Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
Smart Slider 3 Vulnerability: Patch CVE-2024-11116 File Read Flaw
A file read vulnerability in Smart Slider 3 affects over 800,000 WordPress sites. Authenticated users can access sensitive server files via CVE-2024-11116.
Citrix NetScaler CVE-2026-3055 Memory Overread — Mitigation Guide
Attackers are actively scanning for CVE-2026-3055, a CVSS 9.3 memory overread flaw in Citrix NetScaler ADC and Gateway. Patch vulnerable instances immediately.
CVE-2025-53521: CISA Warns of Active F5 BIG-IP APM RCE Exploitation
CISA adds CVE-2025-53521 to its KEV catalog following active exploitation of F5 BIG-IP APM. The critical RCE flaw carries a CVSS v4 score of 9.3.
TA446 Deploys Leaked DarkSword iOS Exploit Kit — Technical Analysis
Russian threat actor TA446 (Callisto) is targeting iOS users with the leaked DarkSword exploit kit. Learn how to detect and defend against this campaign.
CVE-2025-53521: F5 BIG-IP RCE — Patch Now for Active Exploitation
CISA adds CVE-2025-53521, an actively exploited F5 BIG-IP Remote Code Execution (RCE) vulnerability, to its KEV Catalog. Immediate patching is critical.
OpenAI Model Behavior Bug Bounty: Reporting AI Safety Risks
OpenAI launches a bug bounty program targeting model abuse and safety risks. Learn how to report jailbreaks and bypasses to improve enterprise AI security.
CVE-2024-5035: TP-Link Archer C5400X RCE Vulnerability Patch
TP-Link fixes high-severity flaws including CVE-2024-5035 and CVE-2024-3922, preventing remote code execution and authentication bypass on gaming routers.
CVE-2026-33634: Aqua Trivy Embedded Malicious Code — Patch Now
CISA adds CVE-2026-33634, an Aqua Security Trivy Embedded Malicious Code Vulnerability, to KEV catalog due to active exploitation.
Langflow AI Platform: Critical Code Injection Under Active Attack
Threat actors are actively exploiting a critical code injection vulnerability in the Langflow AI platform, demanding immediate patching to prevent compromise.
Langflow CVE-2026-33017: AI Workflow Hijacking Under Active Exploitation
CISA warns of active exploitation of CVE-2026-33017 in Langflow, enabling attackers to hijack AI workflows and potentially compromise AI agents.
CVE-2026-4681: Critical RCE in PTC Windchill & FlexPLM
Critical RCE vulnerability CVE-2026-4681 affects PTC Windchill and FlexPLM via deserialization. Patch now to prevent code injection in critical manufacturing.
CVE-2026-3587: WAGO Switches CLI Escape Leads to Full Device Compromise
Critical flaw CVE-2026-3587 in WAGO Industrial Managed Switches allows unauthenticated remote attackers to fully compromise devices via CLI escape. Update firmware