News Security CVE-2026-10795: Authentication bypass in UpdraftPlus impacts sites connected to UpdraftCentral June 12, 2026 / June 12, 2026 by Alex Mira | Leave a Comment CVE-2026-10795 is a high-severity authentication bypass in UpdraftPlus fixed in 1.26.5, exploitable only on sites previously connected to UpdraftCentral. Read more » CVE-2026-10795 Security Patch UpdraftCentral UpdraftPlus vulnerability wordpress
News CVE-2025-48595: Android integer overflow bug patched in June 2026 June 2, 2026 / June 2, 2026 by Alex Mira | Leave a Comment CVE-2025-48595 is an Android integer overflow leading to local privilege escalation that requires no user interaction. Google’s June 2026 patches address it; users should update to patch level 2026-06-05 or later. Read more » Android security CVE-2025-48595 Mobile security Patching Security advisories vulnerability
News CVE-2026-8206: Password reset flaw in Kirki plugin could enable account takeover June 2, 2026 / June 2, 2026 by Alex Mira | Leave a Comment CVE-2026-8206 affects Kirki 6.0.0–6.0.6, allowing password reset emails to be sent to attacker-controlled addresses. Update from the WordPress directory now. Read more » Account Takeover CVE-2026-8206 Kirki Plugin security Privilege escalation vulnerability wordpress
News CVE-2026-9082: Drupal’s PostgreSQL SQL injection is being probed — update your sites May 30, 2026 / May 30, 2026 by Alex Mira | Leave a Comment Drupal disclosed CVE-2026-9082, a PostgreSQL-only SQL injection in core. Exploit attempts are being observed. Update to the patched Drupal releases as soon as possible. Read more » CMS security CVE-2026-9082 Drupal Patching PostgreSQL SQL injection vulnerability
News CVE-2026-43500: Linux rxrpc shared‑fragment bug tied to “Dirty Frag” page‑cache writes May 14, 2026 / May 14, 2026 by Alex Mira | Leave a Comment CVE-2026-43500 fixes a Linux rxrpc flaw in how shared packet fragments are handled. It’s linked to the “Dirty Frag” chain enabling page‑cache writes and local root. Update kernels promptly. Read more » CVE-2026-43500 Dirty Frag Linux kernel Privilege escalation rxrpc Security updates vulnerability
News CVE-2026-42945: NGINX rewrite-module bug tied to PCRE captures and “?” in replacements May 13, 2026 / May 13, 2026 by Alex Mira | Leave a Comment CVE-2026-42945 affects NGINX’s rewrite module under specific PCRE capture and replacement patterns, causing a heap overflow and worker restarts; code execution may be possible if ASLR is disabled. Version and patch details are not yet clear. Read more » CVE-2026-42945 NGINX PCRE Reverse Proxy Security advisory vulnerability Web Security
News CVE-2026-43284: Linux fixes an ESP decryption flaw tied to “Dirty Frag” reports May 11, 2026 / May 11, 2026 by Alex Mira | Leave a Comment Linux has patched CVE-2026-43284 in the xfrm/ESP input path to avoid unsafe in-place decryption on shared fragments. Media link it to the “Dirty Frag” LPE chain, but only parts are confirmed. Here’s what’s known and what to do next. Read more » CVE-2026-43284 ESP IPsec kernel linux security vulnerability
News CVE-2026-43284: Fix for in‑place decryption on shared skb fragments in Linux’s ESP path May 10, 2026 / May 10, 2026 by Alex Mira | Leave a Comment CVE-2026-43284 fixes a Linux kernel ESP receive-path flaw where in-place decryption could occur on shared skb fragments. Here’s what’s confirmed and how to proceed. Read more » CVE-2026-43284 ESP IPsec Kernel update Linux kernel Networking security vulnerability
News CVE-2026-26956: vm2 sandbox escape in 3.10.4 enables host code execution, patch available May 7, 2026 / May 7, 2026 by Alex Mira | Leave a Comment CVE-2026-26956 allows a vm2 sandbox escape in version 3.10.4, enabling host code execution under specific Node.js 25 settings. NVD says it’s patched in 3.10.5. Read more » cve JavaScript security Node.js Sandbox vm2 vulnerability WebAssembly
News Security Critical cPanel Vulnerability CVE-2026-41940 Actively Exploited: What Website Owners and Hosting Providers Need to Know May 4, 2026 / May 4, 2026 by Corentin C | Leave a Comment CVE-2026-41940 is a critical cPanel and WHM authentication bypass vulnerability actively exploited in the wild. Learn who is affected, what attackers can do, and how to patch. Read more » cpanel cve cve-2026-41940 security vulnerability web hosting
