Skip to content
feed: live
>_ 0dayNews

0dayNews — Vulnerability & Exploit News

$ kev-tracker --recent

Known Exploited Vulnerabilities

full tracker →
CVE-2026-15409
[ CRITICAL ] CVSS 10.0 kev

SonicWall SMA1000 unauthenticated SSRF in Work Place portal

An unauthenticated server-side request forgery in the SonicWall SMA1000 Work Place web interface lets a remote attacker force the appliance to make requests to attacker-chosen destinations. Actively exploited; on CISA KEV.

SonicWall / SMA1000 Series (6210, 7210, 8200v)
CVE-2026-15410
[ HIGH ] CVSS 7.2 kev

SonicWall SMA1000 post-authentication OS command injection

A post-authentication OS command injection in the SonicWall SMA1000 lets an administrator execute arbitrary OS commands on the appliance. Actively exploited alongside CVE-2026-15409; on CISA KEV.

SonicWall / SMA1000 Series (6210, 7210, 8200v)
CVE-2026-56155
[ HIGH ] CVSS 7.8 kev

AD FS elevation of privilege — insufficient access-control granularity

Active Directory Federation Services access-control granularity flaw lets an authorized attacker escalate privileges locally. Exploited in the wild; added to CISA KEV 2026-07-14.

Microsoft / Active Directory Federation Services (AD FS) — see MSRC advisory for affected builds
CVE-2026-56164
[ MEDIUM ] CVSS 5.3 kev

SharePoint Server elevation of privilege — missing authentication for critical function

SharePoint Server ships a critical function that's reachable without authentication, letting an unauthenticated attacker escalate over a network. Exploited in the wild; added to CISA KEV 2026-07-14.

Microsoft / Microsoft SharePoint Server (see MSRC advisory for affected builds)
CVE-2026-56291
[ CRITICAL ] CVSS 9.8 kev

Balbooa Forms unauthenticated file-upload RCE

The Balbooa Forms Joomla extension (com_baforms) up to 2.4.0 accepts unauthenticated file uploads that permit dropping a PHP file to the web root, leading to remote code execution. Fixed in 2.4.1. CVSS 9.8. Added to CISA KEV on 2026-07-10.

Balbooa / Forms (Joomla extension, com_baforms)
CVE-2026-48908
[ CRITICAL ] CVSS 9.8 EPSS 0.8% kev

JoomShaper SP Page Builder unauthenticated file-upload RCE

An unrestricted-file-upload flaw in JoomShaper SP Page Builder (a Joomla extension) lets unauthenticated users upload arbitrary files, leading to execution of PHP code. CVSS 9.8 critical. Added to CISA KEV on 2026-07-07 alongside two other adds.

JoomShaper / SP Page Builder (Joomla extension)
$ latest --more

From the desk

all articles →
~/articles/2026-07-15-cisa-sharepoint-three-cves-bod-26-04-july-17-deadline
CISA: three SharePoint bugs exploited, patch by July 17
● Breaking
microsoft

CISA: three SharePoint bugs exploited, patch by July 17

CISA named three actively exploited on-prem SharePoint CVEs and put a July 17 remediation clock on federal agencies. Shadowserver counts 800+ unpatched servers. Patch on one maintenance touch.

read →
~/articles/2026-07-15-asyncapi-npm-miasma-multi-c2-loader-cicd-compromise
Miasma loader shipped in 5 @asyncapi npm package versions
● Breaking
supply chain

Miasma loader shipped in 5 @asyncapi npm package versions

5 @asyncapi npm versions unpublished. Miasma loader ships 744 modules over six C2 channels. Attackers compromised the CI/CD pipeline, not npm tokens — treat as post-install compromise.

read →
~/articles/2026-07-15-mindgard-cursor-git-exe-workspace-root-no-patch
Mindgard: Cursor still runs git.exe from repo root
threat intel

Mindgard: Cursor still runs git.exe from repo root

Aaron Portnoy's Mindgard team went public today: Cursor 3.11 on Windows executes any git.exe sitting in a cloned repo's root — seven months, no patch.

read →
~/articles/2026-07-15-doj-media-land-yalishanda-lockbit-blacksuit-play-bulletproof-hosting-indictment
DOJ indicts Media Land trio: LockBit, BlackSuit, Play host
● Breaking
ransomware

DOJ indicts Media Land trio: LockBit, BlackSuit, Play host

USAO-NDOH unsealed a Dec 2024 indictment against Volosovik ('Yalishanda'), Pankova, and Zatolokin — Media Land and ML.Cloud hosted LockBit, BlackSuit, Play. $62M losses, 21 states.

read →
~/articles/2026-07-15-microsoft-safeguard-hold-dell-kb5101650-intel-ipf-shutdowns
Microsoft blocks Dell PCs from July KB5101650 rollout
microsoft

Microsoft blocks Dell PCs from July KB5101650 rollout

Microsoft applied a safeguard hold on July's KB5101650 for a limited set of Dell devices running Windows 11 25H2 and 24H2 after a June preview update triggered Intel IPF driver crashes, heat, and battery drain.

read →
~/articles/2026-07-15-microsoft-entra-id-passkeys-default-september-sms-voice-retirement-feb-2027
Entra ID passkeys go default in Sept; SMS/voice out Feb 1
microsoft

Entra ID passkeys go default in Sept; SMS/voice out Feb 1

Microsoft is auto-enrolling Entra ID SMS/voice MFA users into passkeys starting September 2026 and retiring native SMS/voice delivery on Feb 1, 2027. What to do.

read →