Bleeping Computer

Exploit details for max severity Cisco IOS XE flaw now public

Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. The ...
Tech Times

Cisco SD-WAN Zero-Day Exploit: Mandiant Reveals Malicious CSV Opened Root Shell

Cisco SD-WAN zero-day CVE-2026-20245 was exploited months before disclosure: Mandiant reveals how a malicious CSV file ...
CSOonline

Attackers exploit zero-day RCE flaw in Cleo managed file transfer

The exploit takes advantage of a known file upload vulnerability that was not efficiently patched and can still be exploited in up-to-date versions of Cleo LexiCom, VLTrader and Harmony products.
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.