Tag: cve-2026-21262

CVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV Cisco has disclosed CVE-2026-20182, a critical authentication bypass affecting Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw is in the peering authentication / control-connection handshake process and can allow an unauthenticated remote attacker to bypass authentication and gain […]

Web infrastructure bugs remain especially dangerous when they sit in widely deployed request-handling logic for years without detection. Among the latest vulnerabilities impacting NGINX Plus and NGINX Open, the CVE-2026-Adresse geschuetzt 18-year-old heap buffer overflow in ngx_http_rewrite_module that can be reached by an unauthenticated attacker through crafted HTTP requests and may […] The post CVE-2026-42945: […]

Local privilege-escalation bugs remain especially dangerous when they turn an ordinary user foothold into immediate root access. The CVE-2026-Adresse geschuetzt, nicknamed Fragnesia, is a high-severity Linux kernel flaw in the XFRM ESP-in-TCP subsystem that allows an unprivileged local attacker to write arbitrary bytes into the page cache of read-only files and escalate privileges. Public reporting […]

The vulnerability, tracked as CVE-2026-46300, is similar to the recently disclosed exploits named Dirty Frag and Copy Fail. The post New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation appeared first on SecurityWeek.

CVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE CVE-2026-Adresse geschuetzt ngx_http_rewrite_module (the rewrite module). The bug is remotely reachable over HTTP and can be triggered without authentication when specific rewrite-rule patterns are present, which makes it relevant for internet-facing NGINX reverse proxies. Many […]

Linux local privilege escalation bugs remain especially dangerous when they turn a limited foothold into full root access. The CVE-2026-Adresse geschuetzt, which Microsoft says is already linked to limited in-the-wild post-compromise abuse, while Qualys describes it as a page-cache write issue that can let an […] The post CVE-2026-Adresse geschuetzt-2026-43284: Dirty Frag Linux Privilege Escalation […]

CVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEV Ivanti has patched CVE-2026-6973, a high-severity remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) on-prem deployments. The vulnerability has been exploited in the wild – CISA has also added it to the Known Exploited Vulnerabilities (KEV) catalog. Although exploitation requires remote […]

CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-Adresse geschuetzt.js sandbox library vm2. In vm2 3.10.4, attacker-controlled JavaScript executed through VM.run() can break out of the sandbox and reach the host process object, leading to arbitrary code execution (RCE) in the host Node.js process. This post […]