Skip to content
feed: live
>_ 0dayNews

0dayNews — Vulnerability & Exploit News

$ kev-tracker --recent

Known Exploited Vulnerabilities

full tracker →
CVE-2026-25089
[ CRITICAL ] CVSS 9.8 kev

Fortinet FortiSandbox unauthenticated OS command injection (4.2, 4.4, 5.0, Cloud, PaaS)

An unauthenticated OS command injection across FortiSandbox 4.2, 4.4, 5.0, plus FortiSandbox Cloud and PaaS 5.0 lets a network attacker run arbitrary commands via crafted HTTP requests. CVSS 9.8; CISA-listed KEV.

Fortinet / FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS (multiple 4.x and 5.0 lines — see body)
CVE-2026-46817
[ CRITICAL ] CVSS 9.8 kev

Oracle E-Business Suite Payments improper privilege management (unauth RCE)

A critical improper-privilege-management flaw in the Oracle Payments component of Oracle E-Business Suite (File Transmission) that lets an unauthenticated network attacker take over Oracle Payments. Patched in Oracle's May 2026 Critical Patch Update; added to CISA KEV on July 15, 2026.

Oracle / E-Business Suite — Oracle Payments (versions 12.2.3–12.2.15)
CVE-2026-15409
[ CRITICAL ] CVSS 10.0 kev

SonicWall SMA1000 unauthenticated SSRF in Work Place portal

An unauthenticated server-side request forgery in the SonicWall SMA1000 Work Place web interface lets a remote attacker force the appliance to make requests to attacker-chosen destinations. Actively exploited; on CISA KEV.

SonicWall / SMA1000 Series (6210, 7210, 8200v)
CVE-2026-15410
[ HIGH ] CVSS 7.2 kev

SonicWall SMA1000 post-authentication OS command injection

A post-authentication OS command injection in the SonicWall SMA1000 lets an administrator execute arbitrary OS commands on the appliance. Actively exploited alongside CVE-2026-15409; on CISA KEV.

SonicWall / SMA1000 Series (6210, 7210, 8200v)
CVE-2026-56155
[ HIGH ] CVSS 7.8 kev

AD FS elevation of privilege — insufficient access-control granularity

Active Directory Federation Services access-control granularity flaw lets an authorized attacker escalate privileges locally. Exploited in the wild; added to CISA KEV 2026-07-14.

Microsoft / Active Directory Federation Services (AD FS) — see MSRC advisory for affected builds
CVE-2026-56164
[ MEDIUM ] CVSS 5.3 kev

SharePoint Server elevation of privilege — missing authentication for critical function

SharePoint Server ships a critical function that's reachable without authentication, letting an unauthenticated attacker escalate over a network. Exploited in the wild; added to CISA KEV 2026-07-14.

Microsoft / Microsoft SharePoint Server (see MSRC advisory for affected builds)
$ latest --more

From the desk

all articles →
~/articles/2026-07-18-okta-hollowbyte-openssl-dos-june-silent-fix
HollowByte: 11-byte OpenSSL DoS, no CVE, silent June fix
threat intel

HollowByte: 11-byte OpenSSL DoS, no CVE, silent June fix

Okta's Red Team named 'HollowByte' — an OpenSSL DoS where 11 bytes of TLS pull 131 KB of process memory per shot. OpenSSL patched it in June with no CVE.

read →
~/articles/2026-07-18-wordpress-core-cve-2026-63030-wp2shell-rce-poc-public
WordPress Core RCE (wp2shell): CVE-2026-63030, PoC public
● Breaking
wordpress

WordPress Core RCE (wp2shell): CVE-2026-63030, PoC public

A critical unauthenticated remote code execution flaw in WordPress Core got a CVE, a GitHub advisory, and a working public PoC on July 17, 2026.

read →
~/articles/2026-07-18-choi-lee-seoul-uiuc-adi-agent-data-injection-web-coding-agents
Agent Data Injection: The Bug Under Every AI Agent
Analysis
threat intel

Agent Data Injection: The Bug Under Every AI Agent

Seoul National / UIUC / Largosoft research shows web and coding agents get steered by planted content in the pages, comments, and reviews they consume. Fix the trust boundary, not the model.

read →
~/articles/2026-07-17-ec-google-android-qaap-mic-cam-screen-hotword-rival-ai
EU order opens Android mic, cam, screen to rival AI agents
● Breaking
google

EU order opens Android mic, cam, screen to rival AI agents

EC ordered Google to open Android's mic, camera, screen, and always-on hotword to rival AI assistants — mandatory in Android 18 by 1 August 2027.

read →
~/articles/2026-07-17-flare-2889-underground-posts-clean-residential-proxies-post-netnut
Flare finds carders still hunting clean IPs post-NetNut
Analysis
threat intel

Flare finds carders still hunting clean IPs post-NetNut

Flare's read of 2,889 underground posts finds carders scrambling for 'clean' residential IPs two weeks after the FBI's NetNut seizure disrupted supply.

read →
~/articles/2026-07-17-ernst-young-third-party-support-ticket-breach-mar-apr-window
EY discloses breach via third-party IT ticket system
● Breaking
threat intel

EY discloses breach via third-party IT ticket system

Ernst & Young says an unauthorized party accessed a third-party support ticket platform used by its IT staff between March 28 and April 12. Detection followed on April 23; disclosure landed July 17.

read →