Whats The Hax?

CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass 1d ago CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure 1d ago CVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertion 1d ago CVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflow 1d ago CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service 1d ago CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions 1d ago CVE-2026-30656 1d ago CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow 1d ago CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference 1d ago CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing 1d ago CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file 1d ago CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings 1d ago CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place 1d ago CVE-2026-37555 1d ago CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow 1d ago CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() 2d ago CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write 2d ago CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page 2d ago CVE-2026-41080 2d ago CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions 2d ago

CISA Adds One Known Exploited Vulnerability to Catalog 3d ago CISA Adds One Known Exploited Vulnerability to Catalog 4d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 6d ago CISA Adds Four Known Exploited Vulnerabilities to Catalog 10d ago CISA Adds One Known Exploited Vulnerability to Catalog 11d ago CISA Adds One Known Exploited Vulnerability to Catalog 12d ago ​​Supply Chain Compromise Impacts Axios Node Package Manager​ 14d ago CISA Adds Eight Known Exploited Vulnerabilities to Catalog 14d ago CISA Adds One Known Exploited Vulnerability to Catalog 18d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 20d ago CISA Adds Seven Known Exploited Vulnerabilities to Catalog 21d ago CISA Adds One Known Exploited Vulnerability to Catalog 26d ago CISA Adds One Known Exploited Vulnerability to Catalog 28d ago CISA Adds One Known Exploited Vulnerability to Catalog 32d ago CISA Adds One Known Exploited Vulnerability to Catalog 33d ago CISA Adds One Known Exploited Vulnerability to Catalog 35d ago CISA Adds One Known Exploited Vulnerability to Catalog 38d ago CISA Adds One Known Exploited Vulnerability to Catalog 39d ago CISA Adds One Known Exploited Vulnerability to Catalog 40d ago CISA Adds Five Known Exploited Vulnerabilities to Catalog 45d ago

CISA Adds One Known Exploited Vulnerability to Catalog 3d ago Careful Adoption of Agentic AI Services 3d ago This guidance discusses cybersecurity challenges and risks associated with the introduction of agentic AI into IT environments, as well as best practices for ABB AWIN Gateways 4d ago ABB Ability OPTIMAX 4d ago ABB PCM600 4d ago ABB Edgenius Management Portal 4d ago CISA Adds One Known Exploited Vulnerability to Catalog 4d ago ABB Ability Symphony Plus Engineering 4d ago ABB System 800xA, Symphony Plus IEC 61850 4d ago Adapting Zero Trust Principles to Operational Technology 5d ago This guidance provides a roadmap for organizations to reference as they transition toward a zero trust architecture. NSA GRASSMARLIN 6d ago CISA Adds Two Known Exploited Vulnerabilities to Catalog 6d ago CISA Adds Four Known Exploited Vulnerabilities to Catalog 10d ago SpiceJet Online Booking System 11d ago Carlson Software VASCO-B GNSS Receiver 11d ago Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera 11d ago Milesight Cameras 11d ago Defending Against China-Nexus Covert Networks of Compromised Devices 11d ago Yadea T5 Electric Bicycle 11d ago Intrado 911 Emergency Gateway (EGW) 11d ago

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense 3d ago On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco Secure Firewall Adaptiv... Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities 5d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks on an affec... Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability 9d ago A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability... Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities 11d ago Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more informatio... Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities 11d ago Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to execute arbitrary code or commands on the underlying operating system of an affe... Cisco Catalyst SD-WAN Vulnerabilities 11d ago Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite arbitrary files. For m... Cisco Webex Services Certificate Validation Vulnerability 17d ago A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of imp... Cisco Secure Web Appliance Authentication Bypass Vulnerability 17d ago A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improp... Cisco Identity Services Engine Remote Code Execution Vulnerabilities 18d ago Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit these vulnerabilities, the att... Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability 18d ago A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the u... Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities 18d ago Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability 18d ago Cisco Unity Connection Arbitrary File Download Vulnerabilities 18d ago Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities 18d ago Cisco Webex Contact Center Cross-Site Scripting Vulnerability 18d ago Cisco IOS XE Software Denial of Service Vulnerability 31d ago Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability 32d ago Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability 32d ago Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability 32d ago Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability 32d ago

ZDI-CAN-30796: Docker 4d ago

Defending Against China-Nexus Covert Networks of Compromised Devices 12d ago Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure 28d ago U.S. organizations should review the TTPs and IOCs in this advisory for indications of current or historical activity on their networks, and apply the Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure 149d ago The authoring organizations encourage critical infrastructure organizations to implement the recommendations in this advisory to reduce the likelihood and CISA Shares Lessons Learned from an Incident Response Engagement 223d ago Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System 251d ago The authoring agencies strongly urge network defenders to hunt for malicious activity and to apply the mitigations in this CSA to reduce the threat of Chinese CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization 278d ago #StopRansomware: Interlock 286d ago Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider 325d ago CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations 348d ago Russian GRU Targeting Western Logistics Entities and Technology Companies 356d ago Executives and network defenders should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and IOCs