Exim "Dead.Letter" – Unauthenticated RCE via BDAT Use-After-Free in GnuTLS Builds (CVE-2026-45185)

Scope: Exim Versions 4.97 – 4.99.2 (GnuTLS Builds Only – Debian/Ubuntu Default)

Severity: Red

Read More

YellowKey – BitLocker Bypass via Windows Recovery Environment (WinRE) Zero-Day

Scope: Windows 11, Windows Server 2022 and 2025

Severity: Red

Read More

NGINX Rift – 18-Year-Old Heap Buffer Overflow in Rewrite Module Enables Unauthenticated RCE (CVE-2026-42945)

Scope: NGINX Open Source 0.6.27 – 1.30.0 / NGINX Plus R32 – R36

Severity: Red

Read More

GreenPlasma – Windows CTFMON Arbitrary Section Creation Zero-Day LPE

Scope: Windows 11, Windows Server 2022, 2025, and 2026

Severity: High

Read More

Fragnesia – Linux Kernel Local Privilege Escalation via XFRM ESP-in-TCP (CVE-2026-46300)

Scope: Linux Kernel (All Distributions – Kernels Released Before May 13, 2026)

Severity: Red

Read More

cPanel & WHM Authentication Bypass Actively Exploited to Deploy Filemanager Backdoor (CVE-2026-41940)

Scope: cPanel & WebHost Manager (WHM) – All Versions After 11.40

Severity: Red

Read More