Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
Gogs Self-Hosted Git RCE via Zero-Day: Mitigation Guide
An unpatched zero-day vulnerability in Gogs self-hosted Git service allows attackers to achieve remote code execution, impacting Internet-facing instances.
Microsoft Condemns Public Zero-Day Disclosures, Advocates CVD
Microsoft reiterates strong support for Coordinated Vulnerability Disclosure, criticizing immediate public zero-day disclosures after a researcher's account removal.
FortiClient EMS Critical Flaw Exploited for Credential Stealing
Threat actors are actively exploiting a critical, patched FortiClient EMS vulnerability to deploy credential-stealing malware, bypassing trusted endpoint security.
CVE-2023-48788: Critical FortiClient EMS RCE Under Active Exploitation
Exploitation of CVE-2023-48788 in FortiClient EMS allows unauthenticated remote code execution. Administrators must patch to version 7.2.3 or 7.0.11 immediately.
Actively Exploited CVEs: Daemon Tools Lite, TanStack, Nx Console
CISA added three vulnerabilities—CVE-2026-8398, CVE-2026-45321, CVE-2026-48027—to its KEV Catalog due to active exploitation. Prioritize patching.
AI-Assisted Exploit Development Shorthand Vulnerability Windows
AI tools enable attackers to develop exploits for newly disclosed CVEs in hours, outpacing traditional vulnerability scanner detection capabilities.
CVE-2024-45404: Pretalx Logic Flaw Enables Full Account Takeover
Researchers discover a critical logic flaw in Pretalx versions prior to 2024.1.0 that allows attackers to hijack organizer accounts and manipulate events.
RevEng.AI Secures $15M for AI-Powered Software Binary Analysis
RevEng.AI raises $15 million to scale BinNet, a proprietary AI model designed to automate binary analysis and detect hidden backdoors in software assets.
CVE-2024-50498: CISA Orders Patch for Exploited cPanel Plugin Flaw
CISA mandates federal agencies patch CVE-2024-50498, an actively exploited LiteSpeed cPanel plugin vulnerability, to prevent unauthorized account access.
CVE-2024-50498: Patch Exploited LiteSpeed cPanel Plugin Zero-Day
CISA warns of active exploitation of CVE-2024-50498 in LiteSpeed cPanel plugins, allowing attackers to execute scripts with root privileges. Patch now.
Windows 11 KB5089573: Performance and Reliability Fixes for 24H2/25H2
Microsoft releases KB5089573 preview for Windows 11 24H2 and 25H2, addressing Task Manager bugs, ReFS performance issues, and Sandbox stability errors.
DrayTek Vigor RCE: Patching CVE-2024-41585 Command Injection
Critical OS command injection in DrayTek Vigor routers allows unauthenticated RCE. Learn how to patch CVE-2024-41585 and protect your network edge.