Vulnerability | Breaking Cybersecurity News | The Hacker News

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300 , has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any untrusted network. The severity comes down to 8.7 if access to the portal is restricted to only trusted internal IP addresses. "A buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets," the company said . According to Palo Alto Networks, the vulnerability has come under "limited exploitation," specifically targeting instances where the Use...

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of "double free and possible RCE" in the HTTP/2 protocol handling. This issue affects Apache HTTP Server 2.4.66 and has been addressed in version 2.4.67. Striga.ai co-founder Bartlomiej Dmitruk and ISEC.pl researcher Stanislaw Strzalkowski have been credited with discovering and reporting the vulnerability. When reached for comment, Dmitruk told The Hacker News via email that the severity of CVE-2026-23918 is critical, as it can be exploited to achieve denial-of-service (DoS) and RCE. Additional details of the vulnerability are below - CVE-2026-23918 is a double-free in Apache httpd 2.4.66 mod_http2 , specifically in the stream cleanup path of h2_mplx.c. T...

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. "MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code," the NIST National Vulnerability Database (NVD) states . "Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server." Per security researcher Egidio Romano, who discovered the vulnerability, the problem is rooted in the "/app/system/weixin/include/class/weixinreply.class.php" script, and stems from a lack of adequate sanitization of user...

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security. In the wake of the ClawdBot fiasco — the viral self-hosted AI assistant that’s averaging an eye-watering 2.6 CVEs per day — the Intruder team wanted to investigate how bad the security of AI infrastructure actually is. To scope the attack surface, we used certificate transparency logs to pull just over 2 million hosts with 1 million exposed services. What we found wasn’t pretty. In fact, the AI infrastructure we scanned was more vulnerable, exposed, and misconfigured than any other software we've ever investigated. No authentication by default It didn’t take long to spot an alarming pattern: a signific...

A critical security vulnerability in Weaver (Fanwei) E-cology , an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability ( CVE-2026-22679 , CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the "/papi/esearch/data/devops/dubboApi/debug/method" endpoint that allows an attacker to execute arbitrary commands by invoking exposed debug functionality. "Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system," according to a description of the flaw in the NIST National Vulnerability Database (NVD). The advisory also noted that the Shadowserver Foundation observed the first signs of active exploitation on March 31, 2026. A similar alert published by QiAnXin on M...