24h | 7d | 30d

Overview

  • Microsoft
  • Microsoft Malware Protection Engine

16 Jun 2026
Published
08 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
3.39%

KEV

Description

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ".

Statistics

  • 11 Posts
  • 1 Interaction

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Microsoft patched the RoguePlanet Microsoft Defender zero-day, CVE-2026-50656, a race condition that grants SYSTEM privileges. A public PoC exists.

securityonline.info/rogueplane

  • 0
  • 1
  • 0
  • 6h ago
Profile picture fallback

The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for its antivirus and antispyware software. thehackernews.com/2026/07/micr

  • 0
  • 0
  • 1
  • 3h ago
Profile picture fallback

Microsoft Closes Critical RoguePlanet Zero-Day Privilege Escalation Flaw Before It Can Spread Further + Video

Introduction Microsoft has released an important security update to eliminate a dangerous zero-day vulnerability known as RoguePlanet, reinforcing the importance of keeping Windows security components fully updated. The flaw, identified as CVE-2026-50656, affects Microsoft Defender's Malware Protection Engine and could allow attackers to escalate privileges…

undercodenews.com/microsoft-cl

  • 0
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
RoguePlanet est corrigée. ✅ Le correctif de la CVE-2026-50656 (élévation de privilèges SYSTEM sur Win 10/11) passe par le moteur Defender. Version cible : 1.1.26060.3008 Plus d'infos 👇 www.it-connect.fr/microsoft-co... #cybersecurite #windows
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
📢 Microsoft corrige la zero-day RoguePlanet (CVE-2026-50656) dans Microsoft Defender 📝 ## 🗓️ Contexte Source : BleepingComputer, publié le 9 juillet… https://cyberveille.ch/posts/2026-07-09-microsoft-corrige-la-zero-day-rogueplanet-cve-2026-50656-dans-microsoft-defender/ #CVE_2026_50656 #Cyberveille
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
RoguePlanet (CVE-2026-50656) race-condition privilege escalation in Defender is being patched via automatic Malware Protection Engine updates.
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
🛡️ Mitigación y Gestión de la #Vulnerabilidad "RoguePlanet" (CVE-2026-50656) en #MicrosoftDefender www.newstecnicas.com/2026/07/miti...
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Microsoft patched a Defender privilege escalation flaw called RoguePlanet, tracked as CVE-2026-50656, nearly a month after public disclosure. The vulnerability, […]
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656) 📖 Read more: www.helpnetsecurity.com/2026/07/09/m... #cybersecurity #cybersecuritynews #exploit #MicrosoftDefender #securityupdate #vulnerabilitydisclosure @microsoft.com
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Microsoft is rolling out a fix for Defender flaw RoguePlanet (CVE-2026-50656), which could escalate privileges to System after a public PoC dropped in June. #RoguePlanet #CVE202650656 #MicrosoftDefender
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Linux
  • Linux

21 May 2026
Published
08 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.12%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the latter case waiter::task is not current, but remove_waiter() operates on current for the dequeue operation. That results in several problems: 1) the rbtree dequeue happens without waiter::task::pi_lock being held 2) the waiter task's pi_blocked_on state is not cleared, which leaves a dangling pointer primed for UAF around. 3) rt_mutex_adjust_prio_chain() operates on the wrong top priority waiter task Use waiter::task instead of current in all related operations in remove_waiter() to cure those problems. [ tglx: Fixup rt_mutex_adjust_prio_chain(), add a comment and amend the changelog ]

Statistics

  • 9 Posts
  • 34 Interactions

Last activity: Last hour

Fediverse

Profile picture fallback

MT @nebusecurity@x.com
GhostLock (CVE-2026-43499) is a 15yr old kernel 0-day we used in IonStack full chain exploit. #infosec
github.com/NebuSec/CyberMeowfi

  • 2
  • 0
  • 0
  • 8h ago
Profile picture fallback

CVE-2026-43499, dubbed GhostLock by Nebula Security, exposes a long-standing Linux kernel futex bug that can lead to local root access.
linuxiac.com/15-year-old-linux

#linux #kernel #security #opensource

  • 1
  • 1
  • 0
  • Last hour
Profile picture fallback

Here's your weekly batch of Linux local privilege escalation vulnerabilities:

CVE-2026-43499 "GhostLock"
nebusec.ai/research/ionstack-p

CVE-2026-46242 "Bad Epoll"
github.com/J-jaeyoung/bad-epoll

Enjoy! ✌️

  • 10
  • 7
  • 0
  • 19h ago
Profile picture fallback

GhostLock (CVE-2026-43499): a fifteen-year-old rtmutex bug just handed root to anyone with a shell

GhostLock (CVE-2026-43499) is a 15-year rtmutex use-after-free giving root to any local Linux user. Full technical breakdown of the exploit chain

thecybersecguru.com/news/ghost

  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback

If you're just now hearing about GhostLock and looking to fix it, make sure you don't introduce two unpriv-reachable DoSes associated with its fixes. The fix the Linux CNA lists for CVE-2026-43499 introduces a NULL deref, which caused CVE-2026-53166 to be issued.

Unfortunately, the fix referenced by that CVE introduces a worse DoS (busy loops on all CPUs in the kernel), and has no CVE yet to inform users. We discovered this second DoS early last month through routine inspection.

Our recommendation:

Apply the initial fix: git.kernel.org/pub/scm/linux/k

Ignore the fix for CVE-2026-53166 which introduced the worse DoS and was reverted just recently: git.kernel.org/pub/scm/linux/k

Apply this fix which addressed the same initial DoS issue without introducing another:
git.kernel.org/pub/scm/linux/k

  • 6
  • 6
  • 0
  • 20h ago

Bluesky

Profile picture fallback
GhostLock (CVE-2026-43499) : 15 ans dans le noyau Linux, exploit fiable à 97 %, root en 5 secondes. Le point complet 👇 www.it-connect.fr/ghostlock-fa... #linux #infosec
  • 0
  • 1
  • 0
  • 2h ago
Profile picture fallback
GhostLock (CVE-2026-43499) is a Linux kernel flaw enabling unprivileged local users to gain root control in about five seconds on unpatched systems.
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
GhostLock (CVE-2026-43499) is a long-lived Linux use-after-free flaw enabling local root escalation and container escape.
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
CVE-2026-43499, dubbed GhostLock by Nebula Security, exposes a long-standing Linux kernel futex bug that can lead to local root access. linuxiac.com/15-year-old-... #Linux #Kernel #Security #OpenSource
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Linux
  • Linux

30 May 2026
Published
09 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.12%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_lock but then kept using @file inside the critical section (is_file_epoll(), hlist_del_rcu() through the head, spin_unlock). A concurrent __fput() taking the eventpoll_release() fastpath in that window observed the transient NULL, skipped eventpoll_release_file() and ran to f_op->release / file_free(). For the epoll-watches-epoll case, f_op->release is ep_eventpoll_release() -> ep_clear_and_put() -> ep_free(), which kfree()s the watched struct eventpoll. Its embedded ->refs hlist_head is exactly where epi->fllink.pprev points, so the subsequent hlist_del_rcu()'s "*pprev = next" scribbles into freed kmalloc-192 memory. In addition, struct file is SLAB_TYPESAFE_BY_RCU, so the slot backing @file could be recycled by alloc_empty_file() -- reinitializing f_lock and f_ep -- while ep_remove() is still nominally inside that lock. The upshot is an attacker-controllable kmem_cache_free() against the wrong slab cache. Pin @file via epi_fget() at the top of ep_remove() and gate the critical section on the pin succeeding. With the pin held @file cannot reach refcount zero, which holds __fput() off and transitively keeps the watched struct eventpoll alive across the hlist_del_rcu() and the f_lock use, closing both UAFs. If the pin fails @file has already reached refcount zero and its __fput() is in flight. Because we bailed before clearing f_ep, that path takes the eventpoll_release() slow path into eventpoll_release_file() and blocks on ep->mtx until the waiter side's ep_clear_and_put() drops it. The bailed epi's share of ep->refcount stays intact, so the trailing ep_refcount_dec_and_test() in ep_clear_and_put() cannot free the eventpoll out from under eventpoll_release_file(); the orphaned epi is then cleaned up there. A successful pin also proves we are not racing eventpoll_release_file() on this epi, so drop the now-redundant re-check of epi->dying under f_lock. The cheap lockless READ_ONCE(epi->dying) fast-path bailout stays.

Statistics

  • 2 Posts
  • 17 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture fallback

Here's your weekly batch of Linux local privilege escalation vulnerabilities:

CVE-2026-43499 "GhostLock"
nebusec.ai/research/ionstack-p

CVE-2026-46242 "Bad Epoll"
github.com/J-jaeyoung/bad-epoll

Enjoy! ✌️

  • 10
  • 7
  • 0
  • 19h ago

Bluesky

Profile picture fallback
✨ Bad Epoll (CVE-2026-46242): la race condition nel kernel Linux che regala root a chiunque Leggi il blog: spcnet.it/bad-epoll-cv...
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Adobe
  • ColdFusion

30 Jun 2026
Published
08 Jul 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
1.02%

Description

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Statistics

  • 2 Posts

Last activity: 6 hours ago

Fediverse

Profile picture fallback

⚠️ Actively Exploited: CVE-2026-48282 (CVSS 10.0) in Adobe ColdFusion. CISA KEV deadline is July 10. We just dropped the paywall on our TS-MAN runbook. Get the exact Splunk, Sentinel, and CrowdStrike queries to hunt this unauthenticated RCE right now. 👇
thecybermind.co/1m24

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture fallback
~Akamai~ Unauthenticated path traversal in ColdFusion RDS FILEIO handler enables arbitrary file read/write and RCE; patch via APSB26-68. - IOCs: CVE-2026-48282 - #CVE202648282 #ColdFusion #PathTraversal #ThreatIntel
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • hplip

03 Jul 2026
Published
06 Jul 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data.

Statistics

  • 2 Posts

Last activity: 5 hours ago

Fediverse

Profile picture fallback

A critical HPLIP vulnerability, CVE-2026-14544 (CVSS 9.8), lets a remote attacker gain arbitrary code execution via crafted print data. Patch now.

securityonline.info/hplip-vuln

  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback

Critical Linux Printing Flaw CVE-2026-14544 Exposes HP Systems to Remote Code Execution Risks + Video

Introduction: A Hidden Danger Inside Everyday Printing Infrastructure Printing systems are often considered low-risk components in enterprise environments, but modern attackers increasingly target overlooked services that operate with elevated access. A newly discovered vulnerability in HPLIP (HP Linux Imaging and Printing Software) demonstrates how a simple…

undercodenews.com/critical-lin

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Google
  • Chrome

08 Jul 2026
Published
09 Jul 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Statistics

  • 2 Posts

Last activity: 16 hours ago

Fediverse

Profile picture fallback

Google Chrome <150.0.7871.115 impacted by CRITICAL CVE-2026-15129 (use-after-free in Views). Remote code execution possible via malicious HTML. Patch status not confirmed — monitor advisory: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback

A severe vulnerability was disclosed for Google Chrome (CVE-2026-15129) vuldb.com/vuln/377083

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Palo Alto Networks
  • Cloud NGFW

08 Jul 2026
Published
09 Jul 2026
Updated

CVSS v4.0
HIGH (7.2)
EPSS
Pending

KEV

Description

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic. The security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. . Panorama is not impacted by this vulnerability.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Thirteen Palo Alto Networks product vulnerabilities were patched, including CVE-2026-0288 in PAN-OS enabling DoS and potential arbitrary code execution.
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Pending

05 Aug 2024
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
83.39%

Description

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

China-aligned group UNK_MassTraction is actively exploiting critical Roundcube vulnerabilities (CVE-2024-42009, CVE-2025-49113) to target physics and engineering departments at U.S. and Canadian universities. Attackers are stealing credentials and deploying web shells for persistent access. If your…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
📢 Campagne d'espionnage chinoise ciblant des universités via des failles Roundcube 📝 ## 🌐 Contexte Source : BleepingComputer, publié le 8 juillet 2… https://cyberveille.ch/posts/2026-07-09-campagne-d-espionnage-chinoise-ciblant-des-universites-via-des-failles-roundcube/ #CVE_2024_42009 #Cyberveille
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • mem0
  • mem0

07 Jul 2026
Published
08 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
Pending

KEV

Description

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.

Statistics

  • 1 Post
  • 8 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture fallback

I keep hearing how AI and LLMs are the future but they sure keep feeling like shitty applications from 20 years ago.

nvd.nist.gov/vuln/detail/CVE-2

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.

  • 1
  • 7
  • 0
  • 2h ago

Overview

  • Palo Alto Networks GlobalProtect Portal/Gateway Interface

19 Jul 2019
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
96.68%

Description

Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 20 hours ago

Fediverse

Profile picture fallback

This week a long-dormant Palo Alto flaw came back to life in GreyNoise data.

GlobalProtect CVE-2019-1579 (unauth RCE, CISA KEV) drew only isolated activity through late June, then more than 120 malicious hosts probed it on 06 July, almost all from a single hosting network. Separately, two coordinated hosting fleets ran the week's highest-volume web exploitation, roughly 7.5M connection attempts.

Access our public preview At The Edge Clear: greynoise.io/resources/at-the-

GreyNoise customers get the full weekly brief.

  • 1
  • 3
  • 0
  • 20h ago
Showing 1 to 10 of 53 CVEs