Guardians of the Enterprise — Insights from leading cyber experts.

Listen Now →

Security Bulletin

75 articles

← All Articles
<em>CVE-2026-48282</em>: ColdFusion RDS Vulnerability Actively Exploited

CVE-2026-48282: ColdFusion RDS Vulnerability Actively Exploited

CVE-2026-48282 is a critical ColdFusion RDS path traversal vulnerability under active exploitation. Learn the risks, IOCs, and how…

CVE-2026-33017: Langflow RCE Deploys Monero Miners on AI Servers

CVE-2026-33017: Langflow RCE Deploys Monero Miners on AI Servers

Langflow CVE-2026-33017 is under active exploitation. Attackers deploy Monero miners via unauthenticated RCE. Get IOCs, patch steps, and…

CVE-2026-46817: Oracle EBS Payments Vulnerability Under Active Exploitation

CVE-2026-46817: Oracle EBS Payments Vulnerability Under Active Exploitation

Oracle E-Business Suite (EBS) sits at the center of finance, procurement, and payment operations for many large enterprises.…

<em>CVE-2026-42271</em>: Unauthenticated RCE in <em>LiteLLM </em>AI Gateway

CVE-2026-42271: Unauthenticated RCE in LiteLLM AI Gateway

CVE-2026-42271 enables unauthenticated RCE in LiteLLM when chained with CVE-2026-48710. Learn wha is at risk and how to…

<em>CVE-2026-35273</em>: Active Exploitation of<em> Oracle PeopleSoft Zero-Day </em>Vulnerability

CVE-2026-35273: Active Exploitation of Oracle PeopleSoft Zero-Day Vulnerability

Oracle has disclosed CVE-2026-35273, a critical vulnerability in PeopleSoft Enterprise PeopleTools that has already been exploited by threat…

<em>CVE-2026-45247</em>: Critical RCE Vulnerability in <em>Mirasvit Cache Warmer</em>

CVE-2026-45247: Critical RCE Vulnerability in Mirasvit Cache Warmer

CVE-2026-45247 is a critical PHP deserialization vulnerability in Mirasvit Cache Warmer allowing unauthenticated RCE. Learn the impact and…

NGINX Under Active Attack: <em>CVE-2026-42945</em> and <em>CVE-2026-9256</em> Put Your Infrastructure at Risk

NGINX Under Active Attack: CVE-2026-42945 and CVE-2026-9256 Put Your Infrastructure at Risk

Two critical NGINX heap buffer overflows are under active exploitation. Learn what's at risk, affected versions, and fixes…

CVE-2026-9082: Critical <em>Drupal SQL Injection Vulnerability</em> Affects PostgreSQL Deployments

CVE-2026-9082: Critical Drupal SQL Injection Vulnerability Affects PostgreSQL Deployments

A critical SQLi vulnerability in Drupal core is actively exploited. Find out which versions are affected, what's at…

CVE-2026-44575: <em>Middleware Authorization Bypass</em> in Next.js App Router

CVE-2026-44575: Middleware Authorization Bypass in Next.js App Router

CVE-2026-44575 lets attackers bypass Next.js middleware via .rsc and segment-prefetch requests. Learn exploit steps, fixes and AppTrana coverage.

<em>Bleeding Llama</em> (CVE-2026-7482): Critical Unauthenticated Memory Leak in Ollama

Bleeding Llama (CVE-2026-7482): Critical Unauthenticated Memory Leak in Ollama

Critical Ollama flaw CVE-2026-7482 exposes 300K servers, letting attackers leak API keys, prompts, and credentials through just three…

CVE-2026-23918: <em>Apache HTTP/2 Double-Free Vulnerability</em> with Possible RCE

CVE-2026-23918: Apache HTTP/2 Double-Free Vulnerability with Possible RCE

CVE-2026-23918 is a high-severity Apache HTTP/2 double-free flaw affecting version 2.4.66. Learn the root cause, who's at risk,…

CVE-2026-41940: <em>Zero-Day Authentication Bypass</em> in cPanel & WHM

CVE-2026-41940: Zero-Day Authentication Bypass in cPanel & WHM

A critical zero-day vulnerability in cPanel & WHM is giving attackers unauthenticated root-level access to servers managing over…