hkcert.org
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-15.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-15 2026 | Google Chrome Multiple VulnerabilitiesRCE | Writeup detailing multiple vulnerabilities in Google Chrome, affecting versions prior to 148.0.7778.167 (Linux) and 148.0.7778.167/168 (Mac/Windows). Exploitation of these CVEs, including CVE-2026-8509 through CVE-2026-8587, could lead to remote code execution, denial of service, security restriction bypass, spoofing, cross-site scripting, and information disclosure. Users are advised to update to the patched versions. |
| 2026-05-14 2026 | Palo Alto Products Multiple VulnerabilitiesRCE | Writeup of multiple vulnerabilities affecting Palo Alto products, including GlobalProtect App and PAN-OS. Attackers can exploit these flaws to achieve elevation of privilege, denial of service, remote code execution, cross-site scripting, and security restriction bypass. Specific CVEs identified include CVE-2026-0249, CVE-2026-0250, and CVE-2026-0251, among others. Affected versions span across PAN-OS 10.2, 11.1, 11.2, 12.1, and various GlobalProtect App releases. |
| 2026-05-11 2026 | Mozilla Products Multiple VulnerabilitiesRCE | Analysis of multiple vulnerabilities in Mozilla Products, including Firefox and Thunderbird, leading to potential denial of service and remote code execution. Affects versions prior to Firefox 150.0.2, Firefox ESR 115.35.2, Firefox ESR 140.10.2, Thunderbird 140.10.2, and Thunderbird 150.0.2. Patches are available from the vendor. |
| 2026-05-08 2026 | Linux Kernel Elevation of Privilege VulnerabilityPython | Writeup on CVE-2026-31431, a "Copy Fail" logic bug in the Linux kernel's authencesn cryptographic template. This vulnerability allows an unprivileged local user to perform a deterministic, controlled 4-byte write into the page cache of any readable file, enabling elevation of privilege to root. The exploit is a 732-byte Python script that can modify setuid binaries, impacting all Linux distributions shipped since 2017. Vendor-specific fixes are available for Ubuntu, Debian, Red Hat, SUSE, Amazon, Arch, AlmaLinux, Cloudlinux, and Gentoo. |
| 2026-05-06 2026 | WhatsApp Multiple VulnerabilitiesRCE | Bulletin detailing multiple vulnerabilities in WhatsApp clients (iOS, Android, Windows) allowing remote attackers to bypass security restrictions and perform spoofing. Affected versions include specific ranges prior to recent updates on each platform. Users are advised to update to the latest available versions for iOS v2.26.15.72+, Android v2.26.7.10+, and Windows v2.3000.1032164386.258709 or later. |
| 2026-05-06 2026 | SUSE Linux Kernel Multiple VulnerabilitiesRCE | Vulnerabilities impacting SUSE Linux Kernel allow remote attackers to achieve denial of service, remote code execution, security bypass, privilege escalation, data manipulation, and information disclosure. Affected systems include SUSE Linux Enterprise High Performance Computing 12 SP5, SUSE Linux Enterprise Live Patching 12-SP5, and various SUSE Linux Enterprise Server 12 SP5 variants. Specific CVEs include CVE-2024-26584, CVE-2025-38234, CVE-2025-39759, CVE-2025-71268, CVE-2025-71269, CVE-2026-22990, CVE-2026-23103, CVE-2026-23120, CVE-2026-23243, CVE-2026-23262, CVE-2026-23272, CVE-2026-23277, CVE-2026-23318, CVE-2026-23362, CVE-2026-23382, CVE-2026-23386, and CVE-2026-23398. |
| 2026-04-29 2026 | Mozilla Firefox Multiple VulnerabilitiesRCE | Library of advisories detailing multiple vulnerabilities in Mozilla Firefox. These issues, impacting versions prior to Firefox 150.0.1, Firefox ESR 115.35.1, and Firefox ESR 140.10.1, can lead to remote code execution, security restriction bypass, and information disclosure. Patches are available from the vendor. |
| 2026-04-20 2026 | Google Chrome Multiple VulnerabilitiesRCE | Writeup detailing multiple vulnerabilities in Google Chrome, including CVE-2026-6296 through CVE-2026-6364. Exploitation of these weaknesses can lead to remote code execution, denial of service, information disclosure, and security restriction bypass. Affected versions are prior to 147.0.7727.101 on Linux, and prior to 147.0.7727.101/102 on Mac and Windows. Mitigation involves updating to the latest vendor-released versions. |
| 2026-04-15 2026 | Adobe Acrobat Remote Code Execution VulnerabilityRCE | Writeup detailing CVE-2026-34621, a high-risk Adobe Acrobat remote code execution vulnerability. Exploitation requires user interaction, typically by opening a malicious file, and leads to arbitrary code execution via Prototype Pollution. Affected versions include Acrobat DC, Acrobat Reader DC, and Acrobat 2024, with patches available for update. |
| 2026-04-13 2026 | Juniper Junos OS Multiple VulnerabilitiesRCE | Bulletin detailing multiple vulnerabilities in Juniper Junos OS and Junos OS Evolved. These issues, including CVE-2022-24805, CVE-2025-13914, CVE-2025-30650, and numerous others listed in the 2026-04 Security Bulletin, can lead to spoofing, data manipulation, remote code execution, denial of service, information disclosure, privilege elevation, and security restriction bypass. Remediation requires consulting Juniper's vendor website. |
| 2026-04-13 2026 | Microsoft Edge Multiple VulnerabilitiesRCE | Bulletin detailing multiple vulnerabilities in Microsoft Edge, including CVE-2026-5281 which is actively exploited. Exploitation can lead to remote code execution, denial of service, security restriction bypass, data manipulation, sensitive information disclosure, and spoofing. Affected versions are prior to 147.0.3912.60. Updating to version 147.0.3912.60 or later is recommended. |
| 2026-04-11 2026 | Google Chrome Multiple VulnerabilitiesRCE | Vulnerability summary detailing multiple issues within Google Chrome versions prior to 147.0.7727.55 on Linux, and 147.0.7727.55/56 on Mac and Windows. Exploitation can lead to information disclosure, denial of service, remote code execution, security restriction bypass, and data manipulation. This bulletin lists CVE-2026-5858 through CVE-2026-5919 as affected vulnerabilities. |
| 2026-04-08 2026 | Fortinet FortiClientEMS Remote Code Execution VulnerabilityRCE | Writeup of CVE-2026-35616 in FortiClientEMS, an Improper Access Control vulnerability allowing unauthenticated attackers to execute unauthorized code or commands via crafted requests. Exploited in the wild, this vulnerability can lead to remote code execution and elevation of privilege on affected systems. Users should update to FortiClientEMS 7.4.7 or later. |