Critical-severity advisories
60 alerts in this category.
CVEs and security advisories rated CRITICAL — exploitation is trivial or already observed in the wild and impact is severe. These are the alerts that get prioritized first in any sane vulnerability-management program.
USN-8525-1: curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP redirects in conjunction with .netrc files. An attacker could possibly use this issue to obtain sensitive inform
UbuntuCVE-2024-11053USN-8526-1: libheif vulnerabilities
Xianrui Dong discovered that libheif had an out-of-bounds read in its HEIF sequence track parser. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information
UbuntuCVE-2026-47254Chrome Beta for Desktop Update
Google Chrome Releases published an advisory on "Chrome Beta for Desktop Update". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked under References f
GoogleUSN-8523-1: libsoup vulnerabilities
Eric Su and Samuel Dainard discovered that libsoup incorrectly handled content with zero-length resources. An attacker could possibly use this issue to trigger a buffer over-read, resulting in informa
UbuntuCVE-2026-2369USN-8524-1: Python vulnerability
It was discovered that Python did not use sufficient entropy for Expat hash-flooding protection in the xml.parsers.expat and xml.etree.ElementTree modules. An attacker could use this to cause a denial
USN-8522-1: LibRaw vulnerabilities
It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service. (CVE-2026-5342) I
UbuntuCVE-2026-5342USN-8521-1: Libidn vulnerability
It was discovered that Libidn incorrectly handled certain internationalized domain name strings. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service.
USN-8520-1: Expat vulnerability
It was discovered that Expat used insufficient entropy when generating hash salt values for its internal hash table. An attacker could use this to craft an XML document that triggers hash flooding, le
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware
GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational platform. This blog analyzes how the malware incorporates code from several
MicrosoftChrome Beta for iOS Update
Google Chrome Releases published an advisory on "Chrome Beta for iOS Update". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked under References for t
GoogleChrome Beta for Android Update
Google Chrome Releases published an advisory on "Chrome Beta for Android Update". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked under References f
GoogleUSN-8519-1: Go Cryptography vulnerabilities
Jakub Ciolek and Nicola Murino discovered that Go Cryptography incorrectly handled SSH agent responses. An attacker could use this to cause a denial of service. (CVE-2025-47913) Yuichi Watanabe discov
CVE-2025-47913USN-8492-4: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture
BroadcomCVE-2025-40005USN-8490-2: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture
LinuxCVE-2026-22984Long Term Support Channel Update for ChromeOS
Google Chrome Releases published an advisory on "Long Term Support Channel Update for ChromeOS". Topic areas: google, chrome, browser, patch. Published July 9, 2026. See the original source linked und
GoogleCVE-2026-12467Chrome for Android Update
Google Chrome Releases published an advisory on "Chrome for Android Update". Topic areas: google, chrome, browser, patch. Published July 8, 2026. See the original source linked under References for th
GoogleStable Channel Update for Desktop
Google Chrome Releases published an advisory on "Stable Channel Update for Desktop". Topic areas: google, chrome, browser, patch. Published July 8, 2026. See the original source linked under Reference
GoogleCVE-2026-15112DSA-6384-1 chromium - security update
https://security-tracker.debian.org/tracker/DSA-6384-1
DebianChrome Stable for iOS Update
Google Chrome Releases published an advisory on "Chrome Stable for iOS Update". Topic areas: google, chrome, browser, patch. Published July 8, 2026. See the original source linked under References for
GoogleCVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0281 PAN-OS: Information Disclosure Vulnerability in Management Web Interface (Severity: LOW)". Topic areas: paloalto, firewal
CVE-2026-0281CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0283 PAN-OS: Authentication Bypass Vulnerability in Large Scale VPN (LSVPN) (Severity: MEDIUM)". Topic areas: paloalto, firewa
CVE-2026-0283CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0280 PAN-OS: IPv6 Firewall Policy Bypass (Severity: LOW)". Topic areas: paloalto, firewall, vulnerability. Published July 8, 2
CVE-2026-0280CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing (Severity: MEDIUM)". Topic areas: paloalto, firew
CVE-2026-0287CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability (Severity: LOW)". Topic areas: paloalto, firewall, vulnerab
CVE-2026-0276CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulnerability. Publi
CVE-2026-0286PAN-SA-2026-0010 Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026) (Severity: HIGH)
Palo Alto Networks Security Advisories published an advisory on "PAN-SA-2026-0010 Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026) (Severity: HIGH)". Topic areas: paloalto, firewa
CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities (Severity: LOW)". Topic areas: paloalto, firewall, vulnerabil
CVE-2026-0279CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface (Severity: LOW)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface (Severity: LOW)". Topic areas: paloalto, firewall, vulner
CVE-2026-0282CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent (Severity: HIGH)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent (Severity: HIGH)". Topic areas: paloalto, firewa
CVE-2026-0288CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface (Severity: MEDIUM)". Topic areas: paloalto,
CVE-2026-0285CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows (Severity: MEDIUM)". Topic areas: paloalto, fi
CVE-2026-0278CVE-2026-0277 Prisma Access Agent: Improper Certificate Validation on iOS (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0277 Prisma Access Agent: Improper Certificate Validation on iOS (Severity: MEDIUM)". Topic areas: paloalto, firewall, vulnera
CVE-2026-0277CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) (Severity: MEDIUM)
Palo Alto Networks Security Advisories published an advisory on "CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) (Severity: MEDIUM)". Topic areas: paloalto, firewall, vuln
CVE-2026-0284USN-8518-1: mailcap vulnerability
Aaron Rainbolt discovered that the cautious-launcher utility in the mailcap package did not properly restrict the execution of certain file types. An attacker could use this issue to escape a sandboxe
USN-8516-1: Apache HTTP Server vulnerabilities
It was discovered that Apache HTTP Server's mod_ldap module incorrectly handled memory when processing per-directory configurations. An attacker could use this issue to cause the server to crash, resu
ApacheCVE-2026-29167USN-8517-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2026-20213, CVE-202
CVE-2026-20213Cisco Advance Notification for Publication of July 15, 2026, Security Advisories
On July 15, 2026, the Cisco Product Security Incident Response Team (PSIRT) will publish advisories to disclose security vulnerability information along with fixed software releases for the following
CiscoFelons, Fraudsters Flog Offensive Cybersecurity Startup
Krebs on Security published an research on "Felons, Fraudsters Flog Offensive Cybersecurity Startup". Topic areas: news, breach, investigation, zero-day. Published July 8, 2026. See the original sourc
AWSDev Channel Update for ChromeOS / ChromeOS Flex
Google Chrome Releases published an advisory on "Dev Channel Update for ChromeOS / ChromeOS Flex". Topic areas: google, chrome, browser, patch. Published July 7, 2026. See the original source linked u
GoogleStable Channel Update for Desktop
Google Chrome Releases published an advisory on "Stable Channel Update for Desktop". Topic areas: google, chrome, browser, patch. Published July 7, 2026. See the original source linked under Reference
GoogleCVE-2026-14904 - Improper Link Resolution in Auth.GetUserPrivateKey in AWS Research and Engineering Studio
Bulletin ID: 2026-053-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/07/2026 09:45 AM PDT Description: AWS Research and Engineering Studio (RES) is an open-source sol
AWSCVE-2026-14904USN-8515-1: Addressable vulnerability
It was discovered that Addressable incorrectly handled certain URI templates, generating regular expressions vulnerable to catastrophic backtracking. An attacker could use this issue to craft a URI th
Stable Channel Update for ChromeOS / ChromeOS Flex
Google Chrome Releases published an advisory on "Stable Channel Update for ChromeOS / ChromeOS Flex". Topic areas: google, chrome, browser, patch. Published July 6, 2026. See the original source linke
GoogleSANS Internet Storm Center Advisory — Jul 7, 2026
SANS Internet Storm Center published an research on "SANS Internet Storm Center Advisory — Jul 7, 2026". Topic areas: sans, isc, incident, daily-summary. Published July 7, 2026. See the original sourc
VU#213560: Tenda firmware (multiple versions) contains hidden authentication backdoor
Overview Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vul
CVE-2026-11405Chrome Dev for Desktop Update
Google Chrome Releases published an advisory on "Chrome Dev for Desktop Update". Topic areas: google, chrome, browser, patch. Published July 6, 2026. See the original source linked under References fo
GoogleCVE-2026-14471 - Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry
Bulletin ID: 2026-052-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/06/2026 13:45 PM PDT Description: Amazon mcp-gateway-registry is an open-source gateway and regis
AWSCVE-2026-14471VU#828543: HP Deskjet 2800 Printer Series Webservers contain Missing Authorization Vulnerability
Overview HP Printers in the Deskjet 2800 Series running firmware version CVE-2026-13753. This vulnerability allows unauthenticated access to the printer's webserver API endpoints, exposing Wi-Fi crede
CVE-2026-13753USN-8514-1: OpenSSH vulnerability
It was discovered that OpenSSH incorrectly handled file permissions when downloading files as root using the legacy scp protocol without the preserve-mode option. An attacker could use this to install
USN-8513-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled SOAP object deduplication when processing apache:Map nodes with duplicate keys. An attacker could possibly use this to cause a use-after-free, resulting
ApacheCVE-2026-6722USN-8502-1: GnuTLS vulnerabilities
It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive informa
UbuntuCVE-2024-0553SANS Internet Storm Center Advisory — Jul 6, 2026
Over the last year, with recent updates to iOS and Android, RCS (Rich Communication Services) has become an increasingly used protocol [1]. RCS is supposed to eventually replace SMS, and in addition t
GoogleUSN-8509-1: Python vulnerabilities
It was discovered that Python incorrectly normalized paths in the tarfile module. An attacker could possibly use this issue to bypass path restrictions. This issue only affected Ubuntu 22.04 LTS and U
UbuntuCVE-2025-13462USN-8506-1: Request Tracker vulnerabilities
Aleksander Iwicki discovered that Request Tracker did not properly sanitize the search "Page" URL parameter. A remote attacker could possibly use this issue to conduct a reflected cross-site scripting
CVE-2026-6841USN-8512-1: Gzip vulnerabilities
It was discovered that Gzip's gzexe utility handled temporary files in an insecure manner. When the mktemp utility was not available, gzexe constructed a temporary file path based on the process ID, w
CVE-2026-41991USN-8504-1: SOGo vulnerabilities
It was discovered that SOGo did not properly sanitize categories used for events, tasks, and contacts. A remote authenticated attacker could possibly use this issue to perform cross-site scripting att
UbuntuCVE-2025-71276USN-8511-1: socat vulnerabilities
It was discovered that socat incorrectly handled the SOCKS5 proxy server reply parser. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-56123) It was discovered tha
UbuntuCVE-2026-56123USN-8510-1: tar vulnerability
It was discovered that tar incorrectly handled symlinks when extracting archives. An attacker could possibly use this issue to overwrite arbitrary files.
USN-8505-1: Parsl vulnerability
It was discovered that Parsl incorrectly constructed SQL queries using unsafe string formatting with user-supplied input in the parsl-visualize component. A remote attacker could possibly use this iss
SANS Internet Storm Center Advisory — Jul 6, 2026
SANS Internet Storm Center published an research on "SANS Internet Storm Center Advisory — Jul 6, 2026". Topic areas: sans, isc, incident, daily-summary. Published July 6, 2026. See the original sourc
Get alerts that match YOUR environment
This page shows everything in the category. Vulnios narrows it down to alerts that affect your actual asset inventory — only the CVEs you need to act on.
Start a free scan