Tag : Vulnerabilities

image_pdfimage_print

Splunk and Zoom this week announced patches for multiple vulnerabilities across their products, including several critical and high-severity security defects. Only three of the five advisories that Splunk published address flaws that are specific to its products, while the other two resolve dozens of bugs in third-party components. The Splunk-specific issues include CVE-2026-20296 (a high-severity ..

Leggi tutto

Nightmare Eclipse, the disgruntled security researcher who has been dropping zero-day exploits targeting Microsoft products, released another unpatched Windows vulnerability this week, right on the July 2026 Patch Tuesday. The fresh exploit, named LegacyHive, is a local privilege escalation bug in the Windows User Profile Service that allows an attacker to load other users’ hives, ..

Leggi tutto

An unpatched vulnerability in Cursor on Windows can be triggered for code execution when a developer opens a repository in the application, Mindgard reports. Cursor is one of the most popular AI-assisted development environments, with more than 7 million active users. The security defect, Mindgard says, is straightforward: when opening a repository, Cursor would automatically ..

Leggi tutto

The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday urged immediate hardening of Microsoft SharePoint servers in light of recently disclosed zero-day vulnerabilities. The freshest of the exploited flaws is CVE-2026-56164, a privilege escalation issue that can be exploited remotely without authentication, and which was resolved with Microsoft’s July 2026 Patch Tuesday updates. On ..

Leggi tutto

Threat actors are exploiting a vulnerability in Gitea’s reverse-proxy authentication mechanism to access internet-accessible instances by supplying only a valid username. Specific to Gitea’s official Docker images, the critical-severity security defect is tracked as CVE-2026-20896 (CVSS score of 9.8) and can be exploited with a single HTTP header, Sysdig Sr. Director of Threat Research Michael ..

Leggi tutto

A newly disclosed Linux kernel vulnerability can be exploited to escape virtual machines (VMs) and execute code on the underlying host, security researchers warn. Tracked as CVE-2026-53359 and referred to as Januscape, the security defect impacts the shadow MMU code in Linux Kernel-based Virtual Machine (KVM) hypervisor. The guest-to-host vulnerability poses a major threat to ..

Leggi tutto