ZCyberNews
中文

Articles

432 articles

Windows domain controller and Netlogon authentication traffic under active exploitation alert for CVE-2026-41089.CRITICAL
Vulnerabilities

CVE-2026-41089: Windows Netlogon RCE Exploited in Wild

CVE-2026-41089 is a critical Windows Netlogon RCE now reported as exploited in the wild, with Microsoft CNA scoring it CVSS 9.8.

CVE-2026-41089
4 min read
CVE-2026-9082: Drupal Core SQL Injection Bug Added to CISA KEVMEDIUM
Vulnerabilities

CVE-2026-9082: Drupal Core SQL Injection Bug Added to CISA KEV

CISA added CVE-2026-9082 (CVSS 6.5) to its Known Exploited Vulnerabilities catalog after evidence of active exploitation against all supported Drupal Core versions.

CVE-2026-9082
3 min read
CVE-2026-20223 (CVSS 10): Unauthenticated API Access in Cisco SecureCRITICAL
Vulnerabilities

CVE-2026-20223 (CVSS 10): Unauthenticated API Access in Cisco Secure

CVE-2026-20223 (CVSS 10.0): Unauthenticated attackers can access internal REST APIs in Cisco Secure Workload with Site Admin privileges. No authentication required.

CVE-2026-20223
3 min read
CVE-2026-2586: Authenticated RCE in GlassFish Admin ConsoleCRITICAL
Vulnerabilities

CVE-2026-2586: Authenticated RCE in GlassFish Admin Console

CVE-2026-2586 (CVSS 9.1) lets authenticated users execute arbitrary OS commands via crafted requests to GlassFish's Administration Console. No patch available as of May 20.

CVE-2026-2586
3 min read
CVE-2026-8957: Mozilla Patches Privilege Escalation in EnterpriseMEDIUM
Vulnerabilities

CVE-2026-8957: Mozilla Patches Privilege Escalation in Enterprise

CVE-2026-8957 (CVSS 6.5) allows privilege escalation in Firefox's Enterprise Policies component. Mozilla fixed it in Firefox 151 and ESR 140.11.

CVE-2026-8957CVE-2026-8956CVE-2026-8950
4 min read
CVE-2026-8959: Firefox Sandbox Escape via Win32 Boundary FlawCRITICAL
Vulnerabilities

CVE-2026-8959: Firefox Sandbox Escape via Win32 Boundary Flaw

CVE-2026-8959 (CVSS 9.6) allows sandbox escape through incorrect boundary conditions in Firefox's Widget:Win32 component. Fixed in Firefox 151, ESR 140.11, and Thunderbird 151.

CVE-2026-8959CVE-2026-8954
4 min read
CVE-2026-4883: Piotnet Forms Plugin RCE via Phar UploadCRITICAL
Vulnerabilities

CVE-2026-4883: Piotnet Forms Plugin RCE via Phar Upload

CVE-2026-4883 (CVSS 9.8) in Piotnet Forms ≤2.1.40 lets unauthenticated attackers upload .phar or .phtml files via an incomplete extension blacklist, enabling remote code execution.

CVE-2026-4883
4 min read
CVE-2026-45230: Unauthenticated Path Traversal in DumbAssets LetsCRITICAL
Vulnerabilities

CVE-2026-45230: Unauthenticated Path Traversal in DumbAssets Lets

CVE-2026-45230 (CVSS 9.1) in DumbAssets through 1.0.11 lets unauthenticated attackers delete arbitrary files via path traversal in the POST /api/delete-file endpoint.

CVE-2026-45230
3 min read
CVE-2026-7301: SGLang Scheduler RCE via Pickle DeserializationCRITICAL
Vulnerabilities

CVE-2026-7301: SGLang Scheduler RCE via Pickle Deserialization

CVE-2026-7301 (CVSS 9.8) lets attackers execute arbitrary code on SGLang servers by sending malicious pickle payloads to the scheduler's ROUTER socket, which binds to 0.0.0.0 by...

CVE-2026-7301
4 min read
CVE-2026-8836: CVSS 10.0 Stack Overflow in lwIP SNMPv3 ParserCRITICAL
Vulnerabilities

CVE-2026-8836: CVSS 10.0 Stack Overflow in lwIP SNMPv3 Parser

CVE-2026-8836 is a CVSS 10.0 stack-based buffer overflow in lwIP up to 2.2.1's SNMPv3 USM handler. Remote unauthenticated attackers can trigger code execution via crafted...

CVE-2026-8836
3 min read
Cookie Law Bar 1.2.1 Stored XSS Enables Cookie TheftMEDIUM
Vulnerabilities

Cookie Law Bar 1.2.1 Stored XSS Enables Cookie Theft

CVE-2021-47957 (CVSS 6.4) in Cookie Law Bar 1.2.1 lets authenticated attackers inject persistent scripts via the Bar Message field, affecting all WordPress site visitors.

CVE-2021-47957
3 min read
CouchCMS 2.2.1 XSS Lets Authenticated Users Inject Arbitrary JS viaMEDIUM
Vulnerabilities

CouchCMS 2.2.1 XSS Lets Authenticated Users Inject Arbitrary JS via

CVE-2021-47955 (CVSS 5.4): CouchCMS 2.2.1 contains a stored XSS flaw allowing authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files via...

CVE-2021-47955
3 min read
Page 1 of 36Next →