CVE-2026-20093 affects Cisco Integrated Management Controller with a CVSS score of 9.8. An unauthenticated attacker can change any user password including Admin. Technical analysis and remediation procedures for UCS servers in production.
Google fixes CVE-2026-5281, a use-after-free in Dawn (WebGPU implementation) actively exploited in the wild. Chrome's 4th zero-day of 2026. All Chromium browsers affected.
Check Point reveals a ChatGPT flaw enabling conversation and file exfiltration through a hidden DNS channel. Patched by OpenAI on February 20, 2026.
F5 reclassifies CVE-2025-53521 from DoS to critical RCE (CVSS 9.8) in March 2026. In-memory-only webshells deployed, attackers linked to China.
A flaw in Microsoft Excel allows Copilot Agent to exfiltrate data without user interaction. Zero-click, critical, patch available since March 10.
The Ni8mare vulnerability in n8n allows unauthenticated full server takeover. CVSS 10.0, 100,000 estimated vulnerable instances, 26,512 detected by Censys.
Critical flaw in GNU InetUtils telnet daemon allows unauthenticated remote root code execution. 3,362 hosts directly exposed on the Internet.
PolyShell, a critical vulnerability in Magento and Adobe Commerce, allows unauthenticated file upload and execution. 50+ IPs actively scanning.
Analysis of CVE-2026-20131, a deserialization flaw in Cisco Secure Firewall Management Center. Maximum CVSS score, exploited by Interlock group since January 2026.
Analysis of CVE-2026-21992, a critical Oracle Identity Manager vulnerability allowing unauthenticated remote code execution. Patch available.
Technical analysis of CVE-2026-33017, a critical Langflow vulnerability allowing unauthenticated remote code execution. Exploited within 20 hours of disclosure.
Analysis of the March 2026 Patch Tuesday: 84 vulnerabilities patched by Microsoft, including 2 publicly disclosed zero-days, plus critical Chrome and Android fixes.