Netlas.io

CVE-2026-44494: Full Man-in-the-Middle via Prototype Pollution Gadget in Axios, 8.7 rating 🔥 The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows an attacker intercept, read, and modify all outgoing HTTP requests including authentication credentials. 👉 https://t.co/H9coZmNucE

CVE-2026-47783 & CVE-2026-47784: Two SASL vulnerabilities in Memcached, 8.1 rating 🔥 Two new vulnerabilities Memcached allow an attacker to enumerate valid usernames on the system and guess their passwords because password and username data for SASL password database authentication has a timing side channel. 👉 https://t.co/OE9j7NlJFj

CVE-2026-34908, CVE-2026-34909 & CVE-2026-34910: Vulnerabilities in Ubiquiti UniFi OS, 10.0 rating 🔥🔥🔥 Three new vulnerabilities in Ubiquiti UniFi OS allow an network attacker to make unauthorized changes, access files and execute arbitrary command. It may cause to full device compromise. 👉 https://t.co/N82DoduEXg

CVE-2026-46354: Token theft in Coder, 9.1 rating 🔥 New vulnerability in Coder allows an attacker on any Azure VM to steal an agent session token, and with the stolen token get access to Git SSH private key, OAuth access tokens or workspace secrets. 👉 https://t.co/xMMA6BKw9w

CVE-2026-44789, CVE-2026-44790 & CVE-2026-44791: 3 new vulnerabilities in n8n, 9.4 rating 🔥 Recently disclosed vulnerabilities in n8n allow an attacker to read arbitrary files from the server, achieve global prototype pollution and bypass the patch for previous vulnerability (CVE-2026-42232). 👉 https://t.co/msIU7eVNWK

CVE-2026-42945: 18-Year-Old vulnerability in NGINX, 9.2 rating 🔥 Heap buffer overflow vulnerability in NGINX Plus and NGINX Open Source allows an unauthenticated attacker to lead NGINX worker process to restart by sending crafted HTTP requests. Additionally, in some cases code execution is possible. This vulnerability is already being actively exploited in the wild! 👉 https://t.co/MfEG7oaIx2

CVE-2026-42897: Microsoft Exchange Server spoofing vulnerability, 8.1 rating 🔥 New spoofing vulnerability in on-premise Microsoft Exchange Server hits OWA and allows an unauthorized attacker to execute malicious code by sending a specially crafted email to a user. This vulnerability is already being actively exploited in the wild! 👉 https://t.co/5PCkSgE4XD

CVE-2026-44194 & CVE-2026-45158: Two RCE vulnerabilities in OPNsense, 9.1 rating 🔥 Two vulnerabilities in OPNsense allows an authenticated attacker to execute arbitrary code as root on the firewall host via User management system (CVE-2026-44194) and DHCP Config (CVE-2026-45158). PoC already available! 👉 https://t.co/oPPTESLZry

CVE-2026-29202 & CVE-2026-29203: Two vulnerabilities in cPanel, 8.8 rating 🔥 The first vulnerability in cPanel allows an attacker to execute arbitrary commands directly on the server via Perl injection (CVE-2026-29202). The second one (CVE-2026-29203) leads to denial of service and possible privilege escalation. 👉 https://t.co/MAR942W9Yy

CVE-2026-23870: DoS in React Server Components, 7.5 rating 🔥 DoS vulnerability in React Server Components allows an attacker to disable the web application by exhausting server resources. This vulnerability requires a specific architectural setup to be exploited. 👉 https://t.co/iNBWmQ5i4t