Contribute to V4bel/dirtyfrag development by creating an account on GitHub.
CVE-2026-0300 exploited via public PAN-OS portal before May 13, 2026 patch, enabling root RCE on firewalls.
Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace trust.
Copy Fail (CVE-2026-31431): a 732-byte Linux LPE — straight-line, no race, no per-distro offsets. Same Python script roots Ubuntu, Amazon Linux, RHEL, SUSE since 2017. Page-cache write bypasses on-disk file-integrity tools and crosses container boundaries. Found by Xint Code.
A security vulnerability has been identified in Notepad++, one of the most widely used open-source text editors among developers and IT professionals.
A CVSS 8.7 vulnerability in GitHub Enterprise Server allows remote code execution. Read the threat brief and find vulnerable GHES instances from Wiz.
Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious npm code
AI security tools help Firefox uncover and fix hundreds of vulnerabilities, shifting the balance against zero-day exploits.
Two Composer flaws (CVE-2026-40176, CVE-2026-40261) allow command execution via Perforce configurations, prompting urgent updates.
A security researcher operating under the alias Chaotic Eclipse (@ChaoticEclipse0) has publicly dropped a working zero-day local privilege escalation (LPE) exploit for Windows, dubbed BlueHammer, along with full proof-of-concept (PoC) source code on GitHub. The disclosure was confirmed by vulnerability researcher Will Dormann, who…Read more →
Cisco patches two 9.8 CVSS flaws (CVE-2026-20093, CVE-2026-20160), preventing authentication bypass and root access.
766 hosts breached via CVE-2025-55182 in Next.js apps, enabling mass credential theft and targeted follow-on attacks.
Critical vulnerabilities in Veeam Backup & Replication could allow authenticated users to execute code on backup servers, prompting calls for urgent patching.
APT28 exploited CVE-2026-21513, an MSHTML zero-day (CVSS 8.8), using malicious LNK files to bypass security controls and execute code.