Whats The Hax?

CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration 5h ago CVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_key 5h ago CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending() 5h ago CVE-2026-28387 Potential Use-after-free in DANE Client Code 5h ago CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd 5h ago CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() 5h ago CVE-2025-71072 shmem: fix recovery on rename failures 5h ago CVE-2025-71073 Input: lkkbd - disable pending work before freeing device 5h ago CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path 5h ago CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption 5h ago CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing 5h ago CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption 5h ago CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption 5h ago CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion 5h ago CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages 5h ago CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function 5h ago CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html 5h ago CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html 5h ago CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc 6h ago CVE-2026-35433 .NET Elevation of Privilege Vulnerability 1d ago

Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities 22h ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected devi... Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability 22h ago A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input v... Cisco Webex App Open Redirect Vulnerability 22h ago A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer ... Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability 22h ago A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands.... Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 1d ago A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an un... Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 1d ago May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This ... Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability 2d ago A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists... Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability 5d ago A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local ... Cisco Webex Meetings Cross-Site Scripting Vulnerability 14d ago A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings serv... Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability 14d ago A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery... Cisco Finesse Remote File Inclusion Vulnerability 14d ago Cisco Nexus 3000 and 9000 Series Switches Border Gateway Protocol Denial of Service Vulnerability 28d ago Cisco Secure Workload Unauthorized API Access Vulnerability 28d ago Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability 28d ago Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection Vulnerability 28d ago Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense 29d ago Cisco Catalyst SD-WAN Manager Vulnerabilities 34d ago Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory 34d ago Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities 42d ago Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability 42d ago

CISA Adds One Known Exploited Vulnerability to Catalog 2d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 3d ago CISA Adds One Known Exploited Vulnerability to Catalog 6d ago CISA Adds One Known Exploited Vulnerability to Catalog 7d ago CISA Adds Three Known Exploited Vulnerabilities to Catalog 9d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 10d ago CISA Adds One Known Exploited Vulnerability to Catalog 13d ago CISA Adds One Known Exploited Vulnerability to Catalog 15d ago CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation. CISA Adds Two Known Exploited Vulnerabilities to Catalog 16d ago CISA has added two new vulnerabilities to its KEV Catalog, based on evidence of active exploitation. CISA Adds One Known Exploited Vulnerability to Catalog 17d ago CISA has added one new vulnerability to its KEV Catalog based on evidence of active exploitation. CISA Adds One Known Exploited Vulnerability to Catalog 20d ago Supply Chain Compromises Impact Nx Console and GitHub Repositories 21d ago CISA Adds Three Known Exploited Vulnerabilities to Catalog 22d ago CISA Adds One Known Exploited Vulnerability to Catalog 23d ago CISA Adds One Known Exploited Vulnerability to Catalog 27d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 28d ago CISA Adds Seven Known Exploited Vulnerabilities to Catalog 29d ago CISA Adds One Known Exploited Vulnerability to Catalog 34d ago CISA Adds One Known Exploited Vulnerability to Catalog 35d ago CISA Adds One Known Exploited Vulnerability to Catalog 41d ago

Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP 2d ago Rockwell Automation RSLinx 2d ago Rockwell Automation FLEX I/O EtherNet/IP Adapters 2d ago Rockwell Automation FactoryTalk Analytics PavilionX 2d ago CISA Adds One Known Exploited Vulnerability to Catalog 2d ago Rockwell Automation CompactLogix 2d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 3d ago CISA Adds One Known Exploited Vulnerability to Catalog 6d ago Yarbo Android/iOS Mobile Application and Cloud Infrastructure 7d ago CISA Adds One Known Exploited Vulnerability to Catalog 7d ago Brickcom Cameras 7d ago Naxclow IoT Platform 7d ago CISA Adds Three Known Exploited Vulnerabilities to Catalog 9d ago Siemens KACO Blueplanet Inverters 9d ago Schneider Electric EcoStruxure Panel Server 9d ago Schneider Electric Modicon Network Managed Switches 9d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 10d ago CISA Adds One Known Exploited Vulnerability to Catalog 13d ago Hitachi Energy ITT600 Explorer 14d ago Hitachi Energy MACH HiDraw 14d ago

ZDI-CAN-30796: Docker 49d ago

Defending Against China-Nexus Covert Networks of Compromised Devices 57d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 73d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 194d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and CISA Shares Lessons Learned from an Incident Response Engagement 268d ago Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System 297d ago The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization 323d ago #StopRansomware: Interlock 332d ago Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider 370d ago CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations 393d ago Russian GRU Targeting Western Logistics Entities and Technology Companies 401d ago Executives and network defenders should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and IOCs