24h | 7d | 30d

CVE-2026-28318

Overview

  • SolarWinds
  • Serv-U
04 Jun 2026
Published
06 Jun 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
5.32%
KEV

Description

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Statistics

  • 10 Posts
  • 2 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
Tod Beardsley @todb

w/r/t CVE-2026-28318 - I kinda like the mitigation guidance of "well just block HTTP clients from sending Content-encoding: deflate on POSTs and you're good." Which sounded crazy to me at first, but is it?

I know POSTs can be compressed, but I'd expect clients to use gzip pretty much exclusively. The history of deflate is fraught with compatability issues.

acceptencoding.com/deflate

change-my-mind.png

  • 1
  • 0
  • 0
  • 22h ago
Profile picture fallback
Michael I Ransier @thecybermind

CISA KEV Threat Alert: Weaponized CVE-2026-28318 Unauthenticated DoS Hits SolarWinds Serv-U🚨 CRITICAL CISA KEV ALERT: Threat actors are actively exploiting CVE-2026-28318, an unauthenticated Denial of Service flaw crashing internet-exposed SolarWinds Serv-U instances using malformed HTTP POST requests. Federal mandate deadlines are set.
thecybermind.co/h1gp

  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
Michael I Ransier @thecybermind

🏢 BOARD-LEVEL CYBER RISK DIRECTIVE: Executive liability, cyber insurance compliance, and corporate data sovereignty face immediate exposure via active exploitation of SolarWinds Serv-U (CVE-2026-28318). Mandatory remediation actions are required by June 19, 2026. thecybermind.co/7t7p

  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
🔒 Security Cyber @securitycyber

🚨 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-28318

• CVE ID: CVE-2026-28318
• CVSS Score: 7.5 (High)
• Affected: SolarWinds Serv-U DoS
• ⚠️ CISA KEV: Known Exploited Vulnerability — SolarWinds Serv-U (added 2026-06-05)

What it is:

securitycyber.uk

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
CISA says attackers are exploiting SolarWinds Serv-U CVE-2026-28318 to crash exposed servers via crafted POST requests. SolarWinds has issued Hotfix 1 for the denial-of-service flaw. #SolarWinds #ServU #CISA
  • 0
  • 1
  • 0
  • 19h ago
Profile picture fallback
boredchilada @boredchilada.bsky.social
~Cisa~ CISA added SolarWinds Serv-U vulnerability CVE-2026-28318 to its KEV catalog due to active exploitation. - IOCs: CVE-2026-28318 - #CVE202628318 #SolarWinds #ThreatIntel
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CISA Warns: SolarWinds Serv-U Zero-Day CVE-2026-28318 Actively Exploited – Patch Now or Face DoS Attacks! + Video Introduction: The SolarWinds Serv-U file transfer software, widely used for managed file transfer (MFT) across enterprises, has become the latest victim of active exploitation. CISA…
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
CISA added CVE-2026-28318 to KEV, citing active exploitation of a SolarWinds Serv-U DoS flaw that crashes the service via crafted unauthenticated POST requests.
  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
CISA added CVE-2026-28318, an actively exploited DoS flaw in SolarWinds Serv-U, to its KEV catalog. SolarWinds has released a fix in 15.5.4 HF1. #SolarWinds #ServU #CISA
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CISA Issues Emergency Directive: SolarWinds Serv-U Zero-Day Under Active Attack—Patch by June 19! + Video Introduction: A critical unauthenticated Denial-of-Service (DoS) vulnerability in SolarWinds Serv-U (CVE-2026-28318) is now being actively exploited in the wild. This flaw allows any remote…
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-20245

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager
04 Jun 2026
Published
06 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.08%
KEV

Description

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user. To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.

Statistics

  • 9 Posts
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
byteguard @byteguard

CVE-2026-20245 in Cisco Catalyst SD-WAN Manager is being actively exploited. No patch timeline from Cisco. The advisory landed Thursday; attackers had at least a week before disclosure.

Network admins: take management plane off the public internet now. Restrict to a dedicated OOB management network. If external access was open, treat the system as compromised and check for lateral movement.

The list of Cisco SD-WAN 0-days exploited before patches land is getting long.

#CVE #infosec #sysadmin

  • 1
  • 0
  • 0
  • 5h ago
Profile picture fallback
CyberNetsecIO @netsecio

📰 Actively Exploited Zero-Day in Cisco SD-WAN Allows Root Access, No Patch Available

⚠️ URGENT: Cisco warns of an actively exploited zero-day (CVE-2026-20245) in Catalyst SD-WAN products. The flaw allows root access with no patch available. Attackers are pushing malicious configs. #0day #Cisco #CyberAttack #Vulnerability

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
ThreatNoir @threatnoir

⚠️ CRITICAL: Cisco warns of unpatched SD-WAN zero-day exploited in attacks

Cisco Catalyst SD-WAN Manager has an unpatched zero-day (CVE-2026-20245) being actively exploited to gain root access. Local attackers with netadmin privileges can bypass input validation and execute arbitrary commands, leading to unauthorized configuration changes on edge devices. Any organization…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
ThreatNoir @threatnoir

⚠️ CRITICAL: Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026

Cisco released CVE-2026-20245, a root RCE in Catalyst SD-WAN Manager affecting authenticated netadmin users through malicious file uploads. This is the seventh SD-WAN zero-day exploited this year with confirmed cases of attackers modifying edge device configurations. No patches exist yet and workar…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
ThreatNoir @threatnoir

⚠️ CRITICAL: Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

Cisco Catalyst SD-WAN Manager is under active exploitation due to CVE-2026-20245, a high-severity authentication bypass that allows local attackers to execute arbitrary commands as root. No patch is available yet. Any organization running affected SD-WAN Manager instances is at immediate risk of fu…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 2h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

**Geopolitical:** The U.S. House passed legislation providing aid to Ukraine and imposing new sanctions on Russia. Middle East tensions remain high, with Iran linking any peace deal to the resolution of the Lebanon conflict and the release of frozen assets.

**Technology:** President Trump signed an executive order on AI in the national security enterprise, focusing on cybersecurity. SpaceX's $1.8 trillion IPO is anticipated by June 12. NASA successfully demonstrated multi-network communication for spacecraft.

**Cybersecurity:** Cisco issued a warning regarding an actively exploited zero-day vulnerability (CVE-2026-20245) in its Catalyst SD-WAN, for which no patch is currently available. CISA added a critical Magento RCE flaw (CVE-2026-45247) to its KEV catalog, with federal agencies mandated to apply fixes by June 6, 2026.

#Cybersecurity #Geopolitics #AI

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Unknown attackers exploit a Cisco Catalyst SD-WAN Manager zero-day (CVE-2026-20245) via crafted file upload, enabling root command execution; patch timing is not announced.
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
Ninja Owl @ninjaowl.ai
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Eyal Estrin ☁️ @eyalestrin.bsky.social
Urgent Cisco SD WAN Manager zero day vulnerability actively exploited (CVE-2026-20245) #patchmanagement
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-0257

Overview

  • Palo Alto Networks
  • Cloud NGFW
13 May 2026
Published
30 May 2026
Updated
CVSS v4.0
HIGH (7.8)
EPSS
47.85%
KEV

Description

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 4 hours ago

Fediverse

Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Recent reports (June 4-5) highlight escalating geopolitical tensions with an Iranian strike on Kuwait airport and advances in Ukraine's drone capabilities. In cybersecurity, a major crackdown disrupted 1.4M SE Asian scam accounts, while a critical Palo Alto Networks vuln (CVE-2026-0257) and new HTTP/2 Bomb DoS attack pose significant threats. Tech advancements include a microreactor reaching criticality and AI integration for military defense.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 1
  • 0
  • 18h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-0257: Critical PAN-OS GlobalProtect Auth Bypass Under Active Attack—Patch Now! + Video Introduction: An authentication bypass vulnerability, designated CVE-2026-0257, is actively exploited in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components, enabling unauthenticated…
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Sami Laiho @samilaiho.com
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 unit42.paloaltonetworks.com/active-explo...
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-49975

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 6 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
FOSS-Daily! @fossdaily

CVE-2026-49975 is a new DoS vulnerability that chains HPACK and flow control to exhaust server memory.

#Linux #selfHosting #homeLab
srv.foss-daily.org/q/tThkWp4Up

  • 3
  • 3
  • 0
  • 23h ago

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #HAProxy includes "Protecting against HTTP/2 Bomb vulnerability (CVE-2026-49975) with HAProxy" and "Announcing HAProxy 3.4". #DevOps #Kubernetes #Security https://opsmtrs.com/3aGSzYy
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-3300

Overview

  • WPEverest
  • Everest Forms Pro
31 Mar 2026
Published
08 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.31%
KEV

Description

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval(). The sanitize_text_field() function applied to input does not escape single quotes or other PHP code context characters. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code on the server by submitting a crafted value in any string-type form field (text, email, URL, select, radio) when a form uses the "Complex Calculation" feature.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: Last hour

Bluesky

Profile picture fallback
BleepingComputer @bleepingcomputer.com
Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website.
  • 0
  • 2
  • 0
  • 2h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical 0-Day Alert: Unauthenticated RCE in Everest Forms Pro (CVE-2026-3300) Enables Full Site Takeover + Video Introduction: A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2026-3300 with a CVSS score of 9.8 (Critical), is being actively exploited in the wild against the…
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-71317

Overview

  • Riello UPS
  • NetMan 204
05 Jun 2026
Published
05 Jun 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.06%
KEV

Description

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint (for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax parameter validation can be shortened to /cgi-bin/login.cgi?username=eurek%20eurek) to obtain administrator privileges, allowing them to alter device configuration, enable the telnet/SSH services, and reset local user credentials.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 21 hours ago

Fediverse

Profile picture fallback
cR0w @cR0w

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint (for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax parameter validation can be shortened to /cgi-bin/login.cgi?username=eurek%20eurek) to obtain administrator privileges, allowing them to alter device configuration, enable the telnet/SSH services, and reset local user credentials.

nvd.nist.gov/vuln/detail/CVE-2

  • 2
  • 4
  • 0
  • 21h ago

CVE-2026-45777

Overview

  • ubccr
  • xdmod
05 Jun 2026
Published
05 Jun 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 7 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CVE-2026-45777: CRITICAL OS command injection in Open XDMoD v9.5.0 – 11.0.2. Remote attackers can run system commands with web server privileges. Patch to 11.0.3 or apply fix now. No known exploitation. radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 7h ago

CVE-2026-46333

Overview

  • Linux
  • Linux
15 May 2026
Published
23 May 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.01%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 20 hours ago

Bluesky

Profile picture fallback
AlmaLinux @almalinux.org
Patched kernels for CVE-2026-46333 are now in production repos. A single dnf upgrade and reboot gets you patched kernels for ssh-keysign-pwn and Fragnesia 👉 https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/?utm_medium=social&utm_source=bluesky
  • 0
  • 1
  • 1
  • 20h ago

CVE-2026-46243

Overview

  • Linux
  • Linux
01 Jun 2026
Published
05 Jun 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.02%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

Greg Kroah-Hartman pushed out a full batch of stable kernels: 7.0.11, 6.18.34, 6.12.92, 6.6.142, 6.1.175, 5.15.209, and 5.10.258, each carrying fixes across the tree. The one to note is the patch for CVE-2026-46243, the "CIFSwitch" vulnerability that can be exploited for local privilege escalation. When a fix lands across five LTS lines at once, it is worth pulling sooner rather than later. Which kernel branch do you keep your boxes on, and how fast do you take point releases?
#kernel #Linux

  • 0
  • 1
  • 0
  • 3h ago

CVE-2026-48095

Overview

  • mcmilk
  • 7-Zip
05 Jun 2026
Published
05 Jun 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCuSize shift UB), potentially allowing attackers to cause arbitrary code execution or application crashes. CInStream::GetCuSize() in the NTFS handler computes the compression-unit buffer size as (UInt32)1 << (BlockSizeLog + CompressionUnit), and a crafted image with ClusterSizeLog >= 28 and CompressionUnit == 4 drives the exponent to 32, which is undefined behavior and collapses on x86/x64 so _inBuf is allocated as 1 byte. ReadStream_FALSE then writes up to 256 MB of attacker-controlled data into that 1-byte buffer in 64 KB iterations, and because the CInStream object sits only 304 bytes after _inBuf, its vtable pointer is overwritten and the next dispatched call achieves a vtable hijack. On 32-bit builds the overflow is unconditionally reached; on 64-bit it requires the parallel 8 GB _outBuf allocation to succeed, otherwise failing closed to denial of service. The NTFS handler is enabled by default in stock 7z.dll and, via signature-based fallback matching "NTFS " at offset 3, will open a crafted image regardless of file extension during extraction or testing. Version 26.01 fixes the issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
GHSL-2026-140/CVE-2026-48095: Critical 7-Zip Heap Buffer Overflow Enables Silent Vtable Hijack — Update Now or Risk Full System Compromise Introduction 7-Zip versions 26.00 and earlier contain a heap buffer write overflow in their NTFS archive handler, triggered by an integer overflow in memory…
  • 0
  • 1
  • 0
  • 11h ago
Showing 1 to 10 of 46 CVEs