Category: Vulnerabilities
ATEN Unizon Directory Traversal Flaw Exposes Files to Unauthenticated Attackers
A path validation failure in ATEN's Unizon software lets remote, unauthenticated attackers read arbitrary files at SYSTEM-level privilege. ATEN has issued a…
Oracle PeopleSoft RCE Flaw Allows Auth Bypass via Deserialization
A deserialization vulnerability in Oracle PeopleSoft's HubMBeanPersistance method enables remote code execution, with the built-in authentication requirement undermined by a bypass condition.
X.Org Server Out-Of-Bounds Read Leaks Sensitive Data to Local Attackers
A missing validation check in the X.Org Server's ChangeDrawableAttributes handler lets low-privileged local users read beyond an allocated structure, potentially aiding privilege…
Quest NetVault Backup XSS Flaw Enables Authentication Bypass
A cross-site scripting vulnerability in Quest NetVault Backup's viewclient webpage allows remote attackers to bypass authentication and, chained with other flaws, execute…
ATEN Unizon Flaw Allows Remote Code Execution via Broken Signature Check
A cryptographic signature verification failure in ATEN Unizon lets authenticated remote attackers execute arbitrary code as SYSTEM. A patch is available.
Oracle PeopleSoft SSRF Flaw Requires No Auth, Scores 9.3 CVSS
A server-side request forgery vulnerability in Oracle PeopleSoft's HttpListeningConnector can be exploited by unauthenticated remote attackers and chained with other bugs to…
X.Org Server Use-After-Free Flaw Leaks Sensitive Data to Local Attackers
A use-after-free vulnerability in X.Org Server's screen saver handling allows local attackers to read sensitive memory, with potential for privilege escalation to…
Critical libssh2 Flaw Gets Public PoC, Clients at Risk of Code Execution
A proof-of-concept exploit is now public for CVE-2026-55200, a critical memory corruption bug in libssh2 that allows a malicious SSH server to…
DirtyClone Linux Kernel Flaw Enables Root Access via Socket Buffer Corruption
JFrog has released technical details and a proof-of-concept for DirtyClone, a high-severity Linux kernel privilege escalation vulnerability that extends a broader family…
Microsoft Extends Windows Server 2022 Hotpatching Support to October 2027
Microsoft has pushed the hotpatch support window for Windows Server 2022 Datacenter: Azure Edition one year past mainstream end-of-support, giving enrolled organizations…
May 2026 Patch Tuesday: 118 Microsoft Fixes, No Zero-Days, AI Finds Bugs
Microsoft's May 2026 Patch Tuesday addresses 118 vulnerabilities with no actively exploited zero-days, while AI-assisted bug discovery is driving record patch volumes…
Smarter Vulnerability Triage: Pairing CVSS With EPSS and GCVE
Cisco Talos argues that severity scores alone make poor prioritization tools, and outlines a practical triage stack combining CVSS, EPSS, and the…