#active exploitation
13 stories taggedactive exploitation.
Oracle E-Business Suite Payments Bug Hits CVSS 9.8, Already Being Hit
CVE-2026-46817 lets unauthenticated attackers take over Oracle Payments. Exploitation is happening now.
CVE-2025-67038: Lantronix Serial-to-IP Flaw Moves From Research to Active Exploitation
A vulnerability disclosed through the BRIDGE:BREAK project is now seeing exploitation in the wild, raising fresh concerns about attacker interest in operational technology network edges.
Cisco Unified CM SSRF Flaw Hits Active Exploitation Three Weeks After Patch Drop
A file-write chain rooted in CVE-2026-20230 is now being probed in the wild. PoC was already public when Cisco shipped the fix.
Cisco Unified CM Bug Under Active Exploit After PoC Drops Root File-Write Chain
CVE-2026-20230 (CVSS 8.6) lets unauthenticated attackers smuggle crafted HTTP requests into Unified CM. Cisco's PSIRT confirms in-the-wild attempts following public PoC release.
Cisco Patches Catalyst SD-WAN Manager Bug Already Seeing In-the-Wild Abuse
CVE-2026-20262 lets an authenticated remote user write files on the appliance. Cisco confirms exploitation. Severity is rated medium, but the access it enables is not.
Langflow Path Traversal Under Active Exploitation, No Patch Available
CVE-2026-5027 lets unauthenticated attackers write arbitrary files on Langflow servers. In-the-wild exploitation is being tracked now.
Check Point Confirms Active Exploitation of IKEv1 Cert-Bypass Flaw in Remote Access VPN
CVE-2026-50751 lets unauthenticated attackers slip past authentication on gateways still running the deprecated IKEv1 key exchange. Patch is out. Exploitation is not theoretical.
Cisco SD-WAN Manager Bug Under Active Exploit, No Fix Yet
CVE-2026-20245 affects on-prem and FedRAMP deployments. Cisco confirms exploitation in the wild while customers wait on a patch.
Attackers Hammer WP Maps Pro Flaw to Mint Admin Accounts on WordPress Sites
A critical bug in the 15,000-install Envato plugin is being weaponized in the wild to seed rogue administrators.
Palo Alto GlobalProtect Auth Bypass Hits Live Exploitation
CVE-2026-0257 lets attackers stand up unauthorized VPN sessions against PAN-OS and Prisma Access. Patches are out. So are the exploits.
Two Defender flaws under active exploitation, Microsoft confirms
A SYSTEM-level link-following bug and a denial-of-service issue in Microsoft Defender are both being abused in the wild.
CISA Flags Exploited Drupal SQL Injection Flaw. Drupal Won't Say Who Got Hit.
CVE-2026-9082 is in the Known Exploited Vulnerabilities catalog. The advisory mentions active exploitation. It does not mention victims, telemetry, or how anyone found out.
LiteSpeed cPanel Plugin Flaw Hands Root to Any Logged-In User, and the Vendor Won't Say How Many Hosts Are Hit
CVE-2026-48172 carries a CVSS of 10.0, is already being exploited, and LiteSpeed has not answered three questions about exploitation telemetry.