News CVE-2026-42897: Exchange Server XSS exploited against Outlook on the web — mitigation via EEMS May 15, 2026 / May 15, 2026 by Alex Mira | Leave a Comment CVE-2026-42897 is an actively exploited XSS spoofing flaw in Microsoft Exchange Server targeting Outlook on the web. No patch yet—enable Exchange Emergency Mitigation Service (EEMS) and monitor Microsoft’s advisories. Read more » CVE-2026-42897 EEMS Microsoft Exchange OWA Security advisory XSS
News CVE-2026-42945: NGINX rewrite-module bug tied to PCRE captures and “?” in replacements May 13, 2026 / May 13, 2026 by Alex Mira | Leave a Comment CVE-2026-42945 affects NGINX’s rewrite module under specific PCRE capture and replacement patterns, causing a heap overflow and worker restarts; code execution may be possible if ASLR is disabled. Version and patch details are not yet clear. Read more » CVE-2026-42945 NGINX PCRE Reverse Proxy Security advisory vulnerability Web Security
News Claude Code CVE-2026-39861: symlink-assisted sandbox escape fixed May 13, 2026 / May 13, 2026 by Alex Mira | Leave a Comment A GitHub advisory for CVE-2026-39861 details a symlink-based sandbox escape in Claude Code, now fixed. A separate CVE in jotty.page (CVE-2026-42564) addresses an unauthenticated path traversal fixed in 1.22.0. Read more » Claude Code cve Path Traversal Sandbox Security advisory Symlink
News Ivanti EPMM updates address multiple flaws (CVE-2026-5786/5787/5788/6973/7821) May 10, 2026 / May 10, 2026 by Alex Mira | Leave a Comment Ivanti’s May 2026 advisory fixes five EPMM flaws spanning access control, certificate validation, and admin-level RCE prerequisites. Here’s what’s confirmed and what to do now. Read more » Access control Certificate validation CVE-2026-5786 EPMM Ivanti Security advisory Vulnerabilities
