A critical use-after-free vulnerability in Exim’s BDAT message body parsing path, allows an unauthenticated network attacker to execute arbitrary code on the underlying mail server.
Read more about Emerging Threat: (CVE-2026-45185) Exim Remote Code Execution via BDAT over GnuTLS
CyCognito Blog
Research
Search the Blog
An authenticated admin RCE vulnerability in Ivanti Endpoint Manager Mobile is being actively exploited in the wild.
Read more about Emerging Threat: CVE-2026-6973, Authenticated Admin RCE in Ivanti Endpoint Manager MobileA critical pre-authentication CRLF injection vulnerability in cPanel and WHM allows unauthenticated remote attackers to inject crafted lines into pre-auth session files and promote themselves to root, granting full administrative control
Read more about Emerging Threat: (CVE-2026-41940) cPanel & WHM Authentication Bypass via CRLF InjectionAn unauthenticated arbitrary file upload vulnerability in the Breeze Cache plugin for WordPress allows attackers to drop a PHP webshell onto the server through the plugin’s Gravatar-fetching function, leading to remote code execution on affected sites.
Read more about Emerging Threat: (CVE-2026-3844) WordPress Breeze Cache Plugin Unauthenticated File UploadA command injection vulnerability in GitHub Enterprise Server’s git push pipeline allows any authenticated user with repository push access to execute arbitrary commands on the underlying instance using a single crafted git push.
Read more about Emerging Threat: (CVE-2026-3854) GitHub Enterprise Server RCE via Git Push InjectionA critical command injection flaw in Cisco ISE and ISE-PIC lets an authenticated administrator run arbitrary commands as root on the appliance.
Read more about Emerging Threat: (CVE-2026-20147) Cisco ISE Remote Code ExecutionA cryptographic signature verification flaw in ASP.NET Core’s Data Protection library lets an unauthenticated attacker forge authentication cookies and other protected payloads, allowing impersonation of privileged users on Linux-hosted applications running Microsoft.AspNetCore.DataProtection 10.0.0 through 10.0.6.
Read more about Emerging Threat: (CVE-2026-40372) ASP.NET Core Privilege Escalation via Signature BypassAn authentication bypass vulnerability in Apache Tomcat and Tomcat Native can allow unauthorized access to CLIENT_CERT-protected resources when OCSP soft-fail is disabled, bypassing the mutual TLS access control that the certificate validation policy was intended to enforce.
Read more about Emerging Threat: (CVE-2026-29145) Apache Tomcat Authentication BypassA denial of service vulnerability in React Server Components allows an unauthenticated remote attacker to send a specially crafted HTTP request that triggers excessive CPU consumption.
Read more about Emerging Threat: (CVE-2026-23869) React Server Components Denial of ServiceTwo critical pre-authentication code injection flaws in Ivanti EMM, exploited as zero-days since before their disclosure.
Read more about Emerging Threat: (CVE-2026-1281 & CVE-2026-1340) Ivanti EPMM Unauthenticated RCE via Code Injection