attack_FeedLIVE

Vulnerability Alerts

Vulnerability Alerts

CVEs, zero-days, exploits, and security advisories

All Feeds Attack & News Gov Alerts / ISAC Vulnerability Alerts Privacy & Governance Fraud & Scams

363 articles

VULNhighwatchTowr Labs2 months ago

Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)

Today, we woke up with a nagging feeling: what if Citrix had, in fact, patched multiple Memory Overread vulnerabilities as part of…

VULNhighwatchTowr Labs2 months ago

The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)

Sequels? Pain? We're obviously talking about Citrix NetScalers, yet again. Welcome back to another watchTowr Labs blog post - pull…

VULNcriticalZero Day Initiative3 months ago

ZDI-26-226: (0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication…

VULNMandiant3 months ago

M-Trends 2026: Data, Insights, and Strategies From the Frontlines

Every year, the cyber threat landscape forces defenders to adapt to evolving adversary tactics, techniques, and procedures (TTPs).…

VULNhighZero Day Initiative3 months ago

ZDI-26-222: (Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654…

VULNhighZero Day Initiative3 months ago

ZDI-26-225: (Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass Vulnerability

This vulnerability allows remote attackers to bypass security on affected installations of Samsung Galaxy S25. Authentication is n…

VULNhighZero Day Initiative3 months ago

ZDI-26-224: (Pwn2Own) Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary script on affected installations of Samsung Galaxy S25. Authentica…

VULNhighZero Day Initiative3 months ago

ZDI-26-223: (Pwn2Own) Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samsung Galaxy S25. User…

VULNhighwatchTowr Labs3 months ago

A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE)

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentic…

VULNhighZero Day Initiative3 months ago

ZDI-26-217: GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is requir…

VULNhighZero Day Initiative3 months ago

ZDI-26-219: GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is requir…

VULNhighZero Day Initiative3 months ago

ZDI-26-218: GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is requir…

VULNhighZero Day Initiative3 months ago

ZDI-26-221: GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is requir…

VULNhighZero Day Initiative3 months ago

ZDI-26-220: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is requir…

VULNhighMandiant3 months ago

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

Introduction Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day…

VULNwatchTowr Labs3 months ago

The Most Organized Threat Actors Use Your ITSM (BMC FootPrints Pre-Auth Remote Code Execution Chains)

SolarWinds. Ivanti. SysAid. ManageEngine. Giants of the KEV world, all of whom have ITSM side-projects. ITSMs, as a group of solu…

VULNhighZero Day Initiative3 months ago

ZDI-26-216: (Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. A…

VULNMandiant3 months ago

Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape

Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark Introduction Since 2018, when many finan…

VULNhighZero Day Initiative3 months ago

ZDI-26-196: (Pwn2Own) ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex…

VULNhighZero Day Initiative3 months ago

ZDI-26-191: (Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first…

VULNhighZero Day Initiative3 months ago

ZDI-26-187: (Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Au…

VULNhighZero Day Initiative3 months ago

ZDI-26-188: (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first…

VULNhighZero Day Initiative3 months ago

ZDI-26-189: (Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first…

VULNhighZero Day Initiative3 months ago

ZDI-26-190: (Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must…

VULNhighZero Day Initiative3 months ago

ZDI-26-198: (Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices.…

VULNhighZero Day Initiative3 months ago

ZDI-26-194: Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability

This vulnerability allows remote attackers to bypass a security feature on affected installations of Microsoft Exchange. Authentic…

VULNhighZero Day Initiative3 months ago

ZDI-26-193: (Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker…

VULNhighZero Day Initiative3 months ago

ZDI-26-211: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. Use…

VULNhighZero Day Initiative3 months ago

ZDI-26-210: (Pwn2Own) Samsung Galaxy S25 Samsung Members Security Feature Bypass Vulnerability

This vulnerability allows remote attackers to bypass a security feature on affected installations of Samsung Galaxy S25. Authentic…

VULNhighZero Day Initiative3 months ago

ZDI-26-209: (Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability

This vulnerability allows remote attackers to bypass security on affected installations of Samsung Galaxy S25. Authentication is n…