A hardcoded credentials flaw in Apache Solr’s Basic Authentication setup tool silently installs undocumented admin accounts with default passwords, giving remote attackers full control of affected SolrCloud clusters.
Read more about Emerging Threat: (CVE-2026-44825) Apache Solr Administrative Takeover via Hardcoded Credentials
CyCognito Blog
Emerging Threats
Search the Blog
IBM has disclosed three critical flaws in WebSphere Application Server 8.5 and 9.0, including identity spoofing and two remote code execution paths that let unauthenticated attackers impersonate users or run code.
Read more about Emerging Threats: (CVE-2026-8644, CVE-2026-9311, CVE-2026-9319) IBM WebSphere Application Server Identity Spoofing and RCEAn authentication bypass flaw in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS lets a remote attacker forge override cookies and establish an unauthorized VPN connection.
Read more about Emerging Threat: (CVE-2026-0257) PAN-OS GlobalProtect Authentication Bypass via Forged Override CookiesSample of assets impacted by NGINX nginx-poolslip vulnerability, identified by the CyCognito Platform What is CVE-2026-9256? CVE-2026-9256, publicly nicknamed “nginx-poolslip,” is a heap buffer overflow in the ngx_http_rewrite_module component of NGINX Plus and NGINX Open Source. The flaw is triggered when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. Under these conditions, NGINX underestimates the length of the output after URI escaping, producing an out-of-bounds write inside the worker process memory pool. The…
Read more about Emerging Threat: (CVE-2026-9256) NGINX Heap Buffer Overflow via Rewrite ModuleA critical arbitrary file write vulnerability in Grafana’s SQL expressions feature can be chained with a Grafana Enterprise plugin to achieve full remote code execution on the underlying host.
Read more about Emerging Threat: (CVE-2026-48172) LiteSpeed cPanel Plugin Privilege Escalation to RootAn unauthenticated SQL injection in Drupal core’s database abstraction API lets a remote attacker execute arbitrary SQL against PostgreSQL-backed sites, with a path to full database compromise and, in elevated configurations, remote code execution on the underlying host.
Read more about Emerging Threat: (CVE-2026-9082) Drupal Core SQL Injection on PostgreSQLA critical authentication bypass in the peering handshake of Cisco Catalyst SD-WAN Controller and Manager lets an unauthenticated remote attacker and issue arbitrary NETCONF commands.
Read more about Emerging Threat: (CVE-2026-20182) Cisco Catalyst SD-WAN Authentication BypassA heap buffer overflow in NGINX’s rewrite module lets an unauthenticated attacker crash worker processes with a single crafted HTTP request, and on hosts with ASLR disabled can be leveraged for remote code execution.
Read more about Emerging Threat: (CVE-2026-42945) NGINX Rift Heap Overflow in Rewrite ModuleA cross-site scripting vulnerability in Microsoft Exchange Server’s Outlook Web Access lets an unauthenticated attacker execute arbitrary JavaScript in a victim’s browser session by sending a specially crafted email, and is already being exploited in the wild.
Read more about Emerging Threat: (CVE-2026-42897) Microsoft Exchange OWA Cross-Site Scripting via Crafted EmailA critical use-after-free vulnerability in Exim’s BDAT message body parsing path, allows an unauthenticated network attacker to execute arbitrary code on the underlying mail server.
Read more about Emerging Threat: (CVE-2026-45185) Exim Remote Code Execution via BDAT over GnuTLS