DeafNews
// 4 CVE · 3 EXPLOIT · 1 ADVISORY IN THE LAST 24H

Cve

Curated coverage and analysis in this editorial area.

34 articles

Date Relevance
aiCRITICAL

Critical Flowise RCE: Exploit Code Released for CVSS 9.9 Vulnerability

Obsidian Security has published proof-of-concept exploit code for CVE-2026-40933, a critical RCE vulnerability in Flowise. The flaw le…

May 31, 2026views - 44

VULNEXPLOIT

CIFSwitch: Linux Kernel Bug Grants Root Access on CentOS and Rocky Linux

CIFSwitch enables local privilege escalation to root across multiple Linux distributions. While a public PoC is available and an upstr…

May 30, 2026views - 25

VULNCVE

CVE-2026-0257: Active Exploitation Confirmed for GlobalProtect Authentication Bypass

Palo Alto Networks has confirmed active exploitation of CVE-2026-0257 affecting PAN-OS GlobalProtect. CISA has added the vulnerability…

May 30, 2026views - 453

cybersec

Cyber Brief: Trump Mobile Breach, FIFA Phishing Surge, and CISA Supply Chain Alerts

Three major security incidents converge ahead of the 2026 World Cup: Trump Mobile confirms a third-party data breach, Group-IB uncover…

May 29, 2026views - 15

CYBERSECCRITICAL

LLM Agent Conducts Autonomous Post-Exploitation via Marimo RCE

Sysdig documents the first case of an LLM agent completely replacing a human operator in post-exploitation following a critical RCE on…

May 29, 2026views - 18

googleCRITICAL

Chrome 148: Google Patches 151 Vulnerabilities, Including 22 Critical Flaws

Google has released Chrome 148, addressing 151 security vulnerabilities with 22 rated at maximum criticality. The update includes over…

May 29, 2026views - 12

VULNZERO-DAY

FortiClient EMS: EKZ Infostealer May Target VPN Management Channels

CVE-2026-35616 (CVSS 9.8): Compromised FortiClient EMS platforms could be transformed into malware delivery vehicles. Attacks in May 2…

May 29, 2026views - 11

CYBERSECEXPLOIT

Cisco SD-WAN: Potential Targeted Activity Involving Controllers

A report describes potential exploitation of SD-WAN vulnerabilities, noting activity attributed to a group designated as UAT-8616 and…

May 27, 2026views - 19

CYBERSECCVE

CISA Adds Drupal SQL Injection Vulnerability to KEV Catalog Following Mass Exploitation

CISA has added the CVE-2026-9082 SQL injection flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The move follows re…

May 26, 2026views - 26

CYBERSECCVE

CVE-2026-5426: KnowledgeDeliver LMS Targeted by Zero-Day ViewState Exploit

Hard-coded ASP.NET machine keys in KnowledgeDeliver LMS have enabled unauthenticated RCE attacks. Threat actors deployed the BLUEBEAM…

May 26, 2026views - 17

CYBERSECZERO-DAY

Windows Hit by Post-Patch Tuesday Zero-Day Blitz

Security researcher Chaotic Eclipse has disclosed three new Windows zero-day vulnerabilities following the May 2026 Patch Tuesday. To…

May 25, 2026views - 481

CYBERSECZERO-DAY

Trend Micro: CISA Adds Exploited Apex One Zero-Day to KEV Catalog with June 4 Deadline

CVE-2026-34926 affects on-premise Apex One installations. This directory traversal zero-day is under active exploitation, prompting CI…

May 25, 2026views - 21