A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by ...

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise ...

A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering ...

They're serious. Notices about arbitrary code execution (ACE) vulnerabilities appear just about every week in alerts from US-CERT — the United States Computer Emergency Readiness Team, a part of the ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

A vulnerability in Apache HTTP Server’s HTTP/2 protocol handling now has working exploit code circulating among security ...

Researchers who discovered two critical vulnerabilities in Microsoft SharePoint Server have released details of an exploit they developed that chains the two vulnerabilities together to enable remote ...

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 ...

Computers connected to networks are constantly threatened by attackers who seek to exploit vulnerabilities wherever they can find them. This risk is particularly high for machines connected to the ...

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...

"A buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code ...

Anthropic PBC’s official Git Model Context Protocol server has several security vulnerabilities that can lead to arbitrary file access and, in some scenarios, full remote code execution triggered ...