An improper authentication vulnerability in Azure Resource Manager (ARM), tracked as CVE-2026-47280, allows an unauthorised attacker to elevate privileges over a network. The vulnerability carries … Read More
Multiple critical vulnerabilities have been disclosed in Acer Connect M6E 5G router firmware, including unauthenticated remote code execution, authentication bypass, hardcoded credentials, and cleartext logging … Read More
A privilege escalation vulnerability in the OpenShift Cloud Credential Operator (CCO), tracked as CVE-2026-10843, provisions AWS IAM policies with account-wide scope for destructive actions rather … Read More
A path traversal vulnerability in OpenStack Ironic, the bare metal provisioning service, tracked as CVE-2026-48681, allows an attacker to overwrite arbitrary files during deployment by … Read More
A supply chain attack targeting the npm ecosystem has compromised dozens of packages across multiple maintainer accounts, using the binding.gyp package — a core build … Read More
An unauthenticated remote code execution vulnerability in Seagull Scientific BarTender, tracked as CVE-2026-25550, allows attackers to execute arbitrary commands on affected systems via the exposed … Read More
An improper authorization vulnerability in Microsoft Exchange Online, tracked as CVE-2026-48579, allows an unauthorised attacker to disclose information over a network. The vulnerability carries a … Read More
A maximum-severity authentication bypass vulnerability in Azure HorizonDB, tracked as CVE-2026-48567, allows an unauthenticated attacker to elevate privileges over a network. The vulnerability carries a … Read More
A critical vulnerability in Cisco SD-WAN Manager, tracked as CVE-2026-20245, allows attackers to execute arbitrary commands as root on affected instances. Cisco has confirmed active … Read More
A zero-day privilege escalation vulnerability in the Windows Cloud Filter driver (cldflt.sys), tracked as CVE-2026-33825 and dubbed “MiniPlasma,” allows any local user or application to … Read More
