Privilege Escalation is a attack_type tracked across 50 threat clusters and 125 intelligence report mentions on ThreatCluster. First observed November 3, 2025; most recent activity July 16, 2026.
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
A critical vulnerability (CVE-2026-8206) in the Kirki WordPress plugin allows unauthenticated attackers to hijack user accounts, including admin accounts, on over 500,000 websites. Detected by Defiant's Wordfence…
Recent updates to RoundcubeMail for Fedora 43 and 44 revealed critical vulnerabilities, including SQL injection and cross-site scripting (XSS) issues. CVE-2026-48842 details a pre-auth SQL injection in the…
In July 2026, Adobe and Microsoft released significant security updates addressing numerous vulnerabilities. Adobe issued 12 bulletins for 88 unique CVEs, with a focus on ColdFusion and Commerce patches, including a…
A local privilege escalation vulnerability, tracked as CVE-2026-3888, has been identified in default installations of Ubuntu Desktop 24.04 and later. Discovered by Qualys, the flaw arises from an unintended interaction…
On March 10, 2026, Microsoft released its Patch Tuesday updates, fixing 79 vulnerabilities, including two zero-day flaws. The updates address critical vulnerabilities across various products, with one zero-day actively…
A use-after-free vulnerability in the Linux kernel's nftables subsystem, tracked as CVE-2026-23111, allows local attackers to escalate privileges to root. Discovered in early 2025, the flaw was patched on February 5,…
A critical vulnerability, CVE-2026-56396, has been identified in phpMyFAQ versions prior to 4.1.4. This vulnerability allows authenticated non-SuperAdmin users with edit_user permissions to escalate their privileges to…
A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2026-31431 and named 'Copy Fail', allows unprivileged local users to gain root access on virtually all major Linux distributions released since 2017.…
On July 9, 2026, Fedora released updates addressing critical symlink traversal vulnerabilities in its acl and attr packages. The vulnerabilities, identified as CVE-2026-54369, CVE-2026-54370, and CVE-2026-54371, were…