Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
CVE-2023-47359 & More: Critical Vulnerabilities in ABB Ability Camera Connect
Multiple critical and high-severity vulnerabilities in ABB Ability Camera Connect (VLC component <=1.5.0.14) could lead to RCE or DoS. Update to 1.5.0.15 now.
CVE-2026-7251: Hard-coded Password in Eppendorf BioFlo 320
Critical hard-coded password vulnerability (CVE-2026-7251) in Eppendorf BioFlo 320 bioreactors allows full remote control. Patch immediately.
KnowledgeDeliver RCE via CVE-2024-52648 — Mitigation Guide
Attackers are exploiting a critical zero-day vulnerability (CVE-2024-52648) in KnowledgeDeliver LMS to deploy Godzilla web shells. Secure your servers now.
CVE-2026-45659: SharePoint RCE via Deserialization - Patch Now
Microsoft addresses CVE-2026-45659, a high-severity RCE flaw in SharePoint Server caused by untrusted data deserialization. Learn how to mitigate this risk.
Drupal 7.x SQL Injection CVE-2014-3704 — Active Exploitation Alert
CISA adds Drupalgeddon SQL injection (CVE-2014-3704) to KEV catalog, mandating federal agencies to patch critical legacy systems against active exploits.
CVE-2026-5426: KnowledgeDeliver LMS Zero-Day Exploited for Godzilla Shell
Attackers exploited a zero-day in KnowledgeDeliver LMS (CVE-2026-5426) using hard-coded ASP.NET keys to deploy Godzilla web shells and Cobalt Strike Beacons.
Ghost CMS CVE-2022-41654: Over 700 Websites Compromised
Attackers are exploiting a critical Ghost CMS vulnerability to inject malicious scripts into sites belonging to Harvard, Oxford, and DuckDuckGo.
CVE-2026-26980: Ghost CMS SQL Injection Leads to ClickFix Attacks
Attackers exploit CVE-2026-26980 in Ghost CMS to compromise 700+ websites, deploying ClickFix malware that tricks users into executing malicious scripts.
CVE-2026-5426: RCE via ViewState Deserialization in KnowledgeDeliver
Attackers exploit CVE-2026-5426 in the KnowledgeDeliver LMS to achieve RCE via shared ASP.NET machine keys. Immediate key rotation and patching are required.
Wireshark 4.6.6: Fixing Critical Vulnerability and Dissector Bugs
Wireshark 4.6.6 release addresses one security vulnerability and 11 functional bugs. Learn how this update secures packet analysis and prevents dissector crashes.
CVE-2025-26980: Ghost CMS SQL Injection Exploited in ClickFix Campaign
A critical SQL injection vulnerability in Ghost CMS (CVE-2025-26980) is being exploited to deliver ClickFix malware through malicious JavaScript injections.
Anthropic Project Glasswing Uncovers 10,000 High-Severity Flaws
Anthropic's Claude Mythos AI identifies over 10,000 critical and high-severity vulnerabilities in systemically important software via Project Glasswing.