Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...

Singapore’s CSA warns of a CVSS 10.0 SmarterMail vulnerability allowing unauthenticated remote code execution via file upload ...

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a critical remote code execution vulnerability in Cursor Inc.’s integrated development environment that ...

The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...

WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its ...

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...

Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.0–1.120.4 affected, ...

Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment ...

HPE has released patches for a critical-severity OneView vulnerability that could lead to unauthenticated remote code execution.

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately.

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...