discovered in the Windows Error Reporting (WER) service, the flaw allo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the interne…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security researcher has published proof-of-concept code for a critical authentication bypass vulnerability in the Atarim WordPress plugin that could allow attackers to steal sensitive user data and system configuration details. The flaw, tracked as C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability affecting more than 706,000 BIND 9 DNS resolvers worldwide has been disclosed with proof-of-concept exploit code now publicly available. The security flaw enables attackers to perform cache poisoning attacks by injecting malici…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5. Security researchers discovered that attackers can trigger remote code execution and privilege escalation by abusing flaw…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
