Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
Flowise RCE via CVE-2024-31621 — Mitigation Guide
Exploit code is public for a critical RCE vulnerability in Flowise. Attackers use malicious chatflow imports to compromise self-hosted servers.
CVE-2024-52336: How CIFSwitch Grants Root Access on Linux Systems
The CVE-2024-52336 vulnerability, known as CIFSwitch, allows local privilege escalation to root by abusing CIFS key requests in the Linux kernel.
CVE-2026-0257: PAN-OS GlobalProtect Auth Bypass Under Exploitation
Palo Alto Networks warns of active exploitation of CVE-2026-0257, an authentication bypass vulnerability affecting PAN-OS and Prisma Access GlobalProtect gateways.
CVE-2026-0257: Palo Alto PAN-OS Auth Bypass Under Active Attack
CISA adds CVE-2026-0257, an actively exploited authentication bypass in Palo Alto Networks PAN-OS, to its KEV catalog. Immediate patching is critical for all
ChatGPT ChatGPhish Vulnerability: Web Summaries Lead to Phishing
A newly disclosed ChatGPhish vulnerability allows attackers to leverage ChatGPT's Markdown trust for prompt injections and sophisticated phishing campaigns.
CVE-2026-39987: Attackers Use LLM Agents for Post-Exploitation
Discover how threat actors are leveraging LLM agents to automate post-exploitation tasks after compromising Marimo notebooks via CVE-2026-39987.
Gogs RCE via CVE-2024-39930 — Mitigation and Patch Guide
A critical argument injection in Gogs (CVE-2024-39930) allows authenticated users to achieve RCE via malicious pull requests. Learn how to patch and defend.
VMware Workspace ONE Access RCE via CVE-2022-22960 — Patch Now
VMware Workspace ONE Access and Identity Manager face critical RCE vulnerabilities (CVE-2022-22960, CVE-2022-22957) actively exploited. Patch immediately to secure
CVE-2026-35616: FortiClient EMS Exploit Delivers EKZ Infostealer
Attackers are actively exploiting CVE-2026-35616, an authentication bypass in FortiClient EMS, to deploy the EKZ infostealer. Protect your organization now.
Gogs Authenticated RCE: Arbitrary Code Execution - Mitigation Guide
A critical RCE vulnerability in Gogs allows authenticated users to execute arbitrary code. Runtime Rebel provides an analysis and urgent mitigation guidance.
CVE-2026-6332: Schneider Electric EcoStruxure HVAC Source Code Disclosure
A cleartext storage vulnerability in Schneider Electric EcoStruxure Machine Expert HVAC (CVE-2026-6332) exposes sensitive source code. Update to v1.10.0.
CVE-2021-22291: ABB EIBPORT V3 <3.9.2 Session Hijacking Vulnerability
ABB EIBPORT V3 devices are vulnerable to CVE-2021-22291 (XSS/session hijacking), allowing unauthenticated access and configuration changes. Patch immediately.