ZDI-26-312: Apple Safari Web Inspector WebCore Style Resolver Use-After-Free Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to... 13/05/2026 Zero-Day Initiative
ZDI-26-311: Apple macOS CoreSymbolication Out-Of-Bounds Read Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreSymbolication framework... 13/05/2026 Zero-Day Initiative
ZDI-26-310: Microsoft Windows splwow64 Race Condition Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the... 13/05/2026 Zero-Day Initiative
ZDI-26-309: Microsoft Windows Message Queueing Double Free Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows that run Message Queueing. An attacker... 13/05/2026 Zero-Day Initiative
ZDI-26-308: Ivanti Endpoint Manager RemoteControlAuth Exposed Dangerous Method Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. Although authentication is required... 13/05/2026 Zero-Day Initiative
Ollama Heap Out-of-bounds Read Vulnerability Leads to Remote Process Memory Leak (CVE-2026-7482) Threat researchers have identified a critical severity vulnerability impacting Ollama. Tracked as CVE-2026-7482, successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to... 12/05/2026 Qualys-Threat-Protect
Ivanti Endpoint Manager Mobile Vulnerability Exploited in the Wild (CVE-2026-6973) Ivanti released security updates to address five high-severity vulnerabilities impacting Endpoint Manager Mobile (EPMM). One of these vulnerabilities, tracked as CVE-202606973, is said to be exploited in zero-day attacks.... 08/05/2026 Qualys-Threat-Protect
vm2 Sandbox Escape Vulnerability Allows Attackers to Execute Code (CVE-2026-26956) Security researchers have identified a critical severity vulnerability impacting the popular Node.js sandboxing library vm2. Tracked as CVE-2026-26956, successful exploitation of the vulnerability allows an attacker to escape the sandbox and execute arbitrary... 07/05/2026 Qualys-Threat-Protect
Apache Addresses Multiple Vulnerabilities Impacting the HTTP Server Apache has released security updates for the HTTP Server, addressing several security vulnerabilities. One of the vulnerabilities, tracked as CVE-2026-23918, can result in remote code execution. The Apache HTTP Server,... 07/05/2026 Qualys-Threat-Protect
PAN-OS User-ID Authentication Portal Vulnerability Exploited in Attacks (CVE-2026-0300) Palo Alto has warned its users about the active exploitation of a vulnerability in the Palo Alto User-ID Authentication Portal (aka Captive Portal) service running on... 07/05/2026 Qualys-Threat-Protect