24h | 7d | 30d

CVE-2026-9256

Overview

  • F5
  • NGINX Plus
22 May 2026
Published
23 May 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.15%
KEV

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 5 Posts
  • 34 Interactions
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Eashwar @e_nomem

@jerry Looks like there was a new release of nginx earlier today to address the unpatched RCE (CVE-2026-9256)

  • 9
  • 9
  • 0
  • 13h ago
Profile picture fallback
Jan Schaumann @jschauma

The previous announced sibling vulnerability to "nginx rift" has been fixed by F5 and has been assigned CVE-2026-9256):

my.f5.com/manage/s/article/K00

This was previously called "nginx-poolslip" (nitter.net/nebusecurity/status) and is a DoS with possible RCE ("if the attacker can bypass ASLR" - not sure how?), using a similar regex capture vector.

Wouldn't be surprised if this is the new norm: one vuln lands, everybody points their AI at that attack vector and discovers sibling vulns.

  • 5
  • 7
  • 0
  • 19h ago
Profile picture fallback
cR0w @cR0w

Another vuln in NGINX rewriting. Looks pretty similar to the last one. Requires ASLR bypass or disabled for RCE.

my.f5.com/manage/s/article/K00

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, /((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. (CVE-2026-9256)

  • 3
  • 1
  • 0
  • 23h ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
CVE-2026-9256 - "nginx-poolslip", another new vulnerability in the rewrite module
  • 0
  • 0
  • 1
  • 23h ago

CVE-2026-48172

Overview

  • LiteSpeed Technologies
  • cPanel Plugin
  • WHM Plugin/cPanel Plugin
21 May 2026
Published
22 May 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
0.02%
KEV

Description

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features. The recommended minimum version is 2.4.7.

Statistics

  • 6 Posts
  • 5 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture fallback
N_{Dario Fadda} @nuke

LiteSpeed cPanel Plugin Zero-Day (CVE-2026-48172) Actively Exploited to Gain Server Root Access
#CyberSecurity
securebulletin.com/litespeed-c

  • 5
  • 0
  • 0
  • 12h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical 0-Day Alert: LiteSpeed cPanel Plugin Flaw (CVE-2026-48172) Actively Exploited for Full Root Access – Patch or Perish + Video Introduction A critical privilege escalation vulnerability, designated CVE-2026-48172 and carrying a maximum CVSS score of 10.0, is being actively exploited in the…
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
LiteSpeed LiteSpeed User-End cPanel Plugin CVE-2026-48172 enables arbitrary root script execution and is actively exploited; upgrade or uninstall to remediate.
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Cyber Threat Feeds @montxt.bsky.social
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root https://thehackernews.com/2026/05/litespeed-cpanel-plugin-cve-2026-48172.html
  • 0
  • 0
  • 1
  • 10h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
LiteSpeed cPanel Plugin CVE-2026-48172 is a critical flaw (CVSS 10.0) actively exploited to run scripts as root via lsws.redisAble in versions 2.3-2.4.4. Update or remove the plugin. #CVE202648172 #LiteSpeed #cPanel
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-9082

Overview

  • Drupal
  • Drupal core
20 May 2026
Published
23 May 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
12.57%
KEV

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.

Statistics

  • 5 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture fallback
Yrjänä Rankka 🌻 @ghard

@apz LOL very timely, just on that note, say hello to CVE-2026-9082
Not that I would trust Drupal or any other modern or ancient CMS any longer than I could throw it.

  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
CyberNetsecIO @netsecio

📰 Critical Unauthenticated SQLi Flaw in Drupal Core Hits PostgreSQL Sites

🚨 CRITICAL vulnerability in Drupal Core (CVE-2026-9082)! Unauthenticated SQL injection affects sites using PostgreSQL, allowing for potential RCE. Patch immediately! #Drupal #CyberSecurity #SQLi #Vulnerability

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/cr

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
boredchilada @boredchilada.bsky.social
~Cisa~ CISA added actively exploited Drupal Core SQL injection flaw (CVE-2026-9082) to the KEV catalog. - IOCs: CVE-2026-9082 - #CVE20269082 #Drupal #ThreatIntel
  • 0
  • 1
  • 0
  • 22h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
CISA added CVE-2026-9082, a Drupal Core SQL injection flaw, to KEV due to active exploitation evidence, urging rapid patching across supported versions.
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
CISA added CVE-2026-9082, a critical Drupal Core SQL injection flaw, to its KEV catalog after active exploitation. Imperva saw 15,000+ attacks across 65 countries. #DrupalCore #CISA #Global
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-46333

Overview

  • Linux
  • Linux
15 May 2026
Published
23 May 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.01%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an associated mm. And almost all users do in fact use it only for the case where the task has a mm pointer. But we have one odd special case: ptrace_may_access() uses 'dumpable' to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It's not what this flag was designed for, but it is what it is. The ptrace code does check that the uid/gid matches, so you do have to be uid-0 to see kernel thread details, but this means that the traditional "drop capabilities" model doesn't make any difference for this all. Make it all make a *bit* more sense by saying that if you don't have a MM pointer, we'll use a cached "last dumpability" flag if the thread ever had a MM (it will be zero for kernel threads since it is never set), and require a proper CAP_SYS_PTRACE capability to override.

Statistics

  • 4 Posts
  • 3 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
Ruarí Ødegaard @ruario

Linux fans, please tell me you have updated your machine for "CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path", right… right!?

  • 1
  • 0
  • 0
  • 2h ago
Profile picture fallback
Bas @beyondexcess

@ruario No, because Ubuntu doesn't have updates yet... ubuntu.com/security/CVE-2026-4

  • 0
  • 1
  • 0
  • 2h ago

Bluesky

Profile picture fallback
Tech-News @technology-news.bsky.social
CVE-2026-46333 is a nine-year Linux kernel improper privilege management flaw introduced in November 2016 with a CVSS score of 5.5.
  • 0
  • 1
  • 0
  • 13h ago
Profile picture fallback
Celestia @ly2314.bsky.social
CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path | Qualys blog.qualys.com/vulnerabilit...
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-42945

Overview

  • F5
  • NGINX Plus
13 May 2026
Published
21 May 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
1.00%
KEV

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 3 hours ago

Fediverse

Profile picture fallback
NOC Evolix / AS197696 @EvolixNOC

La faille CVE-2026-42945 nom de code « Nginx Rift » (note CVSS 9.2) a désormais sa page dédiée : depthfirst.com/nginx-rift
Les paquets pour Debian 13/12/11 sont bien disponibles depuis quelques jours security-tracker.debian.org/tr (les paquets ELS devraient arriver prochainement) #nginxrift

  • 1
  • 0
  • 0
  • 3h ago
Profile picture fallback
geeknik @geeknik

NGINX Rift (CVE-2026-42945): unauthenticated heap overflow triggered by unnamed PCRE captures plus a "?" in rewrite rules. Grep your configs tonight. DoS is trivial, RCE is hard but not theoretical. Akamai conveniently sells the bandage.
akamai.com/blog/security-resea

  • 0
  • 0
  • 1
  • 15h ago

CVE-2026-31431

Overview

  • Linux
  • Linux
22 Apr 2026
Published
18 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
2.42%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Statistics

  • 3 Posts
  • 5 Interactions
Last activity: 17 hours ago

Bluesky

Profile picture fallback
AlmaLinux @almalinux.org
🚨 Local privilege escalation via Copy Fail? Not on our watch. AlmaLinux 8, 9, and 10 patches are live, ahead of upstream. Go update your systems! https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/?utm_medium=social&utm_source=bluesky
  • 0
  • 5
  • 1
  • 22h ago
Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.com
🐧 ¿Cómo funciona ' #CopyFail'? El #exploit de 732 bytes que otorga acceso #Root en Linux (CVE-2026-31431) (+MITIGACIÓN) www.newstecnicas.com/2026/04/copy...
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-41104

Overview

  • Microsoft
  • Microsoft Planetary Computer Pro (GeoCatalog)
22 May 2026
Published
22 May 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.28%
KEV

Description

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 5 hours ago

Fediverse

Profile picture fallback
nyanbinary @nyanbinary

@cR0w fr tho, I am somewhat torn on *aaS CVEs in general. Like, where is the line between CVE-2026-41104 in Microsoft Planetary Computer Pro and our local Kebab Shops website having an XSS? I can tell you the latter is rather critical infrastructure for our Security Department, I am sure someone out there also relies on the former :neobot_giggle: .

Like, there is a line, but I cant put my thumb on it

  • 0
  • 1
  • 0
  • 5h ago
Profile picture fallback
OffSequence @offseq

🛡️ CRITICAL: CVE-2026-41104 in Microsoft Planetary Computer Pro (GeoCatalog) enables remote, unauthenticated info disclosure via insecure deserialization. Patch now — official fix available. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 1
  • 17h ago

CVE-2026-41091

Overview

  • Microsoft
  • Microsoft Malware Protection Engine
20 May 2026
Published
22 May 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
5.22%
KEV

Description

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CyberNetsecIO @netsecio

📰 Warning: Microsoft Defender Flaws Actively Exploited to Gain SYSTEM Privileges

⚠️ ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/mi

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Tech-News @technology-news.bsky.social
Active Defender exploits hit CVE-2026-41091 and CVE-2026-45498; June 3 fixes reduce SYSTEM and DoS risk.
  • 0
  • 1
  • 0
  • 13h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
PATCH NOW: Microsoft Defender Zero-Days (CVSS 78) Exploited in Wild — CISA Issues Urgent Warning + Video Introduction Microsoft has disclosed two zero-day vulnerabilities in Microsoft Defender that are being actively exploited in the wild. Tracked as CVE-2026-41091 (CVSS 7.8) and CVE-2026-45498…
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-45498

Overview

  • Microsoft
  • Microsoft Defender Antimalware Platform
20 May 2026
Published
22 May 2026
Updated
CVSS v3.1
MEDIUM (4.0)
EPSS
3.72%
KEV

Description

Microsoft Defender Denial of Service Vulnerability

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture fallback
CyberNetsecIO @netsecio

📰 Warning: Microsoft Defender Flaws Actively Exploited to Gain SYSTEM Privileges

⚠️ ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/mi

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Tech-News @technology-news.bsky.social
Active Defender exploits hit CVE-2026-41091 and CVE-2026-45498; June 3 fixes reduce SYSTEM and DoS risk.
  • 0
  • 1
  • 0
  • 13h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
PATCH NOW: Microsoft Defender Zero-Days (CVSS 78) Exploited in Wild — CISA Issues Urgent Warning + Video Introduction Microsoft has disclosed two zero-day vulnerabilities in Microsoft Defender that are being actively exploited in the wild. Tracked as CVE-2026-41091 (CVSS 7.8) and CVE-2026-45498…
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-41940

Overview

  • WebPros
  • cPanel
29 Apr 2026
Published
06 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
84.37%
KEV

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Capstone Technologies Group @CapTechGroup

Metasploit's latest release includes working exploits for CVE-2023-7102 (Barracuda RCE), CVE-2026-20182 (Cisco SD-WAN auth bypass), CVE-2026-41940 (cPanel root escalation), and CVE-2026-24479 (HUSTOJ zip-slip)....

captechgroup.com/about-us/thre

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.com
🟢 Cómo solucionar la vulnerabilidad CVE-2026-41940 en cPanel/WHM: Parche de seguridad urgente para acceso root www.newstecnicas.com/2026/05/solu...
  • 0
  • 0
  • 0
  • 17h ago
Showing 1 to 10 of 48 CVEs