Public PoC Drops for CVSS 9.8 Android Zero-Click CVE-2026-0073
May 13, 2026
Security group BARGHEST released a public PoC for CVE-2026-0073, a CVSS 9.8 zero-click RCE in Android’s debug bridge daemon affecting
CVE Vulnerability Alerts
Public PoC Drops for CVSS 9.8 Android Zero-Click CVE-2026-0073
Security group BARGHEST released a public PoC for CVE-2026-0073, a CVSS 9.8 zero-click RCE in Android's debug bridge daemon affecting Android 14, 15, and 16.
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
Dell advisory DSA-2026-047 patches a CVSS 9.8 hard-coded credentials flaw in Dell ECS and ObjectScale that grants unauthenticated filesystem access to enterprise storage.
PHP SOAP Extension RCE CVE-2026-6722 Patched Across All Branches
PHP patched CVE-2026-6722, a use-after-free RCE in the SOAP extension, across all active branches (8.2, 8.3, 8.4, 8.5) — exposing any server handling SOAP requests.
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
Microsoft Defender confirmed limited in-the-wild exploitation of Dirty Frag CVE-2026-43284 in Linux, a deterministic LPE chain targeting xfrm-ESP and RxRPC page caches. Patches available for ...
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
cPanel released a second emergency patch in ten days — CVE-2026-29202 and CVE-2026-29203 enable code execution — as Sorry ransomware hits 44,000 servers.
Apache CVE-2026-23918: HTTP/2 Double-Free Enables RCE on Debian
Apache patched CVE-2026-23918 (CVSS 8.8), a double-free in mod_http2 that enables RCE on Debian-default Linux servers. Fix ships in Apache HTTP Server 2.4.67.
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
CVE-2026-7482, dubbed 'Bleeding Llama,' exposes 300,000+ Ollama AI servers to heap memory leaks via a crafted GGUF file. Patch to version 0.17.1 is available.
cPanel and WHM Patch Three CVEs, Two Rated High Severity
cPanel patched two CVSS 8.8 flaws including Perl code execution in WHM, as the 40,000-server CVE-2026-41940 campaign remains active.
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Researchers disclosed 12 critical vulnerabilities in the widely-used vm2 Node.js sandbox library, all enabling sandbox escape and arbitrary code execution on the host system.
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
State-sponsored actors exploited CVE-2026-0300, a critical CVSS 9.3 RCE flaw in PAN-OS, for roughly one month before disclosure. CISA deadline is May 9.
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
May 13, 2026
Dell advisory DSA-2026-047 patches a CVSS 9.8 hard-coded credentials flaw in Dell ECS and ObjectScale that grants unauthenticated filesystem access
PHP SOAP Extension RCE CVE-2026-6722 Patched Across All Branches
May 13, 2026
PHP patched CVE-2026-6722, a use-after-free RCE in the SOAP extension, across all active branches (8.2, 8.3, 8.4, 8.5) — exposing
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
May 12, 2026
Microsoft Defender confirmed limited in-the-wild exploitation of Dirty Frag CVE-2026-43284 in Linux, a deterministic LPE chain targeting xfrm-ESP and RxRPC
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
May 12, 2026
cPanel released a second emergency patch in ten days — CVE-2026-29202 and CVE-2026-29203 enable code execution — as Sorry ransomware
Apache CVE-2026-23918: HTTP/2 Double-Free Enables RCE on Debian
May 12, 2026
Apache patched CVE-2026-23918 (CVSS 8.8), a double-free in mod_http2 that enables RCE on Debian-default Linux servers. Fix ships in Apache
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
May 11, 2026
CVE-2026-7482, dubbed ‘Bleeding Llama,’ exposes 300,000+ Ollama AI servers to heap memory leaks via a crafted GGUF file. Patch to
cPanel and WHM Patch Three CVEs, Two Rated High Severity
May 11, 2026
cPanel patched two CVSS 8.8 flaws including Perl code execution in WHM, as the 40,000-server CVE-2026-41940 campaign remains active.
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
May 8, 2026
Researchers disclosed 12 critical vulnerabilities in the widely-used vm2 Node.js sandbox library, all enabling sandbox escape and arbitrary code execution
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
May 8, 2026
State-sponsored actors exploited CVE-2026-0300, a critical CVSS 9.3 RCE flaw in PAN-OS, for roughly one month before disclosure. CISA deadline
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.