vulnerability
CISA KEV flags Quest KACE SMA auth bypass as a high-priority risk
CISA KEV flags Quest KACE SMA auth bypass as a high-priority risk CVE-2025-32975 is the kind of issue defenders should triage quickly because it affects a manag...
Lucas Oliveira
Research
SGLang CVE-2026-5760 turns malicious GGUF models into RCE
SGLang CVE-2026-5760 turns malicious GGUF models into RCE Executive summary A newly disclosed flaw in SGLang means a malicious GGUF model file can become an exe...
Lucas Oliveira
Research
Apache ActiveMQ RCE CVE-2026-34197 Lands in CISA KEV
Apache ActiveMQ RCE CVE-2026-34197 lands in CISA KEV Executive summary CISA has added CVE-2026-34197 to the Known Exploited Vulnerabilities catalog after attack...
Lucas Oliveira
Research
Critical protobuf.js flaw turns untrusted schemas into JavaScript code execution
Critical protobuf.js flaw turns untrusted schemas into JavaScript code execution A newly disclosed protobuf.js issue deserves attention well beyond the JavaScri...
Lucas Oliveira
Research
Leaked Windows Defender zero-days are already being used to gain SYSTEM access
Leaked Windows Defender zero-days are already being used to gain SYSTEM access A fast-moving Windows story matters to defenders this week for a simple reason: p...
Lucas Oliveira
Research
CVE-2026-33032 in nginx-ui Enables Full Nginx Server Takeover via Unauthenticated MCP Access
CVE-2026-33032 in nginx-ui Enables Full Nginx Server Takeover via Unauthenticated MCP Access A critical flaw in nginx-ui, the web-based Nginx management tool, c...
Lucas Oliveira
Research
CVE-2026-5194 weakens wolfSSL certificate trust in embedded deployments
CVE-2026-5194 weakens wolfSSL certificate trust in embedded deployments CVE-2026-5194 is a reminder that core cryptographic libraries can create outsized enterp...
Lucas Oliveira
Research
Docker AuthZ Plugin Bypass in CVE-2026-34040 Weakens API-Level Container Controls
Docker AuthZ Plugin Bypass in CVE-2026-34040 Weakens API-Level Container Controls A newly disclosed Docker Engine and Moby flaw, tracked as CVE-2026-34040, show...
Lucas Oliveira
Research
CVE-2026-22557 puts internet-exposed UniFi controllers at account-takeover risk
CVE-2026-22557 puts internet-exposed UniFi controllers at account-takeover risk CVE-2026-22557 is the kind of infrastructure flaw defenders should treat as urge...
Lucas Oliveira
Research
CVE-2026-34040 puts Docker image-mount trust on the host-root risk path
CVE-2026-34040 puts Docker image-mount trust on the host-root risk path CVE-2026-34040 is the kind of Docker bug that changes the conversation from ordinary con...
Lucas Oliveira
Research
CVE-2026-35616 puts exposed FortiClient EMS servers into the incident-response lane
CVE-2026-35616 puts exposed FortiClient EMS servers into the incident-response lane CVE-2026-35616 is the second serious FortiClient EMS story in less than two...
Lucas Oliveira
Research
CVE-2026-35616 puts FortiClient EMS at risk of unauthenticated code execution
CVE-2026-35616 puts FortiClient EMS at risk of unauthenticated code execution Fortinet has disclosed a critical FortiClient EMS vulnerability that defenders sho...
Lucas Oliveira
Research