Track CVEs, CISA KEV, EPSS scores, and exploit intelligence in real time with WatchStack.io.

Learn about the CVE-2026-32746 pre-auth buffer overflow in GNU InetUtils telnetd with a hands-on exploit walkthrough.

The Qualys Threat Research Unit has identified a Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. This flaw (CVE-2026-3888)…

Turning an uncontrolled heap overflow into a reliable QEMU guest-to-host escape using new glibc allocator behavior and QEMU-specific heap spray techniques.

Contributors: Sandeep Kamble, BugDazz Autonomous Pentest AI, Rabit0 ModelPublication Date: March 19, 2026Severity Rating: Critical (CVSS Score: 8.8)Vulnerability Status: Zero-day at...

Walkthrough of the discovery of an authenticated SQL injection in Kanboard version <= 1.2.50 tracked as CVE-2026-33058

The Model Context Protocol connects AI agents to enterprise tools — but it ships without authentication, authorization, or audit trails. With 7,000+ exposed servers and a growing list of CVEs, MCP has become the blind spot in your zero-trust perimeter. Here's…

Contributors: Sandeep Kamble, BugDazz Autonomous Pentest AI, Rabit0 ModelPublication Date: March 19, 2026Severity Rating: High (CVSS Score: 8.6)Vulnerability Status: Zero-day at time of discovery...

Discover how the tech community uses VPNs, Ageless Linux, and self-hosted AI to bypass invasive OS age verification laws in California and Brazil

PSpice is a SPICE circuit simulator from Cadence Design Systems that encrypts proprietary semiconductor model files to protect vendor IP and prevent reuse in third-party SPICE simulators. The encryption scheme is proprietary and undocumented.

The AISLE analyzer discovered a high-severity vulnerability that enables SQL injection in OpenSIPS, a pillar of global communications used by over ...

Foreword

Documentation for APM — a professional-grade, zero-knowledge CLI password manager.

WordPress plugin "Profile Builder Pro" (versions before 3.14.5) is susceptible to Unauthenticated PHP Object Injection. In this blog post, we discuss how we discovered and exploited the vulnerability using a novel POP chain, how AI helped in the process,…

Three more bypasses in Roundcube's HTML sanitizer: SMIL animation attributes load remote resources, unquoted body backgrounds enable CSS injection, and position:fixed !important enables phishing overlays.

CVE-2026-33155 - 40 Bytes to Chaos - Read the latest insights from Periphery on securing AI hardware, embedded systems, and critical infrastructure.

Learn how to use nono learn, policy, and profile commands to build production-ready sandbox profiles for AI agents like Claude Code.

Runtime AI security across network, host, and application layers. 1,000+ threat signatures with 100% local processing — zero data leaves your environment.

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability.

In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than…