CRITICAL 95% confidence cve

npm cli Local Privilege Escalation Vulnerability (CVE-2026-0775)

Critical vulnerability in npm cli allowing local attackers to escalate privileges. CVSS rating: 7.8. Includes severity, confidence, and actionable response guid

['npm cli versions are vulnerable if they do not have proper mitigations against uncontrolled search path elements.', 'Attackers may exploit this flaw to elevate their privileges on systems running affected npm cli insta

npm cli users and administrators

action items (2)

• Immediately update npm cli installations to mitigate CVE-2026-0775
• Review logs for suspicious activity related to low-privilege commands escalating privileges

Zero Day Initiative · 2026-02-27T06:14

HIGH 90% confidence cve

CISA Adds CVE-2025-8110 to Known Exploited Vulnerability Catalog

['CISA adds Gogs Path Traversal Vulnerability (CVE-2025-8110) to its KEV catalog, emphasizing the importance of timely remediation for federal agencies and all.

['The inclusion of CVE-2025-8110 in the KEV catalog signifies active exploitation and potential harm, necessitating prompt action from organizations, particularly FCEB agencies, to mitigate risks.']

Federal Civilian Executive Branch (FCEB) agenciesAll organizations handling sensitive data

action items (3)

• Review and prioritize remediation efforts for CVE-2025-8110
• Update system configurations and apply necessary patches
• Conduct a thorough risk assessment post-remediation

CISA Current Activity · 2026-02-27T04:44

MEDIUM 95% confidence advisory

Fall 2025 PCI DSS Compliance Package Update

['AWS adds new services and regions to PCI DSS compliance, enhancing security for global operations.', 'AWS expands PCI DSS certification with AWS Security.

['This expansion helps customers achieve compliance with PCI DSS standards, ensuring secure processing and storage of cardholder data across more regions and services.', 'It provides enhanced capabilities for incident re

Financial ServicesRetailTechnology

action items (2)

• Update configurations and compliance checks to include newly certified AWS services and region
• Consult AWS documentation for the latest guidance on PCI DSS requirements

AWS Security Blog · 2026-02-27T04:43

CRITICAL 95% confidence cve

ZDI-26-044: Windows Desktop Window Manager Use-After-Free Privilege Escalation Vulnerability

Microsoft Windows Desktop Window Manager use-after-free local privilege escalation vulnerability allows attackers to escalate privileges on affected systems.

['Attackers can obtain high-level access after gaining initial foothold', 'Vulnerability allows for privilege escalation from low-privileged user']

Windows Server 2016Windows Server 2019Windows 10Windows 11

action items (1)

• Update affected systems with latest patches from Microsoft

Zero Day Initiative · 2026-02-27T04:43

HIGH 95% confidence advisory

CISA Adds One Known Exploited Vulnerability to Catalog

['CISA adds a new information disclosure vulnerability in Microsoft Windows to its KEV Catalog due to active exploitation. All organizations are urged to. Read

['The inclusion of this vulnerability in the KEV catalog highlights its potential impact on network security, emphasizing the importance of swift action to mitigate risks associated with known exploited vulnerabilities.'

FCEB agenciesall organizations

action items (1)

• Check if your environment is affected. Apply necessary updates and monitor for any unusual activity related to this vulnerability.

CISA Current Activity · 2026-02-27T04:40