Skip to content
feed: live about
>_ 0dayNews

0dayNews — Vulnerability & Exploit News

$ kev-tracker --recent

Known Exploited Vulnerabilities

full tracker →
CVE-2026-45659
[ HIGH ] CVSS 8.8 kev

Microsoft SharePoint Server deserialization remote code execution

A high-severity deserialization-of-untrusted-data flaw in on-premises Microsoft SharePoint Server that leads to remote code execution. Patched by Microsoft in the May 2026 security update; added to the CISA Known Exploited Vulnerabilities catalog on July 2, 2026 after confirmed exploitation in the wild.

Microsoft / SharePoint Server (on-premises)
CVE-2024-3400
[ CRITICAL ] CVSS 10.0 kev

Palo Alto Networks PAN-OS GlobalProtect Command Injection Zero-Day

A command-injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS allows an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Exploited in the wild as a zero-day before a patch was available.

Palo Alto Networks / PAN-OS (GlobalProtect gateway/portal)
CVE-2023-46805
[ HIGH ] CVSS 8.2 kev

Ivanti Connect Secure / Policy Secure Authentication Bypass

An authentication-bypass vulnerability in the web component of Ivanti Connect Secure and Policy Secure gateways allows a remote attacker to access restricted resources without credentials. Chained with CVE-2024-21887 for full remote code execution in real-world attacks.

Ivanti / Connect Secure and Policy Secure
CVE-2024-21887
[ CRITICAL ] CVSS 9.1 kev

Ivanti Connect Secure / Policy Secure Command Injection

A command-injection vulnerability in the web components of Ivanti Connect Secure and Policy Secure lets an authenticated administrator send specially crafted requests to execute arbitrary commands. Chained with CVE-2023-46805's auth bypass for unauthenticated RCE in the wild.

Ivanti / Connect Secure and Policy Secure
CVE-2023-20198
[ CRITICAL ] CVSS 10.0 kev

Cisco IOS XE Web UI Privilege Escalation Zero-Day

A privilege-escalation vulnerability in the Web UI feature of Cisco IOS XE Software allows a remote, unauthenticated attacker to create an account with privilege level 15 (full admin) access, enabling full device takeover. Exploited at mass scale against tens of thousands of devices.

Cisco / IOS XE Software
CVE-2023-4966
[ CRITICAL ] CVSS 9.4 kev

Citrix Bleed — NetScaler ADC and Gateway Sensitive Information Disclosure

A buffer-overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway allows attackers to harvest valid session tokens from device memory, hijacking authenticated sessions and bypassing MFA entirely. Widely known as "Citrix Bleed."

Citrix / NetScaler ADC and NetScaler Gateway
$ latest --more

From the desk

all articles →
~/articles/2026-07-04-spring4shell-vmware-spring-framework-rce
Spring4Shell: Why This One Needed Careful Triage, Not Panic
Explainer
vmware

Spring4Shell: Why This One Needed Careful Triage, Not Panic

CVE-2022-22965 leaked publicly before VMware's patch was ready — but unlike Log4Shell, exploitation required a specific combination of conditions that made blanket panic the wrong response.

read →
~/articles/2026-07-03-anubis-ransomware-citrix-bleed-2-cve-2025-5777
● Breaking
ransomware

Anubis ransomware seen exploiting Citrix Bleed 2 for initial access

The Hacker News reports Anubis-ransomware affiliates using Citrix Bleed 2 (CVE-2025-5777) to breach NetScaler-fronted environments, then pivoting with legit RMM, BYOVD, and stolen supply-chain credentials.

read →
~/articles/2026-07-03-confluence-ognl-injection-cve-2022-26134
The Confluence Bug That Went From Zero-Day to Mass Ransomware Precursor in Days
Explainer
atlassian

The Confluence Bug That Went From Zero-Day to Mass Ransomware Precursor in Days

CVE-2022-26134 gave unauthenticated attackers remote code execution on any exposed Confluence instance — and became a go-to foothold for ransomware operators within days of disclosure.

read →
~/articles/2026-07-03-fortios-fortiproxy-auth-bypass-cve-2022-40684
FortiOS Auth Bypass: Why Fortinet Warned Select Customers Before Going Public
Explainer
fortinet

FortiOS Auth Bypass: Why Fortinet Warned Select Customers Before Going Public

CVE-2022-40684 let attackers bypass authentication on FortiOS and FortiProxy management interfaces and plant persistent SSH keys — Fortinet quietly warned targeted customers before public disclosure.

read →
~/articles/2026-07-03-kemp-loadmaster-cve-2026-8037-pre-auth-rce
progress

Kemp LoadMaster pre-auth RCE (CVE-2026-8037): PoC is out, patch now

A functional proof-of-concept for a critical pre-auth RCE in Progress Kemp LoadMaster hit the internet on June 29 and eSentire started seeing exploitation attempts the same day. Progress's fix has been available since June 4.

read →
~/articles/2026-07-03-fbi-netnut-popa-botnet-takedown
● Breaking
breach

FBI seizes NetNut proxy platform, Google degrades Popa botnet

The FBI seized hundreds of NetNut proxy domains on July 2; Google's Threat Intelligence Group, working with FBI and Lumen, cut the linked Popa botnet's usable device pool by millions the same day.

read →