VulnCheck
Coverage of VulnCheck in the Nexus archive.
- Attackers are exploiting Palo Alto Networks defect that initially flew under the radar
Palo Alto Networks' CVE-2026-0257 vulnerability, initially rated medium severity, was escalated to critical after active exploitation was confirmed. Attackers exploit the flaw to bypass authentication and establish unauthorized VPN connections, leveraging a publicly available TLS certificate to forge valid authentication cookies.
- NGINX Rift attackers waste no time targeting exposed servers
A newly disclosed NGINX bug, dubbed 'NGINX Rift', is being actively exploited by attackers, with over 5.7 million internet-exposed servers potentially vulnerable. The bug, assigned a CVSS score of 9.2, can cause a crashed worker process and forced restart, and potentially allow code execution in certain configurations. Researchers are seeing active exploitation attempts just days after the CVE was published.
- NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A security flaw in NGINX Plus and NGINX Open is being actively exploited, causing worker crashes and possible remote code execution. The vulnerability, tracked as CVE-2026-42945, has a CVSS score of 9.2 and affects NGINX versions 0.6.27 through 1.30.0. The exploitation was reported by VulnCheck and depthfirst.
- Ivanti customers confront yet another actively exploited zero-day
Ivanti customers are being targeted by attackers exploiting a zero-day vulnerability in Ivanti Endpoint Manager Mobile, with limited exploitation reported. The company has released patches for five high-severity vulnerabilities, including the zero-day defect. Ivanti warned customers of the threat and suggested rotating credentials to reduce risk.
- MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Threat actors are exploiting a critical security flaw in MetInfo CMS, specifically CVE-2026-29014, which allows for remote code execution attacks. The vulnerability affects MetInfo CMS versions 7.9, 8.0, and 8.1. This flaw has a high CVSS score of 9.8.
- ‘Copy Fail’ is a real Linux security crisis wrapped in AI slop
A Linux vulnerability known as 'Copy Fail' is being actively exploited, allowing attackers to gain total control of a system with authenticated local access. The vulnerability was discovered by Theori using AI and affects Linux kernels built since 2017. Patches have been issued for major Linux distributions.