An authentication bypass flaw in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS lets a remote attacker forge override cookies and establish an unauthorized VPN connection.
Read more about Emerging Threat: (CVE-2026-0257) PAN-OS GlobalProtect Authentication Bypass via Forged Override CookiesSample of assets impacted by NGINX nginx-poolslip vulnerability, identified by the CyCognito Platform What is CVE-2026-9256? CVE-2026-9256, publicly nicknamed “nginx-poolslip,” is a heap buffer overflow in the ngx_http_rewrite_module component of NGINX Plus and NGINX Open Source. The flaw is triggered when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. Under these conditions, NGINX underestimates the length of the output after URI escaping, producing an out-of-bounds write inside the worker process memory pool. The…
Read more about Emerging Threat: (CVE-2026-9256) NGINX Heap Buffer Overflow via Rewrite ModuleA critical arbitrary file write vulnerability in Grafana’s SQL expressions feature can be chained with a Grafana Enterprise plugin to achieve full remote code execution on the underlying host.
Read more about Emerging Threat: (CVE-2026-48172) LiteSpeed cPanel Plugin Privilege Escalation to RootAn unauthenticated SQL injection in Drupal core’s database abstraction API lets a remote attacker execute arbitrary SQL against PostgreSQL-backed sites, with a path to full database compromise and, in elevated configurations, remote code execution on the underlying host.
Read more about Emerging Threat: (CVE-2026-9082) Drupal Core SQL Injection on PostgreSQLA critical authentication bypass in the peering handshake of Cisco Catalyst SD-WAN Controller and Manager lets an unauthenticated remote attacker and issue arbitrary NETCONF commands.
Read more about Emerging Threat: (CVE-2026-20182) Cisco Catalyst SD-WAN Authentication BypassA heap buffer overflow in NGINX’s rewrite module lets an unauthenticated attacker crash worker processes with a single crafted HTTP request, and on hosts with ASLR disabled can be leveraged for remote code execution.
Read more about Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite ModuleA cross-site scripting vulnerability in Microsoft Exchange Server’s Outlook Web Access lets an unauthenticated attacker execute arbitrary JavaScript in a victim’s browser session by sending a specially crafted email, and is already being exploited in the wild.
Read more about Emerging Threat: (CVE-2026-42897) Microsoft Exchange OWA Cross-Site Scripting via Crafted EmailA critical use-after-free vulnerability in Exim’s BDAT message body parsing path, allows an unauthenticated network attacker to execute arbitrary code on the underlying mail server.
Read more about Emerging Threat: (CVE-2026-45185) Exim Remote Code Execution via BDAT over GnuTLSAn authenticated admin RCE vulnerability in Ivanti Endpoint Manager Mobile is being actively exploited in the wild.
Read more about Emerging Threat: CVE-2026-6973, Authenticated Admin RCE in Ivanti Endpoint Manager MobileA critical pre-authentication CRLF injection vulnerability in cPanel and WHM allows unauthenticated remote attackers to inject crafted lines into pre-auth session files and promote themselves to root, granting full administrative control
Read more about Emerging Threat: (CVE-2026-41940) cPanel & WHM Authentication Bypass via CRLF Injection