Over 12,000 SolarWinds Serv-U file transfer servers sit exposed to the internet. Attackers are already knocking them offline.
This vulnerability, tracked as CVE-2026-45247, has a CVSS score of 9.8. Cybersecurity and Infrastructure Security Agency added this flaw to its Known Exploited Vulnerabilities catalog.
This vulnerability, identified as CVE-2026-20230, has a CVSS score of 8.6. That's a significant threat.
One flaw, CVE-2025-48595, is particularly alarming. This vulnerability has a CVSS score of 8.4.
This was patched by Oracle in July 2024. The vulnerability allows an unauthenticated attacker with network access to take control of susceptible Oracle WebLogic Server instances.
Cybersecurity and Infrastructure Security Agency, CISA, has just added two significant vulnerabilities to its Known Exploited Vulnerabilities catalog.
Google's June 2026 Android update patches 124 vulnerabilities, including an actively exploited zero-day in the Android Framework tracked as CVE-2025-48595.
This vulnerability, tracked as CVE-2026-41089, has a CVSS score of 9.8. It's a stack-based buffer overflow issue that could be exploited via crafted network requests.
Attackers are actively exploiting a high-severity authentication bypass vulnerability in Palo Alto Networks GlobalProtect portals and gateways, allowing remote attackers to establish unauthorized VPN access to corporate networks.
