Skip to content
feed: live about
>_ 0dayNews

0dayNews — Vulnerability & Exploit News

$ kev-tracker --recent

Known Exploited Vulnerabilities

full tracker →
CVE-2026-45659
[ HIGH ] CVSS 8.8 kev

Microsoft SharePoint Server deserialization remote code execution

A high-severity deserialization-of-untrusted-data flaw in on-premises Microsoft SharePoint Server that leads to remote code execution. Patched by Microsoft in the May 2026 security update; added to the CISA Known Exploited Vulnerabilities catalog on July 2, 2026 after confirmed exploitation in the wild.

Microsoft / SharePoint Server (on-premises)
CVE-2026-33825
[ HIGH ] CVSS 7.8 kev

Microsoft Defender Antimalware Platform Local Privilege Escalation (BlueHammer)

A local privilege escalation flaw in Microsoft Defender Antimalware Platform caused by insufficient access-control granularity. An authorized local attacker can elevate privileges. Patched in April 2026 Patch Tuesday, added to the CISA KEV catalog on 2026-04-22, and confirmed by CISA in July 2026 as weaponized in ransomware attacks. Disclosed as a zero-day by researcher "Chaotic Eclipse" (aka Nightmare-Eclipse) alongside two sibling flaws — RedSun and UnDefend — as a protest of Microsoft's disclosure coordination.

Microsoft / Defender Antimalware Platform (versions 4.0.0.0 through before 4.18.26030.3011)
CVE-2024-3400
[ CRITICAL ] CVSS 10.0 kev

Palo Alto Networks PAN-OS GlobalProtect Command Injection Zero-Day

A command-injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS allows an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Exploited in the wild as a zero-day before a patch was available.

Palo Alto Networks / PAN-OS (GlobalProtect gateway/portal)
CVE-2023-46805
[ HIGH ] CVSS 8.2 kev

Ivanti Connect Secure / Policy Secure Authentication Bypass

An authentication-bypass vulnerability in the web component of Ivanti Connect Secure and Policy Secure gateways allows a remote attacker to access restricted resources without credentials. Chained with CVE-2024-21887 for full remote code execution in real-world attacks.

Ivanti / Connect Secure and Policy Secure
CVE-2024-21887
[ CRITICAL ] CVSS 9.1 kev

Ivanti Connect Secure / Policy Secure Command Injection

A command-injection vulnerability in the web components of Ivanti Connect Secure and Policy Secure lets an authenticated administrator send specially crafted requests to execute arbitrary commands. Chained with CVE-2023-46805's auth bypass for unauthenticated RCE in the wild.

Ivanti / Connect Secure and Policy Secure
CVE-2023-20198
[ CRITICAL ] CVSS 10.0 kev

Cisco IOS XE Web UI Privilege Escalation Zero-Day

A privilege-escalation vulnerability in the Web UI feature of Cisco IOS XE Software allows a remote, unauthenticated attacker to create an account with privilege level 15 (full admin) access, enabling full device takeover. Exploited at mass scale against tens of thousands of devices.

Cisco / IOS XE Software
$ latest --more

From the desk

all articles →
~/articles/2026-07-06-opera-gx-mods-auto-install-flaw-patched
browser

Opera GX patches auto-install mods flaw — update to 130.0.5847.89

Opera fixed a flaw that let a malicious website force-install a GX Mod and use CSS injection to lift data from pages you visited. Patched; no CVE; no in-wild exploitation reported.

read →
~/articles/2026-07-06-skillcloak-scanners-miss-agent-skill-malware-hkust
supply chain

SkillCloak paper: static scanners miss 90%+ of agent skill malware

HKUST researchers show static scanners for AI agent skill marketplaces miss over 90% of malware repackaged with simple tricks. If you rely on them, that gate is broken.

read →
~/articles/2026-07-05-flipper-zero-firmware-maintenance-only-community-driven
Flipper Zero firmware goes maintenance-only — the honest timeline
vendor advisory

Flipper Zero firmware goes maintenance-only — the honest timeline

Flipper Devices says the Flipper Zero firmware is stable at 1.0 and full-time feature work is over. Community PRs run the future, filtered through GitHub Discussions voting and stricter review. Here's what changes.

read →
~/articles/2026-07-05-barracuda-esg-zero-day-cve-2023-2868
Barracuda Told Customers to Replace Their Appliances, Not Just Patch Them. Here's Why.
Analysis
barracuda

Barracuda Told Customers to Replace Their Appliances, Not Just Patch Them. Here's Why.

CVE-2023-2868 was exploited as a zero-day for roughly seven months before discovery — and left some compromised appliances backdoored even after the software patch was applied.

read →
~/articles/2026-07-05-jfrog-rollup-polyfill-npm-six-packages-follow-up
Four more Rollup polyfill typosquats surface in JFrog's fuller DPRK writeup
supply chain

Four more Rollup polyfill typosquats surface in JFrog's fuller DPRK writeup

JFrog's disclosure names six npm packages in the Rollup polyfill typosquat cluster, not two. The extra four sit inside the same infrastructure the earlier reporting described, and the audit surface hasn't moved.

read →
~/articles/2026-07-05-winrar-path-traversal-cve-2023-38831
The WinRAR Bug That Hid a Malicious Script Behind a Fake Photo
Explainer
rarlab

The WinRAR Bug That Hid a Malicious Script Behind a Fake Photo

CVE-2023-38831 let a booby-trapped archive execute code when a user clicked what looked like a harmless image file — exploited against trading forums before the technical details were widely known.

read →