Vulnerabilities
-
Palo Alto says PAN-OS flaw is under active exploitation
Palo Alto Networks said a critical PAN-OS buffer overflow flaw is being exploited in the wild and can let unauthenticated attackers run code with root privileges on exposed firewalls.
-
Apache fixes critical HTTP/2 flaw that could enable remote code execution
Apache has patched CVE-2026-23918 in HTTP Server 2.4.67, a critical HTTP/2 double free that can cause denial-of-service and, in some setups, remote code execution.
-
MetInfo CMS flaw under active exploitation after April patch
Threat actors are exploiting a critical MetInfo CMS flaw, CVE-2026-29014, that can enable remote code execution. VulnCheck said activity began on April 25 and intensified on May 1, after MetInfo released patches on April 7.
-
Weaver E-cology flaw exploited in attacks since March
Hackers have exploited a critical Weaver E-cology vulnerability since mid-March to run discovery commands. The flaw affects E-cology 10.0 builds before March 12, and the vendor says upgrading is the only fix.
-
CISA adds actively exploited Linux root flaw to known vulnerabilities list
CISA added a Linux kernel privilege escalation flaw known as Copy Fail to its exploited vulnerabilities catalog after signs of active abuse. The issue can let a local user gain root access, and patches are already available.
-
PyPI Lightning package hit by credential-stealing malware
Python package Lightning was compromised on PyPI, with two malicious releases published on April 30, 2026. Security researchers said the code targeted developer credentials and could spread through package ecosystems.
-
Linux flaw could let local users gain root on many systems
Researchers disclosed a Linux local privilege escalation flaw, called Copy Fail, that could let a local unprivileged user gain root on systems shipped since 2017. The issue affects multiple major distributions and has been assigned CVE-2026-31431.
-
Google patches critical Gemini CLI flaw that could allow remote code execution
Google fixed a critical Gemini CLI flaw that could let attackers execute commands on host systems in headless CI workflows. The issue affected specific npm and GitHub Actions versions and required explicit folder trust after the update.
-
WordPress redirect plugin hid dormant backdoor for years
A WordPress redirect plugin installed on more than 70,000 sites hid a dormant backdoor for years, according to a technical analysis by Anchor. The issue involved a hidden update path and a tampered build from an external server.
-
Microsoft warns of exploited zero-click Windows flaw exposing sensitive data
Microsoft and CISA said attackers are exploiting CVE-2026-32202, a zero-click Windows flaw that can expose sensitive information. The issue stems from an incomplete fix for an earlier vulnerability linked to Russian espionage activity.
