Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
Schneider Electric Plant iT/Brewmaxx RCE via Multiple Redis Vulnerabilities
Multiple critical and high-severity vulnerabilities in Schneider Electric Plant iT/Brewmaxx 9.60+ (Redis component) enable RCE and privilege escalation, affecting
CVE-2026-2417: Pharos Controls RCE via Missing Authentication
Critical vulnerability (CVE-2026-2417) in Pharos Controls Mosaic Show Controller firmware 2.15.3 allows unauthenticated root RCE. Upgrade to 2.16+ immediately.
Microsoft Outlook Fixes Gmail IMAP Sync Bug in Version 2404
Microsoft resolves a persistent bug in Classic Outlook causing IMAP synchronization failures and connection errors for Gmail and Yahoo mail users.
CVE-2023-4966: Critical Citrix NetScaler Memory Leak Patching Guide
Critical unauthenticated memory leak in Citrix NetScaler ADC and Gateway allows session hijacking. Learn to mitigate CVE-2023-4966 and secure your network.
Citrix NetScaler CVE-2026-3055: Critical Data Leak Patch Guidance
Citrix releases critical security updates for NetScaler ADC and Gateway to address CVE-2026-3055, an unauthenticated memory overread and data leak flaw.
CVE-2024-3400: Exploiting Palo Alto Networks PAN-OS — Patch Now
Technical analysis of CVE-2024-3400, a critical command injection vulnerability in PAN-OS firewalls. Learn exploit mechanics, detection, and mitigation steps.
M-Trends 2026: Evolving Ransomware, Persistence, and SaaS Attack Vectors
M-Trends 2026 reveals critical shifts in adversary TTPs: destructive ransomware, zero-day exploitation for persistence, and voice phishing for SaaS access.
AWS Bedrock AI Agent Security: Analysis of Eight Attack Vectors
Research identifies eight critical attack vectors in AWS Bedrock, focusing on risks to integrated enterprise data and automated Lambda function execution.
Microsoft Xbox One Hardware Security Defeated via Bliss Exploit
Security researchers have bypassed Microsoft Xbox One hardware security using the Bliss voltage glitching exploit, enabling unsigned code execution.
QNAP Patches Four Pwn2Own Vulnerabilities in QTS and QuTS hero
QNAP releases security updates for four vulnerabilities, including CVE-2024-50387 and CVE-2024-50388, exploited during the Pwn2Own Ireland 2024 competition.
CVE-2021-35587: Critical RCE in Oracle Identity Manager Patched
Oracle issues emergency patches for CVE-2021-35587, a critical RCE flaw in Identity Manager with a 9.8 CVSS score. Immediate mitigation is required.
Quest KACE SMA CVE-2025-32975 Exploited — Critical Patch Guidance
Threat actors are exploiting a critical CVSS 10.0 vulnerability, CVE-2025-32975, in Quest KACE Systems Management Appliances exposed to the internet.