Blog

CISA added CVE-2008-0015 to its Known Exploited Vulnerabilities catalog on February 17, 2026, confirming active exploitation of a critical stack-based buffer overflow in Microsoft's Video ActiveX control that allows complete system takeover via a malicious webpage.

A trivially exploitable command-injection vulnerability in the React Native CLI's Metro development server is being actively exploited in the wild. CISA has added CVE-2025-11953 to its Known Exploited Vulnerabilities catalog — here's what every React Native team needs to know right now.

A critical authentication bypass in OpenSSH (CVE-2025-26465) has lurked undetected since 2014, allowing attackers to impersonate any SSH server when a rarely-enabled option is configured. The vulnerability affects all releases from 6.8p1 through 9.9p1.

Microsoft patched CVE-2026-20805, a Desktop Window Manager information disclosure flaw actively exploited to defeat memory protections. CISA added it to the KEV catalog, requiring federal agencies to patch by February 3, 2026.

A critical vulnerability dubbed 'MongoBleed' allows unauthenticated attackers to extract sensitive data from MongoDB server memory through malformed Zlib headers. CISA confirms active exploitation in the wild.

A critical command injection flaw in DigiEver surveillance devices is being actively exploited by multiple botnets. The vendor has refused to patch, leaving thousands of devices permanently vulnerable.

A maximum-severity (CVSS 10.0) vulnerability in React Server Components is being actively exploited by Chinese state-sponsored actors and ransomware groups. The flaw allows unauthenticated remote code execution on servers running default configurations of Next.js and other React frameworks.

A critical authentication bypass in Kentico Xperience CMS lets attackers log in with only a username, chain to file-write, and execute code. Fixed in 13.0.178; CISA confirms active exploitation since Dec 2024.