CVE-2026-46300

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

11 Posts
23 Interactions

Last activity: Last hour

Fediverse

Jan Schaumann @jschauma

As I was saying, we're not done with page cache LPEs.

Looks like a third variant just dropped (CVE-2026-46300):
https://github.com/v12-security/pocs/tree/main/fragnesia
https://github.com/v12-security/pocs/blob/d4043edc2acbd75d093e3f5795751b678c66b259/fragnesia/fragnesia.c

https://www.openwall.com/lists/oss-security/2026/05/13/3

Initial reading is defense against #DirtyFrag mitigates this, too, so perhaps not a full round of updates needed here.

6
3
0
14h ago

buherator @buherator

Officially lost track of Linux page cache LPE's - see also: "cache invalidation and naming things":

https://github.com/v12-security/pocs/tree/main/fragnesia

This is CVE-2026-46300

2
0
0
14h ago

Forst @forst

Apparently yet another one of those #DirtyFrag-like vulnerabilities in #Linux, this one called #Fragnesia

CVE-2026-46300

https://www.openwall.com/lists/oss-security/2026/05/13/3

#CopyFail

0
0
0
14h ago

:mastodon: decio @decio

et voilà il a reçu son nom de code CVE-2026-46300

0
0
0
13h ago

Günter Born @gborn

Linux LPE-Schwachstelle Fragnesia (CVE-2026-46300) - passt zum Feiertag

https://borncity.com/blog/2026/05/14/fragnesia-cve-2026-46300-neue-linux-schwachstelle-ermoeglicht-root-rechte/

0
0
1
Last hour

Bluesky

Microsoft Threat Intelligence @threatintel.microsoft.com

A new variant of the recent Dirty Frag vulnerability, named Fragnesia (CVE-2026-46300), has been discovered in the Linux XFRM ESP-in-TCP subsystem. Similar to Dirty Frag, Fragnesia exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory write primitive in the kernel.

4
6
0
8h ago

buherator @buherator.bsky.social

Officially lost track of Linux page cache LPE's: github.com -> This is CVE-2026-46300 Original->

0
1
0
14h ago

狐桜 @kzkr.xyz

真っ赤やね https://security-tracker.debian.org/tracker/CVE-2026-46300

0
1
0
8h ago

OMO @omo.bsky.social

Linux KernelのLPE（ローカル権限昇格）の脆弱性(Fragnesia(CopyFail3): CVE-2026-46300) #security #vulnerability #セキュリティ #脆弱性 #linux #kernel #dirtyflag #lpe #fragnesia #copyfail security.sios.jp/vulnerabilit...

0
0
0
7h ago

Undercode Testing @undercode.bsky.social

Fragnesia (CVE-2026-46300): 无竞争条件的内存任意写入 root 提权漏洞分析引言 Fragnesia（编号 CVE-2026-46300），亦称 Copy Fail 3.0，是 Linux 内核 XFRM ESP-in-TCP 子系统中新发现的一个本地提权漏洞。与 Dirty Pipe 等传统漏洞不同，Fragnesia 不依赖任何竞争条件，能够实现确定性、高成功率的攻击，任何未经授权的本地用户均可借此稳定获取 root 最高权限。学习目标理解 Fragnesia 漏洞的技术原理及其与 Dirty Frag / Copy Fail 漏洞家族的关系…

0
0
0
Last hour

CVE-2026-42945

Overview

F5
NGINX Plus

13 May 2026

Published

14 May 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

Pending

MITRE

KEV

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

6 Posts
30 Interactions

Last activity: 2 hours ago

Fediverse

Harry Sintonen @harrysintonen

CVE-2026-42945 Heap-based Buffer Overflow in #nginx combined with the linux kernel LPEs is "not great" as we say in the industry.

https://depthfirst.com/nginx-rift

#CVE_2026_42945

7
5
0
9h ago

Jan Schaumann @jschauma

CVE-2026-42945: Possible RCE in NGINX:

https://depthfirst.com/nginx-rift

Requires a specific regex based rewrite directive like

rewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1&tab=$2 last;

https://my.f5.com/manage/s/article/K000161019

(Of course also found & published by some AI platform. At least they told F5 first.)

And there's a bunch of other vulns in nginx that just dropped, but good luck keeping track if the list of security advisories contains no dates:

https://nginx.org/en/security_advisories.html

6
5
0
2h ago

cR0w @cR0w

RE: https://infosec.exchange/@cR0w/116568840324508660

Plenty of prerequisites but worth looking into.

https://my.f5.com/manage/s/article/K000161019

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. (CVE-2026-42945)

2
2
0
11h ago

kravietz 🦇 @kravietz

#Nginx CVE-2026-42945

A bug in the ngx_http_rewrite_module lets a remote, unauthenticated attacker corrupt the heap of an NGINX worker process by sending crafted URI. The trigger is a common configuration pattern: a rewrite directive with an unnamed regex capture ($1, $2) and a replacement string that contains a question mark, followed by another rewrite, if, or set directive.

https://depthfirst.com/nginx-rift

2
0
0
7h ago

Bluesky

Cyber Kendra @cyberkendra.com

NGINX Rift: An 18-Year-Old Bug Lets Hackers Hijack One-Third of the Internet's Web Servers Critical NGINX heap overflow (CVE-2026-42945, CVSS 9.2) allows unauthenticated RCE via crafted HTTP requests. Read Details- www.cyberkendra.com/2026/05/ngin... #infosec #security #internet #nginx

1
0
0
12h ago

NGINXのrewrite脆弱性 CVE-2026-42945 「NGINX Rift」は何を確認すべきか | ワルブリックス株式会社 https://www.walbrix.co.jp/article/cve-2026-42945-nginx-rewrite.html

0
0
0
3h ago

CVE-2026-40361

Overview

Microsoft
Microsoft 365 Apps for Enterprise

12 May 2026

Published

13 May 2026

Updated

CVSS v3.1

HIGH (8.4)

EPSS

0.06%

MITRE

KEV

Description

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Statistics

3 Posts
4 Interactions

Last activity: 18 hours ago

Fediverse

VessOnSecurity @bontchev

CVE-2026-40361 - Microsoft Word Remote Code Execution Vulnerability:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361

What's next - and RCE in Notepad?

2
0
0
22h ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

CVE-2026-40361 is a zero-click Outlook remote code execution flaw requiring patching to protect enterprise inboxes.

1
0
0
20h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Microsoft patched CVE-2026-40361, a critical zero-click Outlook bug that can trigger code execution from just reading or previewing an email. The flaw raises serious risks for enterprise inboxes. #Outlook #ExchangeServer #BadWinmail

1
0
0
18h ago

CVE-2026-41096

Overview

Microsoft
Windows 11 version 22H3

12 May 2026

Published

13 May 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.07%

MITRE

KEV

Description

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Statistics

4 Posts
9 Interactions

Last activity: 15 hours ago

Fediverse

Jan Korbel 🐧 @jackc

Microsoft Patch Tuesday 05/2026:
- opravy 120 zranitelností ve Windows, Officech, ale také třeba Malování(!)
- 17 kritických (z toho 14x RCE)
- krom toho mnoho (130+) oprav Edge nebo Teamsů

Velmi zajímavě vypadá zranitelnost CVE-2026-41096 ve Windows DNS klientovi(!), která umožňuje vzdálené spuštění kódu podstrčením připravených DNS odpovědí. S tím bych se vyloženě bál připojit se k sítím s cizím DNS.

#kybez

2
5
0
23h ago

Bluewall :verified: @Bluewall

Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?

DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc

#CVE202641096 #KQL #ThreatHunting #MDE

0
0
0
15h ago

Capstone Technologies Group @CapTechGroup

May 2026 Patch Tuesday: 137 vulnerabilities across Windows, Office, Exchange, Azure. CVE-2026-41089 (Netlogon buffer overflow) grants SYSTEM on domain controllers with no auth required. CVE-2026-41096 (DNS Client) exploitable...

https://captechgroup.com/about-us/threat-intelligence-center/may-2026-patch-tuesday-fixes-51-cves-across-window-36b2ed?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=may-2026-patch-tuesday-fixes-51-cves-across-windows-exchange-office

1
0
0
17h ago

CyberNetsecIO @netsecio

📰 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Microsoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! 🚨 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! ✅ #PatchTuesday

🔗 https://cyber.netsecops.io

1
0
0
16h ago

CVE-2026-41940

Overview

WebPros
cPanel

29 Apr 2026

Published

06 May 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

74.24%

MITRE

KEV

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

3 Posts

Last activity: 16 hours ago

Fediverse

pentest-tools.com @pentesttools

Seven FuelCMS CVEs documented. XSS callbacks now show IP and headers. Website Scanner detects exposed private keys passively. Scheduled scan exports. API risk filtering.

Also: free scanner for CVE-2026-41940, the cPanel auth bypass exploited for 64 days before a patch existed. No account needed.

https://pentest-tools.com/network-vulnerability-scanning/cve-2026-41940-scanner-cpanel-authentication-bypass

#infosec #pentesting #vulnerabilitymanagement

0
0
0
20h ago

Bluesky

Cybersecurity News Everyday @hendryadrian.bsky.social

Major patches hit SAP Commerce Cloud, SAP S/4HANA, and Apple macOS/iOS, while cPanel CVE-2026-41940 is actively exploited to drop a Filemanager backdoor. #SAP #Apple #Texas

0
0
0
22h ago

TugaTech 🖥️ @tugate.ch

Ataque a sistemas cPanel explora falha CVE-2026-41940 para instalar backdoor #ataque #cve #falha

0
0
0
16h ago

CVE-2026-34260

Overview

SAP_SE
SAP S/4HANA (SAP Enterprise Search for ABAP)

12 May 2026

Published

12 May 2026

Updated

CVSS v3.1

CRITICAL (9.6)

EPSS

0.01%

MITRE

KEV

Description

SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attacker may gain unauthorized access to sensitive database information and could potentially crash the application. This vulnerability has a high impact on the confidentiality and availability of the application, while integrity remains unaffected.

Statistics

3 Posts

Last activity: 4 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

Critical SAP S/4HANA SQL Injection Under Active Patching – CVE-2026-34260 (CVSS 96) What Undercode Say + Video A critical SQL injection vulnerability in the SAP Enterprise Search for ABAP component (CVE-2026-34260) has been patched, scoring a near-maximum CVSS 9.6 due to its potential for…

0
0
0
21h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

SAPが2026年5月のセキュリティパッチを公開、S/4HANAとCommerce CloudのCritical脆弱性を修正(CVE-2026-34260) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews

0
0
0
4h ago

ohhara @shiojiri.com

SAP、Commerce CloudとS/4HANAのCriticalな脆弱性に対処：CVE-2026-34263、CVE-2026-34260 | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45556/

0
0
0
22h ago

CVE-2026-0300

Overview

Palo Alto Networks
Cloud NGFW

06 May 2026

Published

12 May 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

14.43%

MITRE

KEV

Description

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Statistics

2 Posts
4 Interactions

Last activity: 11 hours ago

Fediverse

N_{Dario Fadda} @nuke

Critical Palo Alto PAN-OS Vulnerability CVE-2026-0300 Actively Exploited — Unauthenticated Root RCE on Firewalls
#CyberSecurity
https://securebulletin.com/critical-palo-alto-pan-os-vulnerability-cve-2026-0300-actively-exploited-unauthenticated-root-rce-on-firewalls/

4
0
0
18h ago

Bluesky

ripjyr.bsky.social @ripjyr.bsky.social

Paloaltoの脆弱性情報「CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0300

0
0
0
11h ago

CVE-2026-0073

Overview

Google
Android

04 May 2026

Published

05 May 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

2 Posts
4 Interactions

Last activity: 16 hours ago

Fediverse

N_{Dario Fadda} @nuke

PoC Exploit Released for Android Zero-Click CVE-2026-0073 — Silent ADB Shell Access on Android 14–16
#CyberSecurity
https://securebulletin.com/poc-exploit-released-for-android-zero-click-cve-2026-0073-silent-adb-shell-access-on-android-14-16/

4
0
0
16h ago

Bluesky

Undercode Testing @undercode.bsky.social

Android Zero-Click RCE via Wireless Debugging | CVE-2026-0073 – From Network Access to Full Shell + Video Introduction The Android Debug Bridge (ADB) is a powerful tool for developers, but when its security assumptions fail, it can become a backdoor. CVE-2026-0073 is a critical authentication…

0
0
0
22h ago

CVE-2026-0263

Overview

Palo Alto Networks
Cloud NGFW

13 May 2026

Published

14 May 2026

Updated

CVSS v4.0

HIGH (7.2)

EPSS

Pending

MITRE

KEV

Description

A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allows an unauthenticated network-based attacker to execute arbitrary code with elevated privileges on the firewall, or cause a denial of service (DoS) condition. Panorama, Cloud NGFW, and Prisma® Access are not impacted by these vulnerabilities.

Statistics

2 Posts
7 Interactions

Last activity: 11 hours ago

Fediverse

cR0w @cR0w

RE: https://infosec.exchange/@cR0w/116561921535290325

https://security.paloaltonetworks.com/CVE-2026-0263

This issue requires IKEv2 VPN tunnels that is configured with Post Quantum Cryptography (PQC).

1
6
0
12h ago

Bluesky

ripjyr.bsky.social @ripjyr.bsky.social

Paloaltoの脆弱性情報「CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing (Severity: HIGH)」が公開されました。 → https://security.paloaltonetworks.com/CVE-2026-0263

0
0
0
11h ago

CVE-2026-41089

Overview

Microsoft
Windows Server 2012

12 May 2026

Published

13 May 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.09%

MITRE

KEV

Description

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Statistics

3 Posts
2 Interactions

Last activity: 16 hours ago

Fediverse

Capstone Technologies Group @CapTechGroup

May 2026 Patch Tuesday: 137 vulnerabilities across Windows, Office, Exchange, Azure. CVE-2026-41089 (Netlogon buffer overflow) grants SYSTEM on domain controllers with no auth required. CVE-2026-41096 (DNS Client) exploitable...

https://captechgroup.com/about-us/threat-intelligence-center/may-2026-patch-tuesday-fixes-51-cves-across-window-36b2ed?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=may-2026-patch-tuesday-fixes-51-cves-across-windows-exchange-office

1
0
0
17h ago

CyberNetsecIO @netsecio

📰 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Microsoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! 🚨 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! ✅ #PatchTuesday

🔗 https://cyber.netsecops.io

1
0
0
16h ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 Patch Tuesday mai 2026 : 118 CVE Microsoft dont 3 critiques, volumes records chez Apple, Google, Mozilla et Oracle 📝 … https://cyberveille.ch/posts/2026-05-13-patch-tuesday-mai-2026-118-cve-microsoft-dont-3-critiques-volumes-records-chez-apple-google-mozilla-et-oracle/ #CVE_2026_41089 #Cyberveille

0
0
0
16h ago