May 23, 2026 Drupal has confirmed that a highly critical SQL injection vulnerability (CVE-2026-9082) in its core database abstraction API is now under active attack. Disclosed on May 18, 2026, the flaw allows unauthenticated remote attackers to execute arbitrary SQL commands against Drupal sites running on PostgreSQL, with potential for remote code execution, privilege escalation, […]
Trend Micro Apex One Zero-Day Under Active Exploit
May 22, 2026 On May 22, 2026, Trend Micro disclosed a zero-day vulnerability in its enterprise endpoint protection platform, Apex One. The flaw is actively being exploited in the wild. Tracked as CVE-2026-34926, it is a directory traversal vulnerability in the on-premises Apex One server. The vulnerability allows a local attacker with administrative credentials to […]
Apache HTTP Server Double-Free Vulnerability
May 10, 2026 The Apache Software Foundation released an emergency security patch on May 5, 2026, to address CVE-2026-23918, a critical HTTP/2 double-free vulnerability in the Apache HTTP Server that enables remote code execution (RCE). With a CVSS v3.1 score of 8.8/10, this memory corruption flaw affects approximately 70% of web servers globally, particularly Linux-based […]
Dirty Frag Linux Kernel Vulnerability Grants Root Access
May 8, 2026 A critical local privilege escalation vulnerability known as Dirty Frag (CVE-2026-43284) has been disclosed, affecting the Linux kernel’s xfrm-ESP subsystem. First reported to the Linux kernel maintainers on April 30, 2026, this vulnerability enables unauthorized users to escalate to root privileges on major Linux distributions, including Ubuntu, Debian, Cloud Linux, and others. […]