Windows HTTP.sys Integer Overflow Enables Unauthenticated RCE, "Exploitation More Likely" (CVE-2026-47291)

Scope: Windows Server (All Supported Versions Running IIS, WinRM, or Other HTTP.sys-Dependent Services)

Severity: Red

Read More

Microsoft Defender "RoguePlanet" Race Condition Zero-Day Grants SYSTEM Privileges on Fully Patched Windows

Scope: Microsoft Windows 10 and Windows 11 (Including June 2026 Patch Tuesday Updates)

Severity: Red

Read More

SolarWinds Serv-U Unauthenticated Denial of Service Added to CISA KEV (CVE-2026-28318)

Scope: SolarWinds Serv-U (All Versions Prior to 15.5.4 HF1)

Severity: High

Read More

Google Chrome V8 Zero-Day Under Active Exploitation (CVE-2026-11645)

Scope: Google Chrome Prior to 149.0.7827.103 (Windows/macOS) and 149.0.7827.102 (Linux), All Chromium-Based Browsers

Severity: Red

Read More

Oracle WebLogic Server Unauthenticated Data Access via T3/IIOP Added to CISA KEV (CVE-2024-21182)

Scope: Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0

Severity: Red

Read More

Cisco Unified Communications Manager SSRF to Root Privilege Escalation via WebDialer (CVE-2026-20230)

Scope: Cisco Unified CM and Unified CM SME (All Versions with WebDialer Enabled)

Severity: Red

Read More