CVE-2026-26083

Overview

Fortinet
FortiSandbox Cloud

12 May 2026

Published

13 May 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.04%

MITRE

KEV

Description

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests.

Statistics

3 Posts

Last activity: 10 hours ago

Bluesky

tamosan @tamosan.bsky.social

FortiSandboxの脆弱性。Web UIに認証されていないユーザーがコードやコマンドを投げれるようす：FG-IR-26-136｜CVE-2026-26083｜PSIRT | FortiGuard Labs https://www.fortiguard.com/psirt/FG-IR-26-136

0
0
0
17h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Fortinet patches critical RCE flaws in FortiAuthenticator and FortiSandbox. CVE-2026-44277 and CVE-2026-26083 could let unauthenticated attackers run unauthorized code or commands. #Fortinet #FortiAuthenticator #FortiSandbox

0
0
0
20h ago

ohhara @shiojiri.com

Fortinet、FortiSandboxとFortiAuthenticatorの重大なRCE脆弱性について警告（CVE-2026-44277、CVE-2026-26083） | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45561/

0
0
0
10h ago

CVE-2026-30893

Overview

wazuh
wazuh

29 Apr 2026

Published

29 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.0)

EPSS

0.08%

MITRE

KEV

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the intended extraction directory on other cluster nodes. This can be escalated to code execution in the Wazuh service context by overwriting Python modules loaded by Wazuh components (proof of concept available as separate attachment). In deployments where the cluster daemon runs with elevated privileges, system-level compromise is possible. This issue has been patched in version 4.14.4.

Statistics

2 Posts

Last activity: 2 hours ago

Fediverse

benzogaga33 :verified: @benzogaga33

Wazuh – CVE-2026-30893 : un patch est disponible pour cette faille critique https://www.it-connect.fr/wazuh-cve-2026-30893-un-patch-est-disponible-pour-cette-faille-critique/ #ActuCybersécurité #Cybersécurité #Vulnérabilité

0
0
0
2h ago

Bluesky

IT-Connect @it-connect.bsky.social

➡️ Wazuh - Un patch est disponible Une faille de sécurité critique, associée à la référence CVE-2026-30893 et affichant un score CVSS de 9.9, a été révélée récemment au sein de Wazuh. 🛡️ Quels sont les risques ? Comment se protéger ? www.it-connect.fr/wazuh-cve-20... #CVE #Wazuh

0
0
0
3h ago

CVE-2026-32661

Overview

Canon Marketing Japan Inc.
GUARDIANWALL MailSuite (On-premises version)

13 May 2026

Published

13 May 2026

Updated

CVSS v3.0

CRITICAL (9.8)

EPSS

0.14%

MITRE

KEV

Description

Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege.

Statistics

2 Posts

Last activity: 9 hours ago

Fediverse

OffSequence @offseq

🚨 CRITICAL: CVE-2026-32661 stack buffer overflow in Canon GUARDIANWALL MailSuite (v1.4.00 – 2.4.26). Remote code execution possible. Restrict network access & monitor pop3wallpasswd. Patch pending. https://radar.offseq.com/threat/cve-2026-32661-stack-based-buffer-overflow-in-cano-fe8551b1 #OffSeq #CVE202632661 #infosec #vuln

0
0
0
10h ago

Bluesky

ケイ | 副業Webライター📖 @keiwork35.bsky.social

GUARDIANWALL MailSuiteの脆弱性とは？影響範囲や悪用状況、対策をわかりやすく解説本記事では、GUARDIANWALL MailSuiteの脆弱性（CVE-2026-32661）の概要、影響を受ける環境、想定されるリスク、利用者が取るべき対策をわかりやすく解説します。

0
0
0
9h ago

CVE-2025-8088

Overview

win.rar GmbH
WinRAR

08 Aug 2025

Published

26 Feb 2026

Updated

CVSS v4.0

HIGH (8.4)

EPSS

8.29%

MITRE

KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

2 Posts
5 Interactions

Last activity: 5 hours ago

Fediverse

паляниця 🇺🇦 @palianytsia_200

Finally pushed my Pterodo / UAC-0010 tracker public after sitting in a private gitea for a year+: github.com/palianytsia-200/U-OB-KY

Personal notes since late 2024 (when CERT-UA went quiet on UAC-0010 — last public advisory 2023-07-13). IOC tracksheets, dated research notes, draft Suricata rules.

Current focus: Wave-2 HTML lander batch on 212.193.20.110, RAR droppers chaining CVE-2025-8088 + CVE-2025-6218 via NTFS ADS. Notes in `notes/2026-05-rar-exploit-chain.md`.

VT free tier so this is not a feed — just one person's running notes. Comments / corrections welcome.

#Pterodo #UAC0010 #Gamaredon #ThreatIntel

0
1
0
12h ago

Bluesky

780th Military Intelligence Brigade (Cyber) @780thmibdecyber.bsky.social

Gamaredon, also known as Aqua Blizzard, Primitive Bear, Shuckworm or UAC-0010, has been exploiting CVE-2025-8088 to target Ukrainian organizations. Harfang Lab harfanglab.io/insidethelab...

1
3
0
5h ago

CVE-2026-43284

Overview

Linux
Linux

08 May 2026

Published

11 May 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.01%

MITRE

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output_head(), the path that appends the ESP trailer to existing skb tailroom without calling skb_cow_data() is not reachable for nonlinear skbs: skb_tailroom() returns zero when skb->data_len is nonzero, while ESP tailen is positive. Thus ESP output will either use the separate destination-frag path or fall back to skb_cow_data().

Statistics

2 Posts

Last activity: 1 hour ago

Fediverse

Haelwenn /элвэн/ :triskell: @lanodan

Date: Wed, 13 May 2026 09:36:02 +0000 (UTC)
Subject: Security Advisory: New Kernel Vulnerability "Dirty Frag" (CVE-2026-43284)
From: Scaleway <no-reply@scaleway.net>

Slowpoke scaleway :D

0
0
0
1h ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #SafeBreach includes "Dirty Frag Vulnerability (CVE-2026-43284 & CVE-2026-43500): Why Reliable #Linux Privilege Escalation Changes the Defense Equation". #Cybersecurity https://opsmtrs.com/41NWGuQ

0
0
0
13h ago

CVE-2026-34260

Overview

SAP_SE
SAP S/4HANA (SAP Enterprise Search for ABAP)

12 May 2026

Published

12 May 2026

Updated

CVSS v3.1

CRITICAL (9.6)

EPSS

0.01%

MITRE

KEV

Description

SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attacker may gain unauthorized access to sensitive database information and could potentially crash the application. This vulnerability has a high impact on the confidentiality and availability of the application, while integrity remains unaffected.

Statistics

2 Posts

Last activity: 9 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

Critical SAP S/4HANA SQL Injection Under Active Patching – CVE-2026-34260 (CVSS 96) What Undercode Say + Video A critical SQL injection vulnerability in the SAP Enterprise Search for ABAP component (CVE-2026-34260) has been patched, scoring a near-maximum CVSS 9.6 due to its potential for…

0
0
0
9h ago

ohhara @shiojiri.com

SAP、Commerce CloudとS/4HANAのCriticalな脆弱性に対処：CVE-2026-34263、CVE-2026-34260 | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45556/

0
0
0
10h ago

CVE-2026-32202

Overview

Microsoft
Windows 10 Version 1607

14 Apr 2026

Published

12 May 2026

Updated

CVSS v3.1

MEDIUM (4.3)

EPSS

7.19%

MITRE

KEV

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

Statistics

1 Post
4 Interactions

Last activity: 2 hours ago

Fediverse

N_{Dario Fadda} @nuke

CISA Adds CVE-2026-32202 to KEV Catalog as APT28 Actively Exploits Zero-Click Windows Shell Flaw
#CyberSecurity
https://securebulletin.com/cisa-adds-cve-2026-32202-to-kev-catalog-as-apt28-actively-exploits-zero-click-windows-shell-flaw/

4
0
0
2h ago

CVE-2026-35433

Overview

Microsoft
.NET 10.0

12 May 2026

Published

13 May 2026

Updated

CVSS v3.1

HIGH (7.3)

EPSS

0.11%

MITRE

KEV

Description

Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.

Statistics

2 Posts
2 Interactions

Last activity: 1 hour ago

Fediverse

Brandon H :csharp: :verified: @bc3tech

via @dotnet : .NET and .NET Framework May 2026 servicing releases updates

https://ift.tt/nkE2LOt
#dotnet #dotnetframework #May2026 #servicingupdates #securityupdates #cve202632177 #cve202635433 #cve202632175 #cve202642899 #release8 #dotnet10 #dotnet9 #dotnet8 #a…

1
0
0
1h ago

Bluesky

uk-news.bsky.social @uk-news.bsky.social

Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days https://www.europesays.com/uk/955486/ Tag CVE ID CVE Title Severity .NET CVE-2026-35433 .NET Elevation of Privilege Vulnerability Important …#uk #news #uknews

1
0
0
21h ago

CVE-2026-44774

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

3 Posts
4 Interactions

Last activity: 22 hours ago

Fediverse

DB Tech @dbtechyt

Traefik v3.7.1 patches CVE-2026-44774 and fixes cross-provider namespace issues in Kubernetes. Read the migration guide before upgrading, this one matters. #selfhosted #homelab

https://github.com/traefik/traefik/releases/tag/v3.7.1

2
2
2
22h ago

CVE-2026-21535

Overview

Microsoft
Microsoft Teams

19 Feb 2026

Published

11 May 2026

Updated

CVSS v3.1

HIGH (8.2)

EPSS

0.09%

MITRE

KEV

Description

Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.

Statistics

1 Post
2 Interactions

Last activity: 7 hours ago

Fediverse

Vito Botta @vitobotta

CVE-2026-21535: unauthenticated info disclosure in Microsoft Teams. Network access is all an attacker needs, no credentials at all. The app sitting open on every corporate laptop right now. Go patch it. https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days/

1
1
0
7h ago