Articles tagged "CVE"

Found 341 articles

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

The Hacker News

Actively Exploited

A serious vulnerability in NGINX, tracked as CVE-2026-42945, is currently being exploited in the wild, just days after it was disclosed. This flaw is a heap buffer overflow in the ngx_http_rewrite_module, which affects NGINX Plus and NGINX Open versions from 0.6.27 to 1.30.0. The CVSS score of 9.2 indicates a high severity, as it could lead to worker crashes and potentially allow remote code execution (RCE). Organizations using affected versions should prioritize patching their systems to prevent exploitation. Given the active nature of this threat, immediate action is crucial for maintaining security.

Read Original

A serious vulnerability in the Funnel Builder plugin for WordPress is currently being exploited by attackers to inject harmful JavaScript into WooCommerce checkout pages. This manipulation aims to capture sensitive payment information from users during transactions. The situation was reported by Sansec, revealing that this flaw does not yet have an official Common Vulnerabilities and Exposures (CVE) identifier. Website owners using this plugin should be particularly vigilant, as the lack of a CVE means there may not be a widely known fix available at this time. This incident poses a significant risk, especially for e-commerce sites that rely on WooCommerce for processing payments.

Read Original
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Security Affairs

Actively Exploited

Microsoft has confirmed that a new zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, is being actively exploited by attackers. This vulnerability has a CVSS score of 8.1, indicating a high level of severity. It stems from improper handling of user input during web page generation, which can lead to cross-site scripting (XSS) attacks. Organizations using affected versions of Exchange Server are at risk, as attackers could exploit this flaw to execute malicious scripts in the context of users' browsers. Microsoft urges users to take immediate action to protect their systems and data from potential breaches.

Read Original

Cisco has released a patch for a serious security vulnerability (CVE-2026-20182) affecting its Catalyst SD-WAN solutions. This flaw allows attackers to bypass authentication in both the Catalyst SD-WAN Controller and the Catalyst SD-WAN Manager, which are critical components for managing SD-WAN deployments. The vulnerability has been actively exploited by a sophisticated cyber threat actor, putting both on-premises and cloud users at risk. Organizations using these Cisco products should prioritize applying the patch to safeguard their networks from potential breaches. Failure to address this vulnerability could lead to unauthorized access and significant security incidents.

Read Original

Microsoft has issued a warning regarding a zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, which is currently being exploited by attackers. This vulnerability affects various versions of Exchange Server, putting organizations that use this software at risk. Microsoft has not yet released a permanent patch but has provided interim mitigations to help secure affected systems. Users and administrators are urged to implement these mitigations to protect their environments until a comprehensive fix is available. The active exploitation of this vulnerability underscores the urgency for affected organizations to take immediate action.

Read Original

Microsoft has issued a warning about a serious cross-site scripting (XSS) vulnerability, identified as CVE-2026-42897, affecting on-premises versions of Microsoft Exchange Server. This vulnerability allows unauthorized attackers to spoof users over a network, posing significant risks to organizations that have not yet applied any fixes. The affected versions include Microsoft Exchange Server Subscription Edition RTM, 2019, and 2016, while Exchange Online remains unaffected. Microsoft is currently working on a permanent fix, but until it is released, they have provided temporary mitigations for users to implement. Organizations using the affected versions should take immediate action to safeguard their systems from potential exploitation.

Read Original

Cisco has released a patch for a newly discovered zero-day vulnerability, identified as CVE-2026-20182, which has been actively exploited in targeted attacks. This vulnerability affects Cisco’s SD-WAN products and has been linked to a sophisticated threat actor known as UAT-8616. The exploitation of this flaw marks the sixth zero-day incident involving Cisco in 2026, raising concerns about the security of their products. Companies using Cisco SD-WAN solutions should prioritize applying the latest patches to protect against potential breaches. The ongoing exploitation of this vulnerability highlights the need for vigilance in cybersecurity practices.

Read Original
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

The Hacker News

Actively Exploited

Microsoft has announced a serious security vulnerability affecting on-premise versions of Exchange Server, identified as CVE-2026-42897. This issue, which has a CVSS score of 8.1, is classified as a spoofing vulnerability that arises from a cross-site scripting flaw. The vulnerability has been confirmed to be actively exploited by attackers, which raises significant concerns for organizations still using on-premise Exchange Servers. An anonymous researcher discovered and reported the issue, signaling the need for prompt attention from IT security teams. Organizations must take immediate action to protect their systems and data from potential exploitation.

Read Original

Researchers have identified a new vulnerability in the Linux kernel, named Fragnesia and tracked as CVE-2026-46300, which could allow local attackers to gain root access through page cache corruption. This flaw affects the XFRM ESP-in-TCP subsystem and has a CVSS score of 7.8, indicating a significant risk. If exploited, it could enable attackers to take complete control of the affected systems. It's crucial for users of affected Linux systems to be aware of this vulnerability and take necessary precautions. The disclosure of this flaw highlights ongoing security challenges within the Linux ecosystem.

Read Original

Researchers have discovered a new local privilege escalation vulnerability in the Linux kernel, identified as CVE-2026-46300, and nicknamed 'Fragnesia.' This vulnerability is related to the earlier Dirty Frag bugs and affects the xfrm-ESP Linux module. The flaw was unintentionally introduced when a patch was applied to fix one of the original Dirty Frag vulnerabilities, specifically CVE-2026-43284. This means that systems using the affected module could be at risk, potentially allowing attackers to gain elevated privileges. It is crucial for users and administrators of Linux systems to stay informed about this issue and apply necessary updates as they become available.

Read Original
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

The Hacker News

Actively Exploited

A newly disclosed vulnerability in the PraisonAI framework, identified as CVE-2026-44338, has drawn the attention of cybercriminals within just four hours of its announcement. This vulnerability has a CVSS score of 7.3 and involves a missing authentication issue, which means that sensitive endpoints could be accessed by unauthorized users. If exploited, attackers could invoke potentially harmful actions, leading to significant security risks for any systems running this open-source orchestration tool. Organizations utilizing PraisonAI are urged to assess their systems and implement necessary security measures to protect against possible exploitation. This incident serves as a reminder of the rapid response from threat actors to newly revealed vulnerabilities.

Read Original

A new variant of a local privilege escalation vulnerability in the Linux kernel, named Fragnesia, has been identified. This vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, allows local attackers to gain root access through page cache corruption. This marks the third such vulnerability discovered in the Linux kernel within just two weeks, raising concerns for users and administrators. The flaw is rooted in the kernel's XFRM component, which is responsible for managing IPsec protocols. This means that systems using affected kernel versions could be at risk if not addressed promptly, as attackers could exploit this vulnerability to gain elevated privileges and potentially take control of vulnerable systems.

Read Original

Researchers have identified multiple vulnerabilities in NGINX Plus and NGINX Open, including a severe flaw that has existed for 18 years. The most critical issue, a heap buffer overflow in the ngx_http_rewrite_module (CVE-2026-42945), could allow attackers to execute arbitrary code remotely without authentication. This vulnerability has a high severity score of 9.2 on the CVSS v4 scale. Organizations using these web servers are at risk, as the flaw could lead to significant security breaches. It is crucial for affected users to address this vulnerability promptly to safeguard their systems.

Read Original
Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations

Security Affairs

A serious vulnerability, identified as CVE-2025-32975, has been discovered in Quest KACE SMA, an endpoint management tool used by organizations to oversee their IT assets. This flaw poses a significant risk as it could allow attackers to compromise all managed systems within affected organizations. Researchers have determined that around 60 organizations may be vulnerable due to this unpatched issue. The potential for widespread impact makes it crucial for companies using this software to take immediate action to secure their systems. Ignoring this vulnerability could lead to severe operational disruptions and data breaches.

Read Original

Microsoft's new agentic security system has identified 16 vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. Among these, CVE-2026-40361 and CVE-2026-40364 are particularly concerning due to their higher likelihood of being exploited by attackers. These vulnerabilities could allow unauthorized users to execute arbitrary code on affected systems, potentially leading to severe security breaches. Organizations using Microsoft Windows should prioritize addressing these vulnerabilities to protect their systems from potential exploitation, especially as the threat landscape evolves. The discovery of these flaws underscores the importance of continuous security assessments in software development and deployment.

Read Original
PreviousPage 8 of 23Next