Technical details and proof-of-concept (PoC) code targeting a recent Linux kernel vulnerability that could allow unprivileged processes to gain root privileges on desktops, servers, and Android phones are now public. The security defect, tracked as CVE-2026-46242 (CVSS score of 7.8) and referred to as Bad Epoll, is described as a race-condition use-after-free bug in epoll, ..
Tag : Vulnerabilities
Two critical vulnerabilities in the popular AI code editor Cursor could lead to remote code execution on the underlying operating system, Cato Networks reports. The security defects are tracked as CVE-2026-50548 and CVE-2026-50549 (CVSS score of 9.8) and are referred to as DuneSlide, given that they lead to remote code execution (RCE) outside of the ..
Researchers at Wiz have disclosed a high-severity vulnerability in the Amazon Q Developer extension for Visual Studio Code that could allow attackers to steal developers’ cloud credentials by luring them into opening a booby-trapped code repository. Amazon Q Developer is an AI-powered coding assistant that offers developers features such as code suggestions, automated refactoring, and ..
A vulnerability that can facilitate attacks on operational technology (OT) systems is being exploited in the wild, according to the cybersecurity agency CISA. The vulnerability is tracked as CVE-2025-67038 and it affects Lantronix EDS5000 serial-to-IP device servers, which enable organizations to remotely connect to and manage their serial devices. The flaw can be exploited by ..
GitLab has rolled out Community Edition (CE) and Enterprise Edition (EE) security updates that resolve 13 vulnerabilities, including three high-severity bugs. The most severe is CVE-2026-10086, an XSS flaw in the Analytics dashboard of GitLab EE, rooted in the improper sanitization of user-supplied input. According to GitLab, the security defect could have allowed an authenticated ..
The open source data transfer tool and library curl has been updated this week with patches for 18 vulnerabilities, including one introduced 25 years ago. The flaws, four medium and 14 low-severity, were discovered as part of a community effort after Anthropic’s Mythos discovered a single curl bug in early May. This release resolves the ..
Google on Wednesday rolled out a new Chrome 149 update that resolves 18 vulnerabilities, including four critical and 14 high-severity security defects. More than half of the addressed issues, including three critical and seven high-severity, are use-after-free flaws, a type of memory corruption bug that could lead to remote code execution (RCE). In Chrome, use-after-free ..
Google’s Mandiant team has detailed the exploitation of a Cisco Catalyst SD-WAN vulnerability that was exploited as a zero-day months prior to its disclosure. The vulnerability, tracked as CVE-2026-20245, is the 7th Cisco SD-WAN product flaw whose exploitation came to light in 2026. CVE-2026-20245 affects the CLI of Cisco Catalyst SD-WAN Manager and allows an ..
Remediation priority (vulnerability triaging) traditionally focuses on Software Bill of Materials (SBOMs) and Vulnerability Exploitability eXchange (VEX) statements provided with the software and supplemented by CVSS scores. That is not enough in today’s environment. SBOMs list the components within the software. They emanated from Executive Order 14028 designed to reduce supply chain attacks. VEX statements ..
Threat actors have been targeting three critical-severity vulnerabilities in Ubiquiti devices, the US cybersecurity agency CISA warns. The exploited flaws, tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, with a CVSS score of 10/10, were patched last month. CVE-2026-34908 is described as an improper access control issue that could allow remote attackers to make unauthorized changes to ..


