Vulnerebility Blog 2026- 2026 2025 2024 2023 2022 2021 2020 2019 2018
APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
DATE | NAME |
Info | CATEG. |
WEB |
| 1.2.26 | Microsoft Office vulnerability (CVE-2026-21509) in active exploitation | On January 26, 2026, Microsoft released an out-of-band update to address a high-severity (CVSS score of 7.8) vulnerability affecting multiple Microsoft Office products. This vulnerability, tracked as CVE-2026-21509, is being actively exploited in the wild and has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog. | Vulnerebility blog | SOPHOS |
| 1.2.26 | Fortinet Under Fire: Why Your Network Edge Remains Attackers' Favorite Entry Point | Fortinet’s January patch for CVE-2025-59718 didn’t hold. On January 21, FortiGate admins began reporting that patched systems were still being exploited. Two days later, Fortinet confirmed the patch had failed to fully remediate the vulnerability. As reported by BleepingComputer, Fortinet is now recommending that admins restrict administrative access and disable FortiCloud SSO while they work on a follow-up fix. | Vulnerebility blog | Eclypsium |
| 1.2.26 | Fortinet Under Fire: Why Your Network Edge Remains Attackers' Favorite Entry Point | Fortinet’s January patch for CVE-2025-59718 didn’t hold. On January 21, FortiGate admins began reporting that patched systems were still being exploited. Two days later, Fortinet confirmed the patch had failed to fully remediate the vulnerability. As reported by BleepingComputer, Fortinet is now recommending that admins restrict administrative access and disable FortiCloud SSO while they work on a follow-up fix. | Vulnerebility blog | Eclypsium |
| 1.2.26 | The Week in Vulnerabilities: Cyble Urges Oracle, OpenStack Fixes | Oracle, OpenStack, SAP, Salesforce and ServiceNow are among the high-profile enterprise products with vulnerabilities in need of attention by security teams. | Vulnerebility blog | Cyble |
| 1.2.26 | "Ni8mare" - RCE Vulnerability in N8n AI Workflow Automation (CVE-2026-21858) | The SonicWall Capture Labs threat research team became aware of a Critical unauthenticated file read vulnerability in n8n – a flexible AI workflow automation platform, assessed their impact, and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 1.2.26 | Multiple vulnerabilities in SolarWinds Web Help Desk Leading to RCE: CVE-2025-40551 | The SonicWall Capture Labs threat research team became aware of a critical vulnerability chain in SolarWinds Web Help Desk (WHD), assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 1.2.26 | Foxit, Epic Games Store, MedDreams vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, al | Vulnerebility blog | CISCO TALOS |
| 1.2.26 | Microsoft releases update to address zero-day vulnerability in Microsoft Office | Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild. | Vulnerebility blog | CISCO TALOS |
| 1.2.26 | Bypassing Windows Administrator Protection | A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. | Vulnerebility blog | Project Zero |
| 24.1.26 | Foxit, Epic Games Store, MedDreams vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, al | Vulnerebility blog | CISCO TALOS |
| 17.1.26 | Executive Summary Check Point Research identified active, large-scale exploitation of CVE-2025-37164, a critical remote code ... | Vulnerebility blog | CHECKPOINT | |
| 17.1.26 | Threat Brief: MongoDB Vulnerability (CVE-2025-14847) | On Dec. 19, 2025, MongoDB publicly disclosed MongoBleed, a security vulnerability (CVE-2025-14847) that allows unauthenticated attackers to leak sensitive heap memory by exploiting a trust issue in how MongoDB Server handles zlib-compressed network messages. This flaw occurs prior to authentication, meaning an attacker only needs network access to the database's default port to trigger it. | Vulnerebility blog | Palo Alto |
| 17.1.26 | Analyzing React2Shell Threat Actors | In this installment of the Sensor Intel Series, we provide an analysis of the most exploited vulnerabilities, highlighting trends and significant activity, with a deep-dive into React2Shell exploitation attempts, methods and tactics. This article focuses on the top 10 CVEs, their rankings, and long-term trends, offering insights into the evolving threat landscape. | Vulnerebility blog | F5 |
| 10.1.26 | The Week in Vulnerabilities: 2026 Starts with 100 PoCs and New Exploits | The year may be a little more than a week old, but threat actors have already amassed nearly 100 Proof of Concepts and newly exploited vulnerabilities. | Vulnerebility blog | |
| 10.1.26 | Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915) | A critical authentication bypass flaw, CVE-2025-13915, affects IBM API Connect. Singapore issues alert as IBM releases fixes. | Vulnerebility blog | |
| 10.1.26 | Fortinet Under Fire: Why Your Network Edge Remains Attackers' Favorite Entry Point | CVE-2020-12812, a five-year-old authentication bypass flaw that should have been relegated to history, is being actively exploited. Coming on the heels of two brand-new SAML authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) discovered in late 2025, Fortinet administrators must be on high alert and work to remediate them as quickly as possible, as the trend of network device exploitation is continuing. | Vulnerebility blog | Eclypsium |
| 10.1.26 | MongoBleed MongoDB SBE Use-After-Free (CVE-2025-6706 / CVE-2025-14847) | SonicWall Capture Labs threat research team became aware of the threats CVE-2025-6706 and CVE-2025-14847, assessed their impact, and developed mitigation measures for these vulnerabilities. CVE-2025-6706, also known as MongoDB SBE Use-After-Free, is a critical memory corruption vulnerability affecting MongoDB Server in versions 7.0.0 through 7.0.16. | Vulnerebility blog | SonicWall |