NGINX Rift – 18-Year-Old Heap Buffer Overflow in Rewrite Module Enables Unauthenticated RCE (CVE-2026-42945)

Scope: NGINX Open Source 0.6.27 – 1.30.0 / NGINX Plus R32 – R36

Severity: Red

Read More

Exim "Dead.Letter" – Unauthenticated RCE via BDAT Use-After-Free in GnuTLS Builds (CVE-2026-45185)

Scope: Exim Versions 4.97 – 4.99.2 (GnuTLS Builds Only – Debian/Ubuntu Default)

Severity: Red

Read More

cPanel & WHM Authentication Bypass Actively Exploited to Deploy Filemanager Backdoor (CVE-2026-41940)

Scope: cPanel & WebHost Manager (WHM) – All Versions After 11.40

Severity: Red

Read More

"Mini Shai-Hulud" Supply Chain Worm Compromises TanStack, Mistral AI, and 170+ npm/PyPI Packages (CVE-2026-45321)

Scope: npm (@tanstack, @mistralai, @uipath, @squawk, and others) / PyPI (mistralai, guardrails-ai)

Severity: Red

Read More

Checkmarx Jenkins AST Plugin Backdoored by TeamPCP in Third Supply Chain Attack

Scope: Checkmarx Jenkins AST Plugin (Version 2026.5.09)

Severity: Red

Read More

Ollama "Bleeding Llama" Heap Memory Leak Exposing LLM API Keys (CVE-2026-7482)

Scope: Ollama (Versions Prior to 0.17.1 / Windows Prior to 0.23.0)

Severity: Red

Read More