Vulnerabilities News – SecurityWeek Cybersecurity News, Insights & Analysis
- WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
by Ionut Arghire on June 1, 2026 at 6:19 pmThe security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek.
- Critical Windows Netlogon Vulnerability in Attackers’ Crosshairsby Ionut Arghire on June 1, 2026 at 3:02 pm
Organizations are advised to patch CVE-2026-41089 as soon as possible, given its severity, the potential ongoing exploitation. The post Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs appeared first on SecurityWeek.
- 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Accessby Ionut Arghire on June 1, 2026 at 11:19 am
Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems. The post 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access appeared first on SecurityWeek.
- Recent Palo Alto Networks Vulnerability Exploited for Weeksby Ionut Arghire on June 1, 2026 at 10:00 am
Hackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after public disclosure. The post Recent Palo Alto Networks Vulnerability Exploited for Weeks appeared first on SecurityWeek.
- Exploit Code Published for Critical Flowise RCE Vulnerabilityby Ionut Arghire on May 30, 2026 at 3:55 pm
The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek.
- Gogs Zero-Day Exposes Servers to Remote Code Executionby Ionut Arghire on May 29, 2026 at 12:59 pm
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek.
- Chrome 148 Update Patches 151 Vulnerabilitiesby Ionut Arghire on May 29, 2026 at 10:17 am
The browser update resolves critical-severity security defects that could potentially lead to remote code execution. The post Chrome 148 Update Patches 151 Vulnerabilities appeared first on SecurityWeek.
- Critical FortiClient EMS Vulnerability Exploited in Fresh Attacksby Ionut Arghire on May 28, 2026 at 12:55 pm
Fortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging immediate patching. The post Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks appeared first on SecurityWeek.
- IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”by SecurityWeek News on May 28, 2026 at 12:41 pm
Project Lightwell is designed to fix vulnerabilities without breaking what is already in production. The post IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” appeared first on SecurityWeek.
- Gitea Vulnerability Exposed 30,000 Deployments to Attacksby Ionut Arghire on May 28, 2026 at 11:24 am
The security flaw allowed attackers to pull private container images, exposing source code, credentials, and infrastructure. The post Gitea Vulnerability Exposed 30,000 Deployments to Attacks appeared first on SecurityWeek.
