Critical-severity advisories
60 alerts in this category.
CVEs and security advisories rated CRITICAL — exploitation is trivial or already observed in the wild and impact is severe. These are the alerts that get prioritized first in any sane vulnerability-management program.
Talos Intelligence Advisory — May 6, 2026
Talos Intelligence published an research on "Talos Intelligence Advisory — May 6, 2026". Topic areas: cisco, talos, malware, threat-intel. Published May 6, 2026. See the original source linked under R
CiscoRowhammer Attack Against NVIDIA Chips
A new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generati
NVIDIACISA: Critical Infrastructure Must Master Isolation, Recovery
The agency has issued guidance to help critical infrastructure operators prepare for cyberattacks by foreign threat actors. The post CISA: Critical Infrastructure Must Master Isolation, Recovery appea
Sophisticated Quasar Linux RAT Targets Software Developers
The persistent, evasive implant provides remote access, surveillance, and credential exfiltration capabilities. The post Sophisticated Quasar Linux RAT Targets Software Developers appeared first on Se
LinuxGoogle's Android Apps Get Public Verification to Stop Supply Chain Attacks
The Hacker News published an news on "Google's Android Apps Get Public Verification to Stop Supply Chain Attacks". Topic areas: zero-day, malware, ransomware, data-breach. Published May 6, 2026. See t
GoogleWindows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
The Hacker News published an news on "Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs". Topic areas: zero-day, malware, ransomware, data-breach. Published May 6, 2026. See the
Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
Palo AltoGovernment, Scientific Entities Hit via Daemon Tools Supply Chain Attack
While trojanized Daemon Tools versions were installed worldwide, a sophisticated backdoor was dropped only on a dozen systems. The post Government, Scientific Entities Hit via Daemon Tools Supply Chai
Kubernetes v1.36: Declarative Validation Graduates to GA
In Kubernetes v1.36, Declarative Validation for Kubernetes native types has reached General Availability (GA). For users, this means more reliable, predictable, and better-documented APIs. By moving t
KubernetesPalo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Palo AltoCVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
CVE-2026-43037CVE-2026-43964
CVE-2026-43964Oracle Debuts Monthly Critical Security Patch Updates
Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster. The post Oracle Debuts Monthly Critical Security Patch Updates appeared fi
OraclePalo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityW
Palo AltoCVE-2026-0300CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal (Severity: CRITICAL)
CVE-2026-0300Beta Channel Update for ChromeOS / ChromeOS Flex
Beta Channel Update for ChromeOS / ChromeOS Flex
GoogleUSN-8230-1: Docker vulnerabilities
It was discovered that BuildKit, contained within Docker, incorrectly handled file path validation when processing frontend API messages. An attacker could possibly use this issue to write files outsi
DockerCVE-2026-33747SANS Internet Storm Center Advisory — May 6, 2026
SANS Internet Storm Center Advisory — May 6, 2026
The Record by Recorded Future Advisory — May 7, 2026
The Record by Recorded Future Advisory — May 7, 2026
Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years
Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis. The post Copy Fail: What You Need to Know About th
LinuxCVE-2026-31431Stable Channel Update for Desktop
Stable Channel Update for Desktop
GoogleChrome for Android Update
Chrome for Android Update
GoogleChrome Beta for Android Update
Chrome Beta for Android Update
GoogleNew stealthy Quasar Linux malware targets software developers
New stealthy Quasar Linux malware targets software developers
LinuxInstructure hacker claims data theft from 8,800 schools, universities
Instructure hacker claims data theft from 8,800 schools, universities
The Record by Recorded Future Advisory — May 5, 2026
The Record by Recorded Future Advisory — May 5, 2026
USN-8234-1: Mako vulnerability
It was discovered that Mako incorrectly handled URIs with double-slash prefixes in TemplateLookup. A remote attacker could possibly use this issue to obtain sensitive information.
Hitachi Energy PCM600
View CSAF Summary Hitachi Energy is aware of a vulnerability that affects the Hitachi Energy PCM600 product versions listed in this document. An attacker successfully exploiting this vulnerability can
CVE-2018-1002208ABB B&R Automation Studio
View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulnerability. Successful exploitation of this vu
CVE-2025-11043ABB B&R PVI
View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. An attacker
CVE-2026-0936Johnson Controls CEM AC2000
View CSAF Summary Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. The following versions of Johnson Controls CEM AC2000 are affect
CVE-2026-21661ABB B&R Automation Runtime
View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulnerability. An attacker who successfully explo
CVE-2025-11044The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss
The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
The Record by Recorded Future Advisory — May 5, 2026
The Record by Recorded Future Advisory — May 5, 2026
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks again
CiscoCVE-2025-20204Student hacked Taiwan high-speed rail to trigger emergency brakes
Student hacked Taiwan high-speed rail to trigger emergency brakes
USN-8232-1: Django vulnerabilities
It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSION_SAVE_EVERY_REQUEST was enabled. A remote attacker could possibly use this is
CVE-2026-35192USN-8233-1: nghttp2 vulnerability
Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to cras
The Record by Recorded Future Advisory — May 5, 2026
The Record by Recorded Future Advisory — May 5, 2026
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
ApacheCVE-2026-23918DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations
The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM. The post Microsoft Warns of Sophisticated Phishing Campaign Targeting US Or
MicrosoftChina-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
FTC to ban data broker Kochava from selling Americans’ location data
FTC to ban data broker Kochava from selling Americans’ location data
Hacker Conversations: Joey Melo on Hacking AI
AI red team specialist details his methods for manipulating AI guardrails through jailbreaking and data poisoning, helping developers harden machine learning models. The post Hacker Conversations: Joe
Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
Dubbed Bleeding Llama, the heap out-of-bounds read issue can be exploited remotely, without authentication. The post Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft appeared
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.
Cisco Talos Intelligence Advisory — May 5, 2026
Cisco Talos Intelligence Advisory — May 5, 2026
MicrosoftCVE-2025-0994New Phishing Campaign Targets US with Credential Theft: What CISOs Need to Know
A new large-scale phishing campaign is targeting U.S. organizations with fake event invitations that lead to credential theft, OTP interception, or RMM tool installation. ANY.RUN researchers found tha
GoogleThe Record by Recorded Future Advisory — May 5, 2026
The Record by Recorded Future Advisory — May 5, 2026
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
CVE-2026-29014Vimeo data breach exposes personal information of 119,000 people
Vimeo data breach exposes personal information of 119,000 people
Karakurt Ransomware Negotiator Sentenced to Prison
Deniss Zolotarjovs was directly involved in extortion strategies and in negotiations with victim companies. The post Karakurt Ransomware Negotiator Sentenced to Prison appeared first on SecurityWeek.
Critical Remote Code Execution Vulnerability Patched in Android
CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction. The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on Securi
CVE-2026-0073Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
The most severe of these security defects could allow remote attackers to execute arbitrary code. The post Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server appeared first on
ApacheSANS Internet Storm Center Advisory — May 5, 2026
Yup, that is for real. ]]>
MicrosoftSANS Internet Storm Center Advisory — May 5, 2026
I just got an email from SSL.com last night, they are rotating  out their root certificate today (May 5,2026).  This is normal, business as usual stuff for a
GoogleGoogle now offers up to $1.5 million for some Android exploits
Google now offers up to $1.5 million for some Android exploits
Google
Get alerts that match YOUR environment
This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.
Start a free scan