Your source for exposure management research, product news, and security insights.
A critical authentication bypass in the peering handshake of Cisco Catalyst SD-WAN Controller and Manager lets an unauthenticated remote attacker and issue arbitrary NETCONF commands.
Read more about Emerging Threat: (CVE-2026-20182) Cisco Catalyst SD-WAN Authentication BypassA heap buffer overflow in NGINX’s rewrite module lets an unauthenticated attacker crash worker processes with a single crafted HTTP request, and on hosts with ASLR disabled can be leveraged for remote code execution.
Read more about Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite ModuleA cross-site scripting vulnerability in Microsoft Exchange Server’s Outlook Web Access lets an unauthenticated attacker execute arbitrary JavaScript in a victim’s browser session by sending a specially crafted email, and is already being exploited in the wild.
Read more about Emerging Threat: (CVE-2026-42897) Microsoft Exchange OWA Cross-Site Scripting via Crafted EmailA critical use-after-free vulnerability in Exim’s BDAT message body parsing path, allows an unauthenticated network attacker to execute arbitrary code on the underlying mail server.
Read more about Emerging Threat: (CVE-2026-45185) Exim Remote Code Execution via BDAT over GnuTLSAn authenticated admin RCE vulnerability in Ivanti Endpoint Manager Mobile is being actively exploited in the wild.
Read more about Emerging Threat: CVE-2026-6973, Authenticated Admin RCE in Ivanti Endpoint Manager MobileStar Wars as a security case study: the Empire’s real failure wasn’t missing the exhaust port, it was never testing whether it mattered.
Read more about The Force Awakens Your Attack SurfaceA critical pre-authentication CRLF injection vulnerability in cPanel and WHM allows unauthenticated remote attackers to inject crafted lines into pre-auth session files and promote themselves to root, granting full administrative control
Read more about Emerging Threat: (CVE-2026-41940) cPanel & WHM Authentication Bypass via CRLF InjectionAn unauthenticated arbitrary file upload vulnerability in the Breeze Cache plugin for WordPress allows attackers to drop a PHP webshell onto the server through the plugin’s Gravatar-fetching function, leading to remote code execution on affected sites.
Read more about Emerging Threat: (CVE-2026-3844) WordPress Breeze Cache Plugin Unauthenticated File UploadA command injection vulnerability in GitHub Enterprise Server’s git push pipeline allows any authenticated user with repository push access to execute arbitrary commands on the underlying instance using a single crafted git push.
Read more about Emerging Threat: (CVE-2026-3854) GitHub Enterprise Server RCE via Git Push InjectionA critical command injection flaw in Cisco ISE and ISE-PIC lets an authenticated administrator run arbitrary commands as root on the appliance.
Read more about Emerging Threat: (CVE-2026-20147) Cisco ISE Remote Code Execution
