Category desk
Exploits
Zero-days, proof-of-concept activity, exploit chains, and emergency patch windows.
SAP Patches Second Critical NetWeaver Flaw After Researchers Link It to Chained Zero-Day Attacks
SAP patched CVE-2025-42999, a critical NetWeaver Visual Composer deserialization flaw linked to chained attacks that followed exploitation of CVE-2025-31324.
NGINX “Rift” Rewrite Module Flaw Confirmed as CVE-2026-42945
CVE-2026-42945 is now tracked as a heap-based buffer overflow in NGINX's rewrite module, affecting NGINX Open Source and NGINX Plus under specific rewrite-rule conditions.
Microsoft Confirms Exploited Exchange OWA Vulnerability as CVE-2026-42897
Microsoft has disclosed CVE-2026-42897, a high-severity Exchange Server Outlook Web Access vulnerability affecting on-premises deployments, with mitigation available while a permanent fix is pending.
Cisco Patches Critical SD-WAN Zero-Day Exploited by Sophisticated Threat Actor
Cisco patched CVE-2026-20182, a critical Catalyst SD-WAN Controller and Manager zero-day that can let remote attackers bypass authentication and manipulate SD-WAN fabric configuration.