CVE Tools

Stories that broke today.

Every article references at least one CVE. Curated from tier-1 vendor blogs, threat-intel labs, and security newsrooms. Updated continuously.

RSS
YesterdayWed, Jul 1514 stories
11:071 d ago
The Hacker News Summary only PoC Chaotic Eclipse

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

A security researcher known as Chaotic Eclipse has published a proof-of-concept (PoC) exploit for a new Windows elevation of privilege vulnerability dubbed LegacyHive. The flaw resides in the Windows User Profile Service and enables attackers to load arbitrary hive files, potentially escalating privileges. Notably, the exploit works across all supported desktop and server versions of Windows, even those updated with the July 2026 Patch Tuesday release. This follows ongoing tensions between the researcher and Microsoft over premature disclosures of other vulnerabilities.

11:021 d ago
SecurityWeek Summary only Patch

Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow

Fortinet, Ivanti, and ServiceNow have issued patches for a total of 15 vulnerabilities affecting their products. Among them is a critical remote code execution flaw in ServiceNow's AI platform (CVE-2026-6875), which could be exploited without authentication. Ivanti addressed two issues in its Xtraction tool (CVE-2026-14902 and CVE-2026-14903), involving open redirect and path traversal risks. Fortinet published 11 advisories covering multiple products like FortiOS and FortiSandbox, fixing high-severity bugs that could lead to information disclosure and unauthorized access. None of the companies reported active exploitation of these flaws.

10:551 d ago
The Hacker News Summary only

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

A critical vulnerability in the Cursor IDE allows attackers to execute arbitrary code on Windows systems by placing a malicious git.exe file in the root of a cloned repository. When opened, Cursor automatically executes this file without any user interaction or warnings, potentially leading to full system compromise. The flaw was reported to Cursor in December 2025 but remains unpatched as of July 2026. Multiple other vendors have faced similar issues, with some dismissing the risk entirely. Users are advised to use workarounds such as AppLocker rules or virtual machines until a fix is available.

10:201 d ago
Help Net Security Summary only Exploited

AI-driven bug hunting fuels record Microsoft Patch Tuesday

Microsoft addressed over 570 vulnerabilities in its July 2026 Patch Tuesday update, including two actively exploited flaws—CVE-2026-56155 and CVE-2026-56164—and one previously disclosed issue, CVE-2026-50661. Among these, CVE-2026-56164 is a critical elevation of privilege vulnerability in SharePoint Server that allows remote exploitation with low complexity. Attackers are already leveraging this flaw, prompting urgent calls for patching. Microsoft also warned about another unpatched Windows EoP vulnerability, CVE-2026-56155, which affects ADFS and is being used in real-world attacks. CISA and other agencies have emphasized the need for rapid remediation and additional hardening measures.

09:441 d ago
BleepingComputer Summary only Exploited

CISA warns admins to patch actively exploited SharePoint flaws

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that attackers are actively exploiting three critical vulnerabilities in on-premises SharePoint Server deployments. These flaws—CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164—affect all supported self-hosted versions, including the latest Subscription Edition. Attackers are leveraging these issues to bypass authentication, execute arbitrary code remotely, and maintain persistence by deploying malware. CISA urges administrators to apply available patches immediately and implement additional hardening measures to reduce risk.

07:242 d ago
SecurityWeek Summary only PoC

Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates

Google and Mozilla have issued urgent updates for Chrome 150 and Firefox 152 to address multiple high- and critical-severity vulnerabilities. Firefox 152.0.6 resolves two critical flaws—CVE-2026-15718 and CVE-2026-15719—with proof-of-concept exploits already made public. Chrome’s update addresses 15 total issues, including two critical use-after-free bugs in Ozone. Both companies urge users to upgrade immediately to avoid potential exploitation.

05:302 d ago
The Hacker News Summary only Exploited

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

SonicWall has confirmed that two unpatched vulnerabilities affecting its Secure Mobile Access (SMA) 1000 series appliances are being actively exploited. The flaws, tracked as CVE-2026-15409 and CVE-2026-15410, allow attackers to perform SSRF attacks and execute arbitrary commands with administrative privileges. These issues have already been targeted in real-world attacks, prompting urgent calls for users to update their systems. SonicWall recommends applying version 12.4.3-03453 or later to mitigate risks.

05:192 d ago
SecurityWeek Summary only Exploited

SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits

SonicWall has issued an urgent warning that two zero-day vulnerabilities are being actively exploited against its SMA1000 secure remote access appliances. The flaws, CVE-2026-15409 and CVE-2026-15410, affect specific versions and could allow attackers to perform SSRF attacks or execute arbitrary commands. Customers are advised to apply the latest hotfixes immediately to mitigate risk.

Earlier this weekFri, Jul 10 – Wed, Jul 1516 stories
Tue2 d ago
Ars Technica (Security) Source-only

Microsoft’s Secure Boot has been broken for a decade and no one noticed until now

Researchers at ESET have uncovered a critical flaw in Microsoft’s Secure Boot implementation, which has been vulnerable to bypass for over a decade due to unrevoked firmware 'shims' signed by the company. These shims, originally designed to support Linux and utility software, remain trusted despite known vulnerabilities and can be exploited to install malicious firmware on both Windows and Linux devices. The issue affects UEFI-based systems and highlights weaknesses in how Secure Boot is managed. Microsoft addressed the problem in its June 2026 update, but users are advised to verify their revocation status using tools like uefi-dbx-audit.

Tue2 d ago
Dark Reading Source-only Exploited

Records Are Made to Be Broken: Patch Tuesday Raises Triage Stakes

Microsoft issued its largest-ever Patch Tuesday update on July 14, 2026, addressing 622 unique CVEs across multiple products. Three of these are zero-day vulnerabilities currently being exploited in the wild, with two already under active attack. Among the top priorities are CVE-2026-56155 and CVE-2026-56164, both marked as exploited by CISA and affecting Active Directory Federation Services and SharePoint Server. Experts warn that the sheer volume of flaws—many with high CVSS scores—poses a major challenge for organizations to triage and patch effectively.

Tue2 d ago
BleepingComputer Summary only Exploited

SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

SonicWall has issued a warning that two critical vulnerabilities in its SMA1000 Appliance are currently being exploited in real-world attacks. The flaws, identified as CVE-2026-15409 (CVSS 10.0) and CVE-2026-15410 (CVSS 7.2), enable remote attackers to perform server-side request forgery and execute arbitrary commands after authentication. These issues affect specific SMA1000 models running outdated firmware versions. SonicWall urges users to apply the latest hotfixes immediately to prevent potential breaches. CISA has also listed these vulnerabilities in its KEV catalog due to their active exploitation.

Tue2 d ago
Qualys Security Blog Patch

Microsoft and Adobe Patch Tuesday, July 2026 Security Update Review

Microsoft and Adobe have jointly released a major round of security patches as part of their July 2026 Patch Tuesday update cycle. These updates resolve over 570 vulnerabilities across a wide array of products, including Windows, Microsoft Edge, Microsoft Defender, Microsoft Exchange Server, and various Adobe applications like Animate, ColdFusion, and Illustrator. Among the patched issues are three zero-days, two of which were actively exploited in attacks. The scale and severity of these fixes underscore the importance of timely patching to prevent potential exploitation.

Tue2 d ago
Cisco Talos Exploited

Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities

On July 14, 2026, Microsoft issued its monthly security update, addressing 622 vulnerabilities across multiple products, with 57 classified as 'critical.' Among these, two have already been exploited in the wild. The most notable include CVE-2026-56155, an elevation of privilege flaw in Active Directory Federation Services (AD FS), and CVE-2026-56164, a spoofing vulnerability in SharePoint Server. The update covers a wide range of services and applications, such as Windows DHCP Server, Microsoft Office, and Minecraft Bedrock Dedicated Server. Cisco Talos has also published new Snort rules to detect exploitation attempts.

Tue2 d ago
The Hacker News Summary only Exploited

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft issued its largest-ever Patch Tuesday update, addressing 622 vulnerabilities, including two zero-day flaws currently being exploited in the wild. The most urgent fixes address CVE-2026-56164 in SharePoint Server and CVE-2026-56155 in Active Directory Federation Services. Both allow privilege escalation and are already being used by attackers. These bugs were reported by incident response teams, indicating real-world exploitation. While neither is a high-severity remote code execution flaw, their impact on core enterprise infrastructure makes them critical to patch immediately.

Tue2 d ago
Krebs on Security Source-only Exploited

Microsoft Patches a Record 570 Security Flaws

Microsoft has issued a record-breaking 570 security patches this month, addressing critical vulnerabilities in Windows, Active Directory Federation Services, SharePoint, BitLocker, and Copilot. Among these are three actively exploited zero-day flaws, including two elevation of privilege bugs such as CVE-2026-56155 and CVE-2026-56164. Nearly 60 of the patched issues were deemed 'critical' due to their potential for remote code execution or system takeover without user interaction. The surge in patch counts is attributed to AI-driven vulnerability discovery, prompting concerns about the need for updated exploitability assessments that account for AI's accelerating threat landscape.

Tue2 d ago
SANS Internet Storm Center Exploited

Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Here

Microsoft's July 2026 Patch Tuesday release covers a massive 622 vulnerabilities, with 62 classified as critical. Among these, two have already been exploited in the wild, while another has been publicly disclosed. The update affects multiple products including Windows, Azure, .NET, SharePoint, Edge, Active Directory, and DHCP Server. Notably, CVE-2026-56155 and CVE-2026-56164 are already being exploited, though they are rated as important or moderate in severity. Additionally, CVE-2026-54128, a critical remote code execution flaw in the Windows DHCP Client, could be leveraged via malicious networks, making it particularly relevant for public Wi-Fi environments. With such a high volume of patches, organizations are reminded that their patching process does not necessarily need to become significantly longer—many products remain consistent in scope despite the increased number of fixes.

Tue2 d ago
SecurityWeek Summary only Exploited

Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days

Microsoft has issued a record number of security patches—622 total—during its July 2026 Patch Tuesday update cycle. Among these, two critical zero-day vulnerabilities were confirmed to be exploited in the wild. These include CVE-2026-56155 affecting Active Directory Federation Services and CVE-2026-56164 impacting SharePoint Server, both enabling privilege escalation attacks. Other notable issues addressed involve Windows VMSwitch, Remote Desktop Protocol, and Exchange Server. This extensive patch release highlights the growing pace of vulnerability discovery, driven in part by AI tools like Microsoft's MDASH.

Tue2 d ago
The Hacker News Summary only Patch

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP has issued security updates for multiple high-severity vulnerabilities discovered in its products during the July 2026 patch cycle. Among them is CVE-2026-44747, a critical out-of-bounds write flaw in the SAP NetWeaver Application Server ABAP with a CVSS score of 9.9. This flaw could allow an authenticated attacker to manipulate memory and potentially gain unauthorized access to or modify sensitive data. Two additional critical issues were also resolved: a request smuggling vulnerability in SAP Approuter (CVE-2026-27690) and a default credentials issue in SAP Commerce Cloud (CVE-2026-44761). While no active exploitation has been reported, SAP urges users to apply the latest patches immediately to mitigate potential risks.

Tue2 d ago
BleepingComputer Summary only Exploited

Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days

Microsoft has issued its July 2026 Patch Tuesday update, addressing a record-breaking 570 security vulnerabilities across multiple products, including three zero-day flaws—two of which are being actively exploited in attacks. The patched software includes .NET, Office, Windows, Edge, Azure services, Exchange Server, and SQL Server. Among the critical issues is a remotely exploitable flaw in SharePoint Server and an elevation-of-privilege vulnerability in Active Directory Federation Services. Organizations are strongly advised to apply these updates immediately to mitigate potential exploitation risks.

Tue2 d ago
Help Net Security Summary only Exploited

SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)

SonicWall has addressed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) impacting its Secure Mobile Access (SMA) 1000 Series appliances. These flaws were being used together in real-world attacks, allowing unauthenticated attackers to trigger SSRF and authenticated users to execute arbitrary code. Customers are advised to apply the latest firmware updates and check for signs of compromise. SonicWall also recommends additional post-patch actions like password resets and TOTP token regeneration.

Tue2 d ago
SecurityWeek Summary only Patch

Adobe Patches Critical ColdFusion Vulnerabilities

Adobe has issued security updates for 12 products to resolve 88 vulnerabilities, including several critical flaws in ColdFusion, Commerce, Experience Manager, and Illustrator. Among the 13 issues fixed in ColdFusion, eight are rated critical and could allow attackers to execute arbitrary code or escalate privileges. These include path traversal, code injection, and SQL injection vulnerabilities. Adobe recommends applying the latest updates immediately, particularly for ColdFusion 2025 update 11 and ColdFusion 2023 update 22. The company also addressed multiple high-severity issues in other software such as Commerce, Experience Manager, and Creative Cloud applications.

Tue2 d ago
SecurityWeek Summary only Patch

7 Severe Vulnerabilities Patched in VMware Avi Load Balancer

Broadcom has issued new updates for the VMware Avi Load Balancer to address seven severe vulnerabilities, including a critical authentication bypass flaw and multiple high-severity issues that could lead to privilege escalation or remote code execution. The flaws were reported by researchers Filip Waeytens and Lang Khuong Duy, who identified risks such as unauthorized access, arbitrary code execution, and directory traversal attacks. While no active exploitation has been observed, experts recommend applying the latest patches due to the potential risk posed by these vulnerabilities.

Tue2 d ago
The Hacker News Summary only PoC

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

Researchers have revealed two critical access control flaws in RabbitMQ that could allow attackers to steal OAuth client secrets and bypass tenant isolation. The vulnerabilities, tracked as CVE-2026-57219 and CVE-2026-57221, were present since early 2024 and affect multiple versions of the message broker. Attackers could exploit these issues to gain administrative control or access cross-tenant metadata without proper authorization. Patches are available in versions 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15.

Tue2 d ago
The Hacker News Summary only

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

Researchers have identified 11 outdated, Microsoft-signed UEFI applications that could be exploited to bypass Secure Boot protections on modern systems. These vulnerabilities affect various Linux distributions and bootloaders from vendors including Red Hat, Oracle, and OpenSUSE. Attackers could leverage these flaws to execute arbitrary code during system startup, potentially deploying persistent malware like UEFI bootkits. The issues were addressed in Microsoft's June 2026 Patch Tuesday update and are tracked under CVE-2026-8863 and CVE-2026-10797.