CVE-2026-50751

Overview

checkpoint
Quantum Security Gateway

08 Jun 2026

Published

08 Jun 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Statistics

13 Posts
5 Interactions

Last activity: Last hour

Fediverse

circl @circl

Checkpoint - User Authentication Bypass in VPN Remote Access and Mobile Access

#checkpoint #vulnerabilitymanagement #vulnerability

https://vulnerability.circl.lu/vuln/CVE-2026-50751

2
1
0
5h ago

ThreatNoir @threatnoir

⚠️ CRITICAL: Check Point links VPN zero-day attacks to Qilin ransomware gang

Check Point VPN authentication bypass vulnerability (CVE-2026-50751) in IKEv1 deployments is actively exploited by Qilin ransomware operators since May 7. A few dozen organizations are affected globally with confirmed ransomware incidents tied to this flaw. Organizations running deprecated IKEv1 ke…

https://threatnoir.com/focus

#infosec #cybersecurity

0
0
0
6h ago

🔒 Security Cyber @securitycyber

🚨 [CRITICAL INFRASTRUCTURE ALERT]: CVE-2026-50751

• CVE ID: CVE-2026-50751
• CVSS Score: 9.3 (Critical)
• Affected: IKEv1 Setups

What it is:

https://securitycyber.uk

0
0
0
2h ago

Bluesky

Help Net Security @helpnetsecurity.com

Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) 📖 Read more: www.helpnetsecurity.com/2026/06/08/c... #cybersecurity #cybersecuritynews #0day #datatheft #ransomware #secureaccess #VPN #vulnerability

1
0
0
8h ago

Information Security Briefly @infosecbriefly.bsky.social

CVE-2026-50751 in Check Point Remote Access VPN and Mobile Access was exploited by a Qilin affiliate to bypass authentication and create VPN sessions, now patched.

1
0
0
2h ago

Information Security Briefly @infosecbriefly.bsky.social

CVE-2026-50751 in Check Point Remote Access/Mobile Access VPNs using IKEv1 lets attackers bypass password checks via a certificate validation flaw, with Qilin-linked activity observed.

0
0
0
5h ago

Information Security Briefly @infosecbriefly.bsky.social

CVE-2026-50751 enables unauthenticated attackers to bypass user authentication and establish VPN sessions on IKEv1-based Remote Access/Mobile Access deployments.

0
0
0
5h ago

boredchilada @boredchilada.bsky.social

~Cybergcca~ Check Point VPN authentication bypass (CVE-2026-50751) is under active exploitation. - IOCs: CVE-2026-50751 - #CVE202650751 #CheckPoint #ThreatIntel

0
0
0
4h ago

Bitnewsbot @bitnewsbot.bsky.social

Check Point warns of active exploitation of CVE-2026-50751, a critical VPN authentication bypass vulnerability. The flaw affects Remote Access VPN […]

0
0
0
3h ago

Rapid7 @rapid7.com

🚨 On 6/8/26, #CheckPoint published a security advisory for a critical vuln. affecting its Remote Access VPN, Mobile Access, and Spark Firewall products. CVE-2026-50751 allows an unauth. attacker to establish a VPN session without providing valid credentials. More: r-7.co/4fyoJJc

0
0
0
3h ago

Information Security Briefly @infosecbriefly.bsky.social

A critical authentication-bypass VPN flaw (CVE-2026-50751) was exploited starting May 7, prompting an emergency fix and revealing Qilin ransomware activity.

0
0
0
Last hour

Undercode Testing @undercode.bsky.social

Check Point VPN Zero-Day (CVE-2026-50751): Hackers Bypass IKEv1 Passwords in Active Ransomware Campaign Introduction: The legacy IKEv1 key exchange protocol, still active in many enterprise remote-access VPNs, harbors a critical logic flow weakness. Tracked as CVE-2026-50751 with a near-maximum…

0
0
0
Last hour

Cybersecurity News Everyday @hendryadrian.bsky.social

Check Point patched CVE-2026-50751, a critical VPN auth bypass used in zero-day attacks, and found CVE-2026-50752, an IKEv1 flaw tied to Qilin ransomware activity. #CheckPoint #Qilin #VPN

0
0
0
5h ago

CVE-2026-28318

Overview

SolarWinds
Serv-U

04 Jun 2026

Published

06 Jun 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

6.68%

MITRE

KEV

Description

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

Statistics

7 Posts
6 Interactions

Last activity: Last hour

Fediverse

N_{Dario Fadda} @nuke

CISA Warns: SolarWinds Serv-U CVE-2026-28318 Actively Exploited — Zero-Auth DoS Attack Hits File Transfer Platform
#CyberSecurity
https://securebulletin.com/cisa-warns-solarwinds-serv-u-cve-2026-28318-actively-exploited-zero-auth-dos-attack-hits-file-transfer-platform/

5
0
0
Last hour

𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical tensions escalated with Israel and Iran conducting mutual airstrikes (June 8, 2026). In technology, Apple's WWDC unveiled a Gemini-powered Siri (June 7, 2026). Cybersecurity faces immediate threats as CISA warns of active exploitation of a critical SolarWinds Serv-U vulnerability (CVE-2026-28318), urging urgent patching (June 8, 2026). Additionally, phishing now surpasses the Dark Web for stolen personal data.

#AnonNews_irc #Cybersecurity #News

0
1
0
14h ago

Dave Ward @ExileDev8668

CISA adds SolarWinds Serv-U DoS flaw to KEV (CVE-2026-28318, CVSS 7.5, actively exploited). Patch it. But also ask the question most teams skip: what privileged accounts are attached to that server, and when did anyone last review them?

0
0
0
9h ago

CyberNetsecIO @netsecio

📰 CISA Mandates Patch for Actively Exploited SolarWinds DoS Flaw Added to KEV Catalog

📢 CISA KEV ALERT! An actively exploited DoS flaw (CVE-2026-28318) in SolarWinds Serv-U is on the loose. Federal agencies must patch by June 19. All orgs using Serv-U are urged to update immediately! 🚨 #CVE #SolarWinds #Infosec #PatchNow

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/cisa-orders-patch-for-actively-exploited-solarwinds-serv-u-dos-vulnerability/?utm_…

0
0
0
4h ago

Bluesky

キタきつね @kitafox.bsky.social

CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Jun 5) CVE-2026-28318 SolarWinds Serv-Uのリソース消費制御不能の脆弱性 www.cisa.gov/news-events/...

0
0
0
22h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

CISA says attackers are exploiting a patched SolarWinds Serv-U flaw, CVE-2026-28318, via crafted POST requests that can crash the service. SolarWinds urges immediate upgrades. #SolarWinds #ServU #CISA

0
0
0
12h ago

Help Net Security @helpnetsecurity.com

CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318) 📖 REad more: www.helpnetsecurity.com/2026/06/08/c... #enterprise #filetransfer #government #vulnerability #cybersecurity #cybersecuritynews

0
0
0
10h ago

CVE-2026-20245

Overview

Cisco
Cisco Catalyst SD-WAN Manager

04 Jun 2026

Published

06 Jun 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.08%

MITRE

KEV

Description

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user. To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.

Statistics

4 Posts
5 Interactions

Last activity: 7 hours ago

Fediverse

Christoph Schmees @PC_Fluesterer

Cisco Murmeltier-Tag

Und (fast) täglich grüßt das Murmeltier ... Auf gefährliche #Zero-Day Sicherheitslücken in #Cisco Produkten zu wetten, ist eine ziemlich sichere Bank. Die neu entdeckte Lücke mit der Nummer CVE-2026-20245 (7,8 von 10) wird bereits für Angriffe ausgenutzt. Es gibt keine vorsorgliche Schutzmaßnahme und – Stand heute – auch noch keine Flicken von Cisco. Sämtliche Formen von SD-WAN sind verwundbar, von selber betrieben (on premise) bis Cloud. Die Schwachstelle ist, wie so oft, eine unzureichende Prüfung von Eingaben (insufficient validation of user-supplied input), eines der klassischen Merkmale von Hintertüren. Mit einer passend gedrechselten

https://www.pc-fluesterer.info/wordpress/2026/06/08/cisco-murmeltier-tag/

#0day #closedsource #cybercrime #exploits #hersteller #hintertür #sicherheit #UnplugTrump #wissen

2
2
0
7h ago

tomcat @tomcat

🚨 New Cisco SD-WAN vulnerability under active exploitation.

CVE-2026-20245 lets authenticated netadmin attackers run commands as root via crafted file uploads.

No patches or mitigations are available.

Check /var/log/scripts.log for IoCs.

Read: https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-manager-cve-2026.html

0
1
0
20h ago

Dave Ward @ExileDev8668

Cisco Catalyst SD-WAN Manager CVE-2026-20245 is being actively exploited with no patch available. CVSS 7.8, affecting on-prem, cloud, and FedRAMP deployments. The CVE is the headline, but it's not the real problem.

0
0
0
9h ago

Bluesky

キタきつね @kitafox.bsky.social

Cisco Catalyst SD-WAN Managerの脆弱性CVE-2026-20245が悪用されています – パッチは提供されていません Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available #HackerNews (Jun 6) thehackernews.com/2026/06/cisc...

0
0
0
22h ago

CVE-2026-3300

Overview

WPEverest
Everest Forms Pro

31 Mar 2026

Published

08 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.33%

MITRE

KEV

Description

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval(). The sanitize_text_field() function applied to input does not escape single quotes or other PHP code context characters. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code on the server by submitting a crafted value in any string-type form field (text, email, URL, select, radio) when a form uses the "Complex Calculation" feature.

Statistics

3 Posts

Last activity: 5 hours ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

Unauthenticated attackers can exploit CVE-2026-3300 in Everest Forms Pro to inject and execute arbitrary PHP via Complex Calculation, enabling site takeover.

0
0
0
8h ago

365tipu @365tipu.cz

Defiant varuje před kritickou zranitelností CVE-2026-3300 v pluginu Everest Forms Pro pro WordPress

0
0
0
6h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Critical Everest Forms Pro flaw (CVE-2026-3300) has been exploited for months to inject PHP, create admin accounts, and deploy web shells on WordPress sites. #EverestForms #CVE2026 #WordPress

0
0
0
5h ago

CVE-2026-50131

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

3 Posts
11 Interactions

Last activity: 5 hours ago

Fediverse

Fedify: ActivityPub server framework @fedify

Fedify security updates: 1.9.12, 1.10.11, 2.0.20, 2.1.16, and 2.2.5

If you use Fedify, update to a patched release now. CVE-2026-50131 affects Fedify's public URL validation for remote document and media loading. An attacker could use special-use IP address ranges to bypass Fedify's SSRF protections and cause a Fedify server to initiate requests to non-public or special-use network destinations, depending on the deployment environment and network routing.

Fedify validates remote ActivityPub document and media URLs before fetching them, including direct IP literals and hostnames resolved through DNS. The vulnerable path is validatePublicUrl(): affected versions rejected common private and local addresses, but still treated several special-use IPv4 ranges as public internet destinations. That gap could allow outbound requests to ranges such as carrier-grade NAT, benchmarking, multicast, reserved, and documentation networks.

The fix makes Fedify validate resolved addresses against public-network expectations instead of relying on the incomplete denylist. It rejects additional special-use IPv4 ranges and IPv6 translation or tunneling prefixes, including NAT64, Teredo, and 6to4 addresses, before remote document or media fetching proceeds.

Current patched releases are 1.9.12, 1.10.11, 2.0.20, 2.1.16, and 2.2.5. The GitHub Security Advisory is GHSA-xw9q-2mv6-9fr8, and the CVE ID is CVE-2026-50131.

Update @fedify/fedify:

npm  update  @fedify/fedify
yarn upgrade @fedify/fedify
pnpm update  @fedify/fedify
bun  update  @fedify/fedify
deno update  @fedify/fedify

If your project depends directly on @fedify/vocab-runtime, update that package too.

After updating, redeploy. If you run other Fedify-based servers, update those too.

Thanks to Chaitanya Vilas Garware for the report and responsible disclosure.

If anything is unclear, ask below.

6
2
1
5h ago

Hollo :hollo: @hollo

Hollo security updates: 0.7.18, 0.8.7, and 0.9.4

If you run Hollo, update to a patched release now. CVE-2026-50131 affects Fedify's SSRF protection, and Hollo depends on Fedify for ActivityPub federation.

Fedify guards against SSRF (Server-Side Request Forgery) when fetching remote ActivityPub objects, documents, and media by validating that the resolved destination is a public IP address. The previous SSRF fix (GHSA-p9cg-vqcc-grcx) blocked common private and local ranges such as 10.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, and 192.168.0.0/16, but the validation was incomplete—it still treated several special-use IPv4 ranges as public destinations that should have been rejected. These include carrier-grade NAT (100.64.0.0/10), benchmarking and internal testing networks (198.18.0.0/15), multicast (224.0.0.0/4), reserved (240.0.0.0/4), IETF protocol assignments (192.0.0.0/24), and documentation ranges (192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24).

An attacker who controls a remote ActivityPub object or media URL could therefore cause a Hollo instance to initiate outbound requests to non-public or special-use network ranges, depending on the deployment environment and network routing.

For full technical details of the underlying vulnerability, see the Fedify security advisory and the Fedify security announcement.

All Hollo versions up to and including 0.7.17, 0.8.6, and 0.9.3 are affected. Patched releases are 0.7.18 for the 0.7.x series, 0.8.7 for the 0.8.x series, and 0.9.4 for the 0.9.x series.

For 0.7.x deployments, update to 0.7.18:

docker pull ghcr.io/fedify-dev/hollo:0.7.18

For 0.8.x deployments, update to 0.8.7:

docker pull ghcr.io/fedify-dev/hollo:0.8.7

For 0.9.x deployments, update to 0.9.4:

docker pull ghcr.io/fedify-dev/hollo:0.9.4

After pulling the new image, restart your Hollo container. If you deploy from source, pull the corresponding release tag and restart.

Thanks to Chaitanya Vilas Garware for the report and responsible disclosure to the Fedify project.

If anything is unclear, ask below.

3
0
0
5h ago

CVE-2022-0492

Overview

kernel

03 Mar 2022

Published

03 Jun 2026

Updated

CVSS

Pending

EPSS

33.72%

MITRE

KEV

Description

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Statistics

2 Posts
5 Interactions

Last activity: 10 hours ago

Fediverse

N_{Dario Fadda} @nuke

CISA Adds Actively Exploited Linux Kernel CVE-2022-0492 to KEV Catalog — Patch Now
#CyberSecurity
https://securebulletin.com/cisa-adds-actively-exploited-linux-kernel-cve-2022-0492-to-kev-catalog-patch-now/

5
0
0
10h ago

Bluesky

guardian360.bsky.social @guardian360.bsky.social

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on June 2, 2026, added CVE-2022-0492 to its Known Exploited Vulnerabilities (KEV) catalog, formally confirming active in-the-wild exploitation of a high-severity Linux Kernel improper authentication flaw.

0
0
0
12h ago

CVE-2025-8088

Overview

win.rar GmbH
WinRAR

08 Aug 2025

Published

26 Feb 2026

Updated

CVSS v4.0

HIGH (8.4)

EPSS

10.20%

MITRE

KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

2 Posts
3 Interactions

Last activity: Last hour

Bluesky

780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social

Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched Trend Micro www.trendmicro.com/en_us/resear...

1
2
0
8h ago

boredchilada @boredchilada.bsky.social

~Trendmicro~ Threat actors SHADOW-EARTH-066 and Earth Dahu are exploiting WinRAR flaw CVE-2025-8088 to target Ukraine with GIFTEDCROOK stealer and espionage tools. - IOCs: 166[. ]0[. ]132[. ]237, 136[. ]0[. ]141[. ]41, 136[. ]0[. ]141[. ]138 - ...

0
0
0
Last hour

CVE-2026-11482

Overview

SourceCodester
Class and Exam Timetabling System

08 Jun 2026

Published

08 Jun 2026

Updated

CVSS v4.0

MEDIUM (6.9)

EPSS

0.03%

MITRE

KEV

Description

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

Statistics

2 Posts

Last activity: 6 hours ago

Fediverse

OffSequence @offseq

⚠️ CVE-2026-11482: MEDIUM severity SQL injection in SourceCodester Class and Exam Timetabling System 1.0 via 'sy' param in /archive5.php. No official patch yet — apply mitigations & monitor for attacks. https://radar.offseq.com/threat/cve-2026-11482-sql-injection-in-sourcecodester-cla-fd3076ab #OffSeq #SQLInjection #Vuln #InfoSec

0
0
0
16h ago

Hugo | DevOps | Cybersecurity @hugovalters

CVE-2026-11482 - SQLi in Sourcecodester Class & Exam Timetabling System 1.0. Remote exploit via /archive5.php?sy. CVSS 7.3. No patch available. Apply WAF rules immediately. #CVE #infosec #cybersecurity

https://www.valtersit.com/cve/CVE-2026-11482/

0
0
0
6h ago

CVE-2026-4372

Overview

huggingface
huggingface/transformers

24 May 2026

Published

26 May 2026

Updated

CVSS v3.0

HIGH (7.8)

EPSS

0.09%

MITRE

KEV

Description

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config.json` file containing the `_attn_implementation_internal` field set to an attacker-controlled HuggingFace Hub repository ID. When a victim loads this model using the standard `AutoModelForCausalLM.from_pretrained()` API, the library downloads and executes arbitrary Python code from the attacker's repository with the victim's full OS privileges. This issue arises due to unfiltered deserialization of configuration attributes, insufficient sanitization of internal fields, and unsandboxed execution of downloaded kernels. The vulnerability bypasses the `trust_remote_code` security mechanism, is invisible to the victim, and exploits the standard documented usage pattern, making it particularly severe. Users are advised to upgrade to version 5.3.0 or later to mitigate this issue.

Statistics

1 Post
5 Interactions

Last activity: Last hour

Fediverse

N_{Dario Fadda} @nuke

Critical HuggingFace Transformers Flaw CVE-2026-4372 Enables Silent RCE — 232 Million Installs at Risk
#CyberSecurity
https://securebulletin.com/critical-huggingface-transformers-flaw-cve-2026-4372-enables-silent-rce-232-million-installs-at-risk/

5
0
0
Last hour

CVE-2026-9614

Overview

Ivanti
Neurons for ITSM (On-Premises)

01 Jun 2026

Published

02 Jun 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.41%

MITRE

KEV

Description

An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access.

Statistics

1 Post
5 Interactions

Last activity: 10 hours ago

Fediverse

N_{Dario Fadda} @nuke

CVE-2026-9614 (CVSS 8.8): Ivanti Neurons for ITSM Flaw Allows Authenticated Attackers to Gain Full Admin Access
#CyberSecurity
https://securebulletin.com/cve-2026-9614-cvss-8-8-ivanti-neurons-for-itsm-flaw-allows-authenticated-attackers-to-gain-full-admin-access/

5
0
0
10h ago