Cve
Curated coverage and analysis in this editorial area.
CVE-2026-20230: Public PoC for Cisco Unified CM Vulnerability Risks Remote Root Access
Cisco disclosed on June 3, 2026, that proof-of-concept code is available for CVE-2026-20230, a critical SSRF vulnerability in Unified…
Why CVSS Scores Fail the Factory Floor: A New Framework for OT Vulnerability Management
An OT security practitioner has introduced a five-step framework to evaluate the actual exploitability of vulnerabilities in manufactu…
CVE-2026-48095: 7-Zip NTFS Handler Heap Overflow
A heap overflow in 7-Zip’s NTFS handler allows for RCE via crafted files. The vulnerability involves signature-based file routing that…
Microsoft Refuses to Patch Windows Search URI Flaw Enabling NTLM Hash Theft
Huntress has disclosed an unpatched vulnerability in the Windows search: URI handler that allows attackers to steal NTLMv2 hashes via…
Kemp LoadMaster API Flaw Enables Authenticated RCE: CVSS 8.8 Vulnerability Patched
CVE-2026-3517 in Progress Software Kemp LoadMaster allows authenticated users to execute arbitrary code via command injection in the c…
CVE-2026-0826: Root RCE Vulnerability Hits HP Poly Enterprise VoIP Phones
A critical stack-based buffer overflow in HP Poly Voice's SDP parsing allows unauthenticated remote code execution with root privilege…
Gamaredon APT Weaponizes WinRAR Path Traversal Bug for Ukrainian Espionage
The Gamaredon APT group is exploiting CVE-2025-8088, a path traversal vulnerability in WinRAR, to deploy a modular malware suite again…
CISA Warns of Active Exploitation for Two-Year-Old Oracle WebLogic Flaw
CISA has added CVE-2024-21182 to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of an Oracle WebLog…
Gitea Bug Exposed Private Container Images for Four Years
CVE-2026-27771: A critical flaw in Gitea’s container registry left approximately 31,750 instances vulnerable for nearly four years. Di…
Anthropic Grants ENISA Access to Mythos: A Strategic Shift for EU Cybersecurity
Anthropic is granting ENISA access to its Mythos model for vulnerability discovery. As the first EU entity to join Project Glasswing,…
Audit Slams NIST Over NVD Collapse: 27,000 CVE Backlog and $200,000 in Wasted Funds
A Department of Commerce OIG audit documents the systemic failure of the National Vulnerability Database pipeline, revealing a backlog…
Microsoft Patched a Critical SharePoint RCE but Omitted the CVE from Official Documentation
CVE-2026-45659, a CVSS 8.8 SharePoint Server RCE, was missing from Microsoft’s May 2026 security update list. While the patch was dist…