CISA’s Known Exploited Vulnerabilities (KEV) catalog includes four weaknesses found in the product in recent years, including ...
Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could ...
Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical ...
Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...
The flaw allows authenticated n8n users with workflow-creation or modification permissions to bypass the intended security sandbox.
Singapore’s CSA warns of a CVSS 10.0 SmarterMail vulnerability allowing unauthenticated remote code execution via file upload ...
The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...
Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment ...
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...
The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
“Since there’s no user interaction, and since the code executes with elevated privileges, this bug falls into the wormable class of bugs.” Additionally, Microsoft “gives this [flaw] its highest ...
Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback