CVE Vulnerability Alerts

Application Security
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Oracle E-Business Suite CVE-2026-46817 (CVSS 9.8) is under active attack, with honeypots logging crafted XML payloads targeting the /OA_HTML endpoint.
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Apple's iOS 26.2 and macOS Tahoe 26.2 updates patch 30-plus flaws, including four WebKit vulnerabilities co-discovered by OpenAI and Anthropic AI systems.
CVE Vulnerability Alerts
Working Exploit Published for LoadMaster CVE-2026-8037 RCE
watchTowr Labs published a working exploit for CVE-2026-8037, a pre-authentication root RCE in Progress Kemp LoadMaster, weeks after patches were released.
CVE Vulnerability Alerts
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
Attackers exploited SimpleHelp's OIDC authentication bypass CVE-2026-48558 to deploy Djinn Stealer and TaskWeaver within 13 days of initial disclosure.
CVE Vulnerability Alerts
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
CISA updated its KEV entry for CVE-2026-33825 to flag ransomware group exploitation of the Windows Defender privilege escalation flaw, first patched in April.
Application Security
Three Daktronics Controller Flaws Allow Remote Highway Sign Hijack
CISA disclosed three Daktronics LED controller vulnerabilities that give remote attackers root access to highway signs, billboards, and roadside message boards.
Application Security
Gitea CVE-2026-20896 Auth Bypass Exploited via One HTTP Header
An anonymous researcher's 130-plus zero-day dump included Gitea CVE-2026-20896, a Docker default misconfiguration that grants admin access with one HTTP header.
Application Security
Public PoC Drops for Critical libssh2 Flaw CVE-2026-55200
A public PoC exploit for CVE-2026-55200, a CVSS 9.2 out-of-bounds write in libssh2, is live with no fixed tagged release available for curl, Git, and ...
Application Security
Athena Coalition Finds 20,000+ Flaws in 500 Open-Source Projects
The Athena coalition of about 24 companies including Docker, Cisco, and Cloudflare used AI to find 20,000+ vulnerabilities across 500 open-source projects.
CVE Vulnerability Alerts
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
Microsoft confirmed CVE-2026-50656, a zero-day in the Defender Malware Protection Engine allowing SYSTEM-level privilege escalation, is under active exploitation with no patch currently available.