Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
iOS 17.5.1 Notification Data Retention Bug — Mitigation Guide
Apple releases iOS 17.5.1 to address a Notification Services flaw where deleted data persisted on devices due to database corruption issues.
CVE-2025-29635: Mirai Exploits EoL D-Link Routers
A new Mirai campaign actively exploits CVE-2025-29635, a command-injection RCE in EoL D-Link DIR-823X routers, to expand its IoT botnet for DDoS attacks. Urgent
Telegram tdata Credential Harvesting: Risks and Mitigation Strategies
Learn how threat actors exploit Telegram Desktop tdata folders for session hijacking and credential harvesting, bypassing multi-factor authentication.
Redis RCE via CONFIG Command Abuse: Detection and Mitigation
Learn how attackers exploit exposed Redis instances using the CONFIG command to achieve RCE and the specific steps required to secure your infrastructure.
CVE-2026-27668: Privilege Escalation in Siemens RUGGEDCOM CROSSBOW
Authenticated User Administrators can escalate privileges in Siemens RUGGEDCOM CROSSBOW SAM-P versions prior to 5.8. Update to mitigate CVE-2026-27668 risks.
Silex SD-330AC and AMC Manager RCE via CVE-2026-32956 — Patch Now
Silex Technology devices face critical RCE and DoS risks via 13 vulnerabilities. Critical infrastructure defenders must update to firmware Ver 1.50 immediately.
Oracle April 2026 CPU: 481 Patches for Unauthenticated Flaws
Oracle's April 2026 Critical Patch Update addresses 481 vulnerabilities across 28 product families, including 300+ unauthenticated remote exploits.
CVE-2024-38094: 1,300+ SharePoint Servers At Risk of RCE
Over 1,300 Microsoft SharePoint servers remain unpatched against CVE-2024-38094, a critical RCE vulnerability actively exploited by threat actors.
CVE-2023-38171: ASP.NET Core Privilege Escalation — Mitigation Guide
Microsoft issues emergency OOB security updates for a critical ASP.NET Core privilege escalation flaw. Learn how to patch affected systems now.
CVE-2026-5752: Root RCE and Sandbox Escape in Cohere AI Terrarium
CVE-2026-5752 is a critical CVSS 9.3 flaw in Cohere AI's Terrarium sandbox allowing root-level code execution and container escape via prototype traversal.
_NicoElNino_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Google Antigravity RCE via Prompt Injection — Mitigation Guide
Google patched a critical RCE flaw in its AI-based Antigravity tool, stemming from a prompt injection vulnerability allowing sandbox escape and arbitrary code execution.
BRIDGE:BREAK: 22 Flaws in Lantronix and Silex Serial Converters
Forescout researchers uncover 22 BRIDGE:BREAK vulnerabilities in Lantronix and Silex serial-to-IP converters, risking device hijacking and data tampering.