24h | 7d | 30d

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

14 Jul 2026
Published
17 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
1.46%

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

Statistics

  • 9 Posts

Last activity: 1 hour ago

Fediverse

Profile picture fallback

CVE-2026-58644: CRITICAL RCE in Microsoft SharePoint enables remote, authenticated Site Owners to execute code via deserialization. Exploited in the wild — patch now (July 2026 updates). Details: radar.offseq.com/threat/fresh-

  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback

CISA adds critical SharePoint zero-day CVE-2026-58644 to KEV, requiring Federal agencies to patch by July 19.
thehackernews.com/2026/07/cisa
#cybersecurity #sharepoint #threatintel

  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback

📰 CISA KEV Alert: SharePoint RCE zero-day exploited in the wild

🚨 CISA KEV ALERT: A critical SharePoint RCE zero-day (CVE-2026-58644) is actively exploited. The 9.8 CVSS flaw allows authenticated attackers to take over servers. Patch immediately! #SharePoint #CyberSecurity #ZeroDay #RCE

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback

CISA KEV catalog adds three actively exploited flaws: FortiSandbox CVE-2026-25089, CVE-2026-39808, and SharePoint CVE-2026-58644. Patch by July 19.

securityonline.info/cisa-kev-f

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
Threat actors are exploiting a critical SharePoint RCE flaw (CVE-2026-58644), prompting CISA KEV listing and a three-day patch mandate for federal agencies.
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
CISA added a critical Microsoft SharePoint Server vulnerability, CVE-2026-58644, to its Known Exploited Vulnerabilities catalog. The flaw allows unauthenticated remote […]
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 6h ago
Profile picture fallback
CISA says attackers are exploiting CVE-2026-58644, a critical Microsoft SharePoint RCE flaw patched in July 2026 and now in the KEV catalog after confirmed exploitation. #SharePoint #CISA #Microsoft
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Today's #CTI brief for 2026-07-17: The patch queue is now an incident-response queue. CISA added CVE-2026-58644 to the exploited SharePoint set, plus two FortiSandbox command-injection flaws. #SharePoint #Fortinet #VulnMgmt
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Oracle Corporation
  • Oracle Payments

28 May 2026
Published
16 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
1.04%

Description

Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 3 Posts

Last activity: 1 hour ago

Fediverse

Profile picture fallback

⚠️ CRITICAL ALERT: CVE-2026-46817 allows unauthenticated takeover of Oracle E-Business Suite. With active exploitation verified, your perimeter is at risk. Get the forensic indicators, detection queries, and hardening playbooks you need to secure your infrastructure. thecybermind.co/k8ae

  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback

Critical Oracle E-Business Suite Flaw Under Active Exploitation, CISA Issues Urgent Warning

CISA confirms active exploitation of Oracle E-Business Suite vulnerability CVE-2026-46817. Learn who is affected, the risks, and how to protect your systems

thecybersecguru.com/news/oracl

  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback

📰 Critical Oracle E-Business Suite RCE Flaw (CVE-2026-46817) Under Active Attack

🚨 CRITICAL ALERT: A 9.8 CVSS flaw in Oracle E-Business Suite (CVE-2026-46817) is being ACTIVELY EXPLOITED for unauthenticated RCE. Attackers can take over the entire application. Patch immediately! #Oracle #EBS #CyberSecurity #CVE #RCE

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/cr

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Zoom Communications
  • Zoom Workplace for Windows

16 Jul 2026
Published
17 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.51%

KEV

Description

Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.

Statistics

  • 3 Posts

Last activity: 9 hours ago

Fediverse

Profile picture fallback

A Zoom critical vulnerability (CVE-2026-53412, CVSS 9.8) lets attackers hijack accounts on Windows with no user interaction. Update your client now.

securityexpress.info/cve-2026-

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
Zoomがアカウント乗っ取りの重大なバグであるCVE-2026-53412を修正 Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug #SecurityAffairs (Jul 16) securityaffairs.com/195454/secur...
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Zoom Workplace for Windows - Improper Input Validation (CVE-2026-53412) #patchmanagement
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 12 hours ago

Fediverse

Profile picture fallback

7-Zip Vulnerability Could Allow Remote Code Execution, Users Urged to Update Immediately

Millions of 7-Zip users are urged to update after CVE-2026-14266, a heap buffer overflow vulnerability that could lead to remote code execution

thecybersecguru.com/news/7-zip

  • 0
  • 0
  • 0
  • 12h ago

Bluesky

Profile picture fallback
7-Zipの脆弱性CVE-2026-14266により、細工されたXZデータを介してリモートコード実行が可能になる 7-Zip Vulnerability CVE-2026-14266 Allows Remote Code Execution Through Crafted XZ Data #DailyCyberSecurity (Jul 16) securityonline.info/7-zip-vulner...
  • 1
  • 0
  • 0
  • 12h ago

Overview

  • Linux
  • Linux

04 Jul 2026
Published
08 Jul 2026
Updated

CVSS
Pending
EPSS
0.18%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. The rmap_remove() call would miss entries created after the PDE change because the GFN of the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf page. In this case the gfn can be made to match, but the role does not match: the original large 2MB page creates a kvm_mmu_page with direct=1, while the new 4KB needs a kvm_mmu_page with direct=0. However, kvm_mmu_get_child_sp() does not compare the role, and therefore reuses the page. The next step is installing a leaf (4KB) SPTE on the new path which records an rmap entry under the gfn resolved by the walk. But when that child is zapped its parent kvm_mmu_page has direct=1 and kvm_mmu_page_get_gfn() computes the gfn for the 4KB page as sp->gfn + index instead of using sp->shadowed_translation[] (or sp->gfns[] in older kernels). It therefore fails to remove the recorded entry. When the memslot is dropped the shadow page is freed but the rmap entry survives, as in the scenario that was already fixed. Code that later walks that gfn (dirty logging, MMU notifier invalidation, and so on) dereferences an sptep that lies in the freed page, causing the use-after-free.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 8 hours ago

Bluesky

Profile picture fallback
「“⁠linux-vmware⁠”というフレーバーのカーネルが定期的にリリースされるようになっています。おそらくVMware環境向けの専用カーネルと思われますが、正式なリリースやドキュメントはまだ存在していません」 Ubuntu 26.10(Stonking)の開発; ubuntu-lint、“Januscape”(CVE-2026-53359)脆弱性の緩和策 | gihyo jp gihyo.jp/admin/clip/0...
  • 0
  • 1
  • 0
  • 8h ago
Profile picture fallback
Ubuntu 26.10(Stonking)の開発; ubuntu-lint、“Januscape”(CVE-2026-53359)脆弱性の緩和策 | gihyo.jp
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • n8n-io
  • n8n

09 Jul 2026
Published
14 Jul 2026
Updated

CVSS v4.0
HIGH (7.6)
EPSS
0.14%

KEV

Description

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacker with a valid token from one trusted issuer and a sub matching a victim under another issuer to authenticate as that victim. This issue is fixed in versions 2.27.4 and 2.28.1.

Statistics

  • 2 Posts

Last activity: 16 hours ago

Bluesky

Profile picture fallback
A critical identity-binding flaw in n8n‘s token exchange allowed account takeover when multiple external issuers were trusted. The vulnerability (CVE-2026-59208) […]
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
n8n fixed CVE-2026-59208, where Enterprise token exchange could ignore issuer binding and log users into the wrong account when multiple external issuers were trusted. Affects versions below 2.27.4 and 2.28.0. #n8n #CVE202659208 #RFC8693
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Fortinet
  • FortiSandbox

09 Jun 2026
Published
17 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
36.14%

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests

Statistics

  • 4 Posts

Last activity: 8 hours ago

Fediverse

Profile picture fallback

CISA KEV catalog adds three actively exploited flaws: FortiSandbox CVE-2026-25089, CVE-2026-39808, and SharePoint CVE-2026-58644. Patch by July 19.

securityonline.info/cisa-kev-f

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
CVE-2026-25089: FortiSandbox unauthenticated command injection added to CISA KEV https://hellorecon.com/blog/cve-2026-25089
  • 0
  • 0
  • 1
  • 19h ago
Profile picture fallback
CISA added two actively exploited FortiSandbox flaws, CVE-2026-39808 and CVE-2026-25089, to its KEV catalog. Fortinet says they can enable unauthenticated remote code execution. #Fortinet #FortiSandbox #CISA
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • SonicWall
  • SMA1000

14 Jul 2026
Published
16 Jul 2026
Updated

CVSS
Pending
EPSS
1.27%

Description

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 14 hours ago

Fediverse

Profile picture fallback

‼️ CVE-2026-15409: PoC exploit for CVE-2026-15409 that achieves non-root remote code execution on SonicWall SMA 1000 appliances.

GitHub: github.com/remmons-r7/rapid7-C

  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback

⚠️ CRITICAL: Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

Two zero-day vulnerabilities in SonicWall SMA 1000 appliances are actively exploited in the wild. CVE-2026-15409 is an SSRF flaw, while CVE-2026-15410 allows unauthenticated attackers to execute arbitrary commands as admin. Organizations using these devices face immediate risk of full appliance com…

threatnoir.com/focus

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

14 Jul 2026
Published
16 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.38%

Description

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Active exploitation of CVE-2026-56155 in Microsoft ADFS puts your identity perimeter at risk. Our latest TSUITE brief delivers the forensic indicators, detection queries, and compensating controls needed to neutralize this privilege escalation threat. Secure your architecture today. thecybermind.co/al3f

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
~Cybergcca~ Multiple vendors including Microsoft and Fortinet have critical vulnerabilities actively exploited and added to CISA KEV. - IOCs: CVE-2026-56164, CVE-2026-56155, CVE-2026-39808 - #CISAKEV #ThreatIntel #VulnManagement
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Siemens
  • RUGGEDCOM ROX MX5000

12 May 2026
Published
13 May 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.54%

KEV

Description

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend. This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.

Statistics

  • 2 Posts

Last activity: 1 hour ago

Fediverse

Profile picture fallback

📰 Siemens ROX II Zero-Day Chain Allows Full Root Access on OT Switches

Unit 42 & Siemens disclose a 3-vulnerability zero-day chain in ROX II OT switches. The exploit (CVE-2025-40949, etc.) allows persistent root access. Patching to firmware V2.17.1 is critical. #ICS #OTsecurity #Vulnerability #CyberSecurity

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/si

  • 0
  • 0
  • 0
  • 1h ago

Bluesky

Profile picture fallback
@paloaltonetworks.com Three chained zero-days in Siemens ROX II OT switches allow full root access and persistent control. - IOCs: CVE-2025-40948, CVE-2025-40947, CVE-2025-40949 - #OTSecurity #Siemens #ThreatIntel #ZeroDay
  • 0
  • 0
  • 0
  • 4h ago
Showing 1 to 10 of 47 CVEs