Skip to content
feed: live about
>_ 0dayNews
$ latest

Vulnerability & Exploit Coverage

18 articles · sorted newest first

~/articles/2026-07-06-gitlab-exiftool-rce-cve-2021-22205
GitLab's ExifTool RCE: A Patch That Sat Unrecognized for Months
Explainer
gitlab

GitLab's ExifTool RCE: A Patch That Sat Unrecognized for Months

CVE-2021-22205 was quietly fixed in April 2021 — but its full unauthenticated remote-code-execution severity wasn't widely understood until late 2021, by which point mass exploitation had already begun.

read →
~/articles/2026-07-05-barracuda-esg-zero-day-cve-2023-2868
Barracuda Told Customers to Replace Their Appliances, Not Just Patch Them. Here's Why.
Analysis
barracuda

Barracuda Told Customers to Replace Their Appliances, Not Just Patch Them. Here's Why.

CVE-2023-2868 was exploited as a zero-day for roughly seven months before discovery — and left some compromised appliances backdoored even after the software patch was applied.

read →
~/articles/2026-07-05-winrar-path-traversal-cve-2023-38831
The WinRAR Bug That Hid a Malicious Script Behind a Fake Photo
Explainer
rarlab

The WinRAR Bug That Hid a Malicious Script Behind a Fake Photo

CVE-2023-38831 let a booby-trapped archive execute code when a user clicked what looked like a harmless image file — exploited against trading forums before the technical details were widely known.

read →
~/articles/2026-07-04-vmware-vcenter-vsphere-client-rce-cve-2021-21972
vCenter's Unrestricted-Upload Bug: A Reminder That Management Planes Shouldn't Face the Internet
Explainer
vmware

vCenter's Unrestricted-Upload Bug: A Reminder That Management Planes Shouldn't Face the Internet

CVE-2021-21972 let unauthenticated attackers execute code with root privileges on VMware vCenter Server — and internet scans found tens of thousands of instances exposed anyway, against VMware's own guidance.

read →
~/articles/2026-07-04-spring4shell-vmware-spring-framework-rce
Spring4Shell: Why This One Needed Careful Triage, Not Panic
Explainer
vmware

Spring4Shell: Why This One Needed Careful Triage, Not Panic

CVE-2022-22965 leaked publicly before VMware's patch was ready — but unlike Log4Shell, exploitation required a specific combination of conditions that made blanket panic the wrong response.

read →
~/articles/2026-07-03-confluence-ognl-injection-cve-2022-26134
The Confluence Bug That Went From Zero-Day to Mass Ransomware Precursor in Days
Explainer
atlassian

The Confluence Bug That Went From Zero-Day to Mass Ransomware Precursor in Days

CVE-2022-26134 gave unauthenticated attackers remote code execution on any exposed Confluence instance — and became a go-to foothold for ransomware operators within days of disclosure.

read →
~/articles/2026-07-03-fortios-fortiproxy-auth-bypass-cve-2022-40684
FortiOS Auth Bypass: Why Fortinet Warned Select Customers Before Going Public
Explainer
fortinet

FortiOS Auth Bypass: Why Fortinet Warned Select Customers Before Going Public

CVE-2022-40684 let attackers bypass authentication on FortiOS and FortiProxy management interfaces and plant persistent SSH keys — Fortinet quietly warned targeted customers before public disclosure.

read →
~/articles/2026-07-02-f5-big-ip-icontrol-rest-auth-bypass
F5 BIG-IP's Maximum-Severity Auth Bypass: What CVE-2022-1388 Actually Exposed
Explainer
f5

F5 BIG-IP's Maximum-Severity Auth Bypass: What CVE-2022-1388 Actually Exposed

A critical authentication-bypass flaw in F5 BIG-IP's iControl REST API let unauthenticated attackers execute system commands on appliances that front an enormous share of enterprise application traffic.

read →
~/articles/2026-07-02-follina-msdt-zero-day-explained
Follina Explained: The MSDT Bug That Skipped the Macro Warning Entirely
Explainer
microsoft

Follina Explained: The MSDT Bug That Skipped the Macro Warning Entirely

CVE-2022-30190 let a Word document trigger arbitrary code execution through the Windows Support Diagnostic Tool — no macros, and in some configurations no explicit click required beyond opening the file.

read →
~/articles/2026-07-01-mshtml-office-zero-day-cve-2021-40444
The MSHTML Zero-Day That Turned a Word Document Into Full Code Execution
Explainer
microsoft

The MSHTML Zero-Day That Turned a Word Document Into Full Code Execution

CVE-2021-40444 let attackers execute arbitrary code through a malicious Office document with no macros required — exploited in the wild before Microsoft's patch existed.

read →
~/articles/2026-07-01-proxylogon-exchange-server-attack-chain
ProxyLogon: Inside the Exchange Server Attack Chain That Triggered an FBI Court Order
Analysis
microsoft

ProxyLogon: Inside the Exchange Server Attack Chain That Triggered an FBI Court Order

CVE-2021-26855 and three chained Exchange Server bugs gave attackers unauthenticated remote code execution — and led to a compromise event so widespread the FBI obtained a court order to remove webshells itself.

read →
~/articles/2026-06-30-printnightmare-windows-print-spooler-explained
PrintNightmare: How a Leaked Proof-of-Concept Forced an Emergency Windows Patch
Explainer
microsoft

PrintNightmare: How a Leaked Proof-of-Concept Forced an Emergency Windows Patch

CVE-2021-34527 let attackers turn the Windows Print Spooler service — running by default on nearly every Windows machine — into a path to SYSTEM privileges or full domain compromise.

read →
~/articles/2026-06-30-log4shell-log4j-anniversary-explainer
Log4Shell, Explained: Why a Logging Library Became the Internet's Worst Week
Explainer
apache

Log4Shell, Explained: Why a Logging Library Became the Internet's Worst Week

CVE-2021-44228 turned a single misused feature in Apache Log4j2 — a Java logging library embedded almost everywhere — into one of the most widely exploited vulnerabilities ever recorded.

read →
~/articles/2026-06-28-outlook-monikerlink-rce-patch-tuesday-explainer
The Outlook 'MonikerLink' Bug: One Click, Protected View Bypassed
Explainer
microsoft

The Outlook 'MonikerLink' Bug: One Click, Protected View Bypassed

CVE-2024-21413 let attackers bypass Outlook's Protected View sandbox with a single specially crafted hyperlink, leading to code execution and potential credential leakage. Patched in February 2024's Patch Tuesday.

read →
~/articles/2026-06-27-pan-os-globalprotect-command-injection-zero-day
PAN-OS GlobalProtect Zero-Day Gave Attackers Root on the Firewall Itself
Explainer
palo alto networks

PAN-OS GlobalProtect Zero-Day Gave Attackers Root on the Firewall Itself

CVE-2024-3400, a maximum-severity command-injection flaw in Palo Alto Networks' PAN-OS GlobalProtect feature, was exploited in the wild before a patch existed — handing attackers root access to the perimeter firewall.

read →
~/articles/2026-06-26-ivanti-connect-secure-chained-zero-days-explained
Inside the Ivanti Connect Secure Zero-Day Chain Attackers Used Before a Patch Existed
Explainer
ivanti

Inside the Ivanti Connect Secure Zero-Day Chain Attackers Used Before a Patch Existed

CVE-2023-46805 and CVE-2024-21887, chained together, gave a suspected nation-state actor unauthenticated remote code execution on Ivanti Connect Secure and Policy Secure VPN gateways for weeks before patches.

read →
~/articles/2026-06-25-citrix-bleed-netscaler-session-hijacking-explained
Citrix Bleed: How a Memory Leak in NetScaler Bypassed MFA Entirely
Explainer
citrix

Citrix Bleed: How a Memory Leak in NetScaler Bypassed MFA Entirely

CVE-2023-4966, known as Citrix Bleed, let attackers pull live session tokens straight out of NetScaler ADC and Gateway memory — hijacking already-authenticated sessions without needing a password or MFA code.

read →
~/articles/2026-06-24-cisco-ios-xe-web-ui-zero-day-mass-exploitation
Cisco IOS XE Web UI Zero-Day: How One Bug Compromised Tens of Thousands of Devices
Explainer
cisco

Cisco IOS XE Web UI Zero-Day: How One Bug Compromised Tens of Thousands of Devices

CVE-2023-20198, a maximum-severity privilege-escalation flaw in Cisco IOS XE's web management interface, was exploited at mass scale before a patch existed — handing attackers full admin control of network infrastructure.

read →