18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
What's new: A critical vulnerability, CVE-2026-42945, has been identified in NGINX's rewrite module, allowing unauthenticated remote code execution (RCE). This...
Year: 2026
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
What's new: Three malicious versions of the Node-IPC package (versions 11.10.2, 11.10.3, and 11.10.4) have been identified, containing a stealer...
NSAuditor AI EE 0.5.4 Closes the v0.5.x Line — Cross-Plugin Thread H §7.5 (KMS-Promoter Map-Form Signature Hardening) + §8 (Operator-Config DoS Caps); Clean Reviewer Pass
What's new: Nsasoft US LLC has shipped NSAuditor AI Enterprise Edition 0.5.4 — the final v0.5.x close-out cycle and the...
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
What's new: A new local privilege escalation (LPE) vulnerability in the Linux kernel, tracked as CVE-2026-46300 with a CVSS score...
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
What's new: CISA has added CVE-2026-20182, a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, to its Known Exploited...
