Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
Gemini CLI Critical RCE Fix: Patching the @google/gemini-cli Flaw
Google patches a CVSS 10.0 flaw in Gemini CLI tools that allowed unprivileged attackers to execute commands in CI/CD environments via malicious configurations.
WordPress Quick Page/Post Redirect Backdoor: Arbitrary Code Injection
A dormant backdoor in the Quick Page/Post Redirect WordPress plugin allowed arbitrary code injection for five years on over 70,000 sites. Learn mitigation.
OpenEMR Flaws: Database Compromise, RCE, and Patient Data Theft Risks
Analysis of 38 security flaws in OpenEMR, an EHR platform used by over 100,000 healthcare providers, enabling database compromise, RCE, and data theft.
GitHub High-Severity Bug Discovered via AI Reverse Engineering
Wiz utilized AI reverse-engineering to uncover a high-severity vulnerability within GitHub, demonstrating advanced discovery methods for complex bugs.
LiteLLM Proxy Data Exposure & Modification — Urgent Patch Required
Critical vulnerability in LiteLLM proxy enables unauthorized database read/modify access. Exploitation observed shortly after disclosure. Patch immediately.
CVE-2020-27686: cPanel and WHM 2FA Authentication Bypass Mitigation
Administrators must patch cPanel and WHM immediately to address a critical 2FA bypass vulnerability that allows attackers to brute-force security codes.
Firefox 150 Patch: 271 Zero-Days Found via Claude Mythos — Update Now
Firefox 150 addresses 271 vulnerabilities discovered by Anthropic’s Claude Mythos AI model, highlighting a shift in automated vulnerability discovery.
Windows Kernel LPE CVE-2024-21338: Lazarus Group Exploits Zero-Day
CISA adds CVE-2024-21338 to KEV catalog after Lazarus Group exploited the Windows Kernel vulnerability to deploy rootkits and bypass security controls.
cPanel Authentication Bypass: Patch Guidance for Versions 11.132.0.29
cPanel releases critical updates to address an authentication bypass vulnerability affecting all supported versions. Administrators should patch immediately.
Optimizing Exposure Management: Beyond CVSS and Patch Fatigue
A technical analysis of Continuous Threat Exposure Management (CTEM) and why modern security teams must prioritize vulnerabilities based on business risk.
CVE-2024-24919: Exploit Analysis and Check Point Gateway Mitigation
Technical analysis of CVE-2024-24919, a critical information disclosure vulnerability in Check Point Security Gateways exploited for credential harvesting.
CVE-2024-1708 & CVE-2026-32202: CISA KEV Update — Patch Now
CISA adds CVE-2024-1708 and CVE-2026-32202 to the Known Exploited Vulnerabilities Catalog following evidence of active exploitation in the wild.