News SAP patches critical Commerce Cloud RCE and S/4HANA SQL injection (CVE-2026-34263, CVE-2026-34260) May 14, 2026 / May 14, 2026 by Alex Mira | Leave a Comment SAP’s May 2026 updates fix two critical issues: unauthenticated RCE in Commerce Cloud (CVE-2026-34263) and authenticated SQL injection in S/4HANA Enterprise Search (CVE-2026-34260). Read more » CVE-2026-34260 CVE-2026-34263 S/4HANA SAP SAP Commerce Cloud Security updates Vulnerabilities
News CVE-2026-42945: NGINX rewrite-module bug tied to PCRE captures and “?” in replacements May 13, 2026 / May 13, 2026 by Alex Mira | Leave a Comment CVE-2026-42945 affects NGINX’s rewrite module under specific PCRE capture and replacement patterns, causing a heap overflow and worker restarts; code execution may be possible if ASLR is disabled. Version and patch details are not yet clear. Read more » CVE-2026-42945 NGINX PCRE Reverse Proxy Security advisory vulnerability Web Security
News Claude Code CVE-2026-39861: symlink-assisted sandbox escape fixed May 13, 2026 / May 13, 2026 by Alex Mira | Leave a Comment A GitHub advisory for CVE-2026-39861 details a symlink-based sandbox escape in Claude Code, now fixed. A separate CVE in jotty.page (CVE-2026-42564) addresses an unauthenticated path traversal fixed in 1.22.0. Read more » Claude Code cve Path Traversal Sandbox Security advisory Symlink
News CVE-2026-43284: Linux fixes an ESP decryption flaw tied to “Dirty Frag” reports May 11, 2026 / May 11, 2026 by Alex Mira | Leave a Comment Linux has patched CVE-2026-43284 in the xfrm/ESP input path to avoid unsafe in-place decryption on shared fragments. Media link it to the “Dirty Frag” LPE chain, but only parts are confirmed. Here’s what’s known and what to do next. Read more » CVE-2026-43284 ESP IPsec kernel linux security vulnerability
News Ivanti EPMM updates address multiple flaws (CVE-2026-5786/5787/5788/6973/7821) May 10, 2026 / May 10, 2026 by Alex Mira | Leave a Comment Ivanti’s May 2026 advisory fixes five EPMM flaws spanning access control, certificate validation, and admin-level RCE prerequisites. Here’s what’s confirmed and what to do now. Read more » Access control Certificate validation CVE-2026-5786 EPMM Ivanti Security advisory Vulnerabilities
News CVE-2026-43284: Fix for in‑place decryption on shared skb fragments in Linux’s ESP path May 10, 2026 / May 10, 2026 by Alex Mira | Leave a Comment CVE-2026-43284 fixes a Linux kernel ESP receive-path flaw where in-place decryption could occur on shared skb fragments. Here’s what’s confirmed and how to proceed. Read more » CVE-2026-43284 ESP IPsec Kernel update Linux kernel Networking security vulnerability
News CVE-2026-26956: vm2 sandbox escape in 3.10.4 enables host code execution, patch available May 7, 2026 / May 7, 2026 by Alex Mira | Leave a Comment CVE-2026-26956 allows a vm2 sandbox escape in version 3.10.4, enabling host code execution under specific Node.js 25 settings. NVD says it’s patched in 3.10.5. Read more » cve JavaScript security Node.js Sandbox vm2 vulnerability WebAssembly
News Security Critical cPanel Vulnerability CVE-2026-41940 Actively Exploited: What Website Owners and Hosting Providers Need to Know May 4, 2026 / May 4, 2026 by Corentin C | Leave a Comment CVE-2026-41940 is a critical cPanel and WHM authentication bypass vulnerability actively exploited in the wild. Learn who is affected, what attackers can do, and how to patch. Read more » cpanel cve cve-2026-41940 security vulnerability web hosting
News Security CVE-2026-31431 (“Copy Fail”): What You Need to Know April 30, 2026 / May 7, 2026 by Corentin C | Leave a Comment CVE-2026-31431 (“Copy Fail”) is a high-severity Linux kernel vulnerability enabling local privilege escalation and container escape. Learn its impact and how to patch or mitigate it effectively. Read more » cve CVE-2026-31431 kernel linux security
News Security AdwCleaner 8.7.0 Beta Released – Performance, Stability, and a Security Fix December 21, 2025 / December 21, 2025 by Corentin C | Leave a Comment AdwCleaner 8.7.0 beta is now available with major performance improvements, a faster JSON parser, and a security fix for CVE-2025-67905. Read more » adwcleaner beta malwarebytes release
