The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
ScanNetSecurity

RadiX AX6600 WiFi 6 Tri-Band Gaming Router に OSコマンドインジェクションの ...

独立行政法人情報処理推進機構(IPA)および一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は6月17日、RadiX AX6600 WiFi 6 Tri-Band Gaming ...
The Hacker News

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP patched critical flaws up to CVSS 10.0, reducing RCE, admin takeover, and data exposure risks.
Cyber Daily

Alert! Experts concerned over perfect 10 Ivanti Sentry vulnerability, and hackers are ...

CVE-2026-10520 is looking like a nightmare for network defenders: an OS Command Injection vulnerability that could lead to ...
ScanNetSecurity

TP-Link製ルータ Archer BE450 および BE7200 にOSコマンドインジェクション ...

独立行政法人情報処理推進機構(IPA)および一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は6月2日、TP-Link製ルータArcher BE450およびBE7200におけるOSコマンドインジェクションの脆弱性について「Japan Vulnerability Notes(JVN)」で発表した。

Fortinet closes command injection vulnerability in FortiSandbox and more

Fortinet warns of a critical security vulnerability in FortiSandbox and other leaks in FortiPortal and FortiOS/FortiProxy.
latesthackingnews.com

LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...

Ivanti Sentry: Confusion over abuse of critical command injection vulnerability

Ivanti is currently warning of critical security vulnerabilities in Sentry. CISA warns of attacks, but Ivanti downplays them.
Bleeping Computer

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. FortiSIEM ...