The CVE-2026-21962 vulnerability stems from an improper access control flaw (CWE-284) in Oracle HTTP Server and the WebLogic Server Proxy Plug-in components. It allows a remote attacker to bypass authentication controls by sending specially crafted HTTP requests, thereby granting unauthorized access to protected administrative functions and internal system resources. Given its severity and the foundational Read more about [2026.02 Vulnerability Report] Oracle Fusion Middleware: Authentication Bypass (CVE-2026-21962)[…]

Microsoft Office is a critical business asset that handles core documents and data. CVE-2026-21509 is a critical zero-day vulnerability that allows attackers to gain complete control of a system by simply opening a manipulated document, directly bypassing built-in security measures. With confirmed cases of in-the-wild attacks by APT groups already underway, and detailed analysis and Read more about [2026.02 Vulnerability Report] MS Office Zero-day (CVE-2026-21509)[…]

This vulnerability is a credential coercion vulnerability in Ivanti Endpoint Manager. An attacker can attempt to obtain credentials and ultimately take over a domain by sending SOAP XML data containing a remote UNC address accessible to the attacker’s server to /WSVulnerabilityCore/VulCore.asmx. A security patch for this vulnerability was released in January 2025, and AIWAF products Read more about [2026.02 Vulnerability Report] Ivanti EPM Absolute Path Traversal[…]