VULNCRITICAL

SharePoint Critical RCE via Cryptographic Signature Flaw: The Token Danger

CVE-2026-50522 enables unauthenticated remote code execution on SharePoint Server by bypassing cryptographic verification on session t…

Jul 17, 2026views - 1.4k

CYBERSECCRITICAL

SharePoint On-Premises Under Attack: Three Days to Patch Actively Exploited RCE

Microsoft confirmed active exploitation of CVE-2026-58644 in SharePoint Server on-premises. CISA added the flaw to the KEV catalog wit…

Jul 17, 2026views - 1.2k

CYBERSECCRITICAL

Delta Electronics DTM Soft: Project BIN Files Become RCE Attack Vector

The ZDI-26-404 flaw in Delta Electronics DTM Soft industrial engineering software enables remote code execution via deserialization of…

Jul 17, 2026views - 92

CYBERSEC

X.Org Server: GLX Use-After-Free Bug Enables Local Root Escalation on Linux

A use-after-free vulnerability in the CommonMakeCurrent function allows a local attacker to escalate privileges to root. The flaw was…

Jul 17, 2026views - 65

CYBERSEC

Windows WMI: ZDI-26-415 Vulnerability Allows Escalation to SYSTEM

CVE-2026-49805 in Windows WMI Providers enables local privilege escalation to SYSTEM. Microsoft has released patches and rates exploit…

Jul 17, 2026views - 1.3k

VULNZERO-DAY

ZDI-26-416: Hyper-V netvsc.sys Bug Lets Local VM Attacker Escalate to Kernel

The ZDI-26-416 vulnerability in Microsoft Hyper-V's netvsc.sys driver allows a low-privilege attacker inside a Windows VM to escalate…

Jul 17, 2026views - 1.5k

CYBERSEC

Adobe Creative Cloud Update Service Turned Into Privilege Escalation Weapon

ZDI-26-419 reveals a vulnerability in AdobeUpdateService that allows local privilege escalation from low-privilege user to SYSTEM on W…

Jul 16, 2026views - 1.2k

CYBERSECZERO-DAY

MSI Center: LPE Vulnerability in NTIOLib_X64.sys Kernel Driver

ZDI-26-430 discloses a local privilege escalation to SYSTEM in the NTIOLib_X64.sys driver used by MSI Center. The flaw affects OEM har…

Jul 16, 2026views - 1.4k

CYBERSECCRITICAL

Synology DS925+: Pre-Auth Root RCE via Weak Redis Passwords — Patch Available

ZDI-26-423 discloses a pre-authentication vulnerability in the MailPlus Redis component of the Synology DiskStation DS925+. Reversible…

Jul 16, 2026views - 1.4k

VULNCRITICAL

NVIDIA NeMo Framework: RCE Vulnerability in ML Checkpoints

An unsafe deserialization flaw in NVIDIA NeMo Framework checkpoints enables remote code execution. User interaction is required, but t…

Jul 16, 2026views - 1.2k

VULNZERO-DAY

G DATA Total Security: LPE in Backup Service, SYSTEM Compromised via Symlink

ZDI-26-432 (CVE-2026-13268, CVSS 7.8) details a symbolic link following attack in the G DATA Total Security Backup Service. Here is th…

Jul 16, 2026views - 1.4k

CYBERSECCRITICAL

ZDI-26-438: RCE in Rockwell Arena Simulation via DOE File, Patch Available

The ZDI-26-438 vulnerability enables remote code execution in Rockwell Automation Arena Simulation through malicious DOE files. Coordi…

Jul 16, 2026views - 1.3k