Coverage
Vulnerabilities
754 articles on vulnerability disclosures and exploits
Advertisement
Critical Vulnerabilities in Gardyn Smart Gardens Enable Remote Takeover
CISA warns of critical flaws in Gardyn Smart Gardens, including CVE-2024-39682 and CVE-2024-39683, allowing remote code execution and unauthorized access.
OpenLDAP and lldpd Vulnerabilities: Analyzing DoS Risks
Detailed analysis of CVE-2025-25164 in OpenLDAP and CVE-2025-25330 in lldpd, focusing on NULL pointer dereference and memory leak impacts on infrastructure.
Cisco SD-WAN Zero-Day Under Exploitation for 3 Years
A critical zero-day vulnerability, CVE-2026-20127, in Cisco SD-WAN has been actively exploited by a sophisticated threat actor for three years.
GetProcessHandleFromHwnd API: UAC Bypass Implications
Investigate the GetProcessHandleFromHwnd API's role in a Quick Assist UAC bypass. Understand its mechanism, UIAccess implications, and defender recommendations.
Multiple DoS/RCE Vulnerabilities in Yokogawa CENTUM VP R6, R7
CISA alerts to multiple medium-severity vulnerabilities in Yokogawa CENTUM VP R6 and R7, allowing DoS and RCE via crafted packets in critical infrastructure
Critical Authentication Flaws in Chargemap EV Infrastructure
CISA warns of critical vulnerabilities in Chargemap EV charging stations, including unauthenticated WebSocket access and session hijacking (CVE-2026-25851).
Trend Micro Patches Critical RCE Flaws in Apex One Security Platform
Trend Micro addresses two critical vulnerabilities, CVE-2023-32524 and CVE-2023-32525, in its Apex One platform that allow for remote code execution.
Anthropic Patches Claude Code Vulnerabilities Enabling Silent Hacking
Anthropic addressed flaws in Claude Code that allowed attackers to execute arbitrary commands on developer devices via malicious repository configurations.
Threat Intelligence Analysis: Kali Linux AI Integration and Browser Crash Traps
Analysis of Kali Linux Claude AI integration, Chrome browser crash traps, and the ongoing exploitation of WinRAR vulnerabilities by LockBit affiliates.
US Sanctions Russian Exploit Broker Operation Zero
US Treasury sanctions Russian exploit broker Operation Zero and its owner Sergey Zaytsev for facilitating zero-day trades with Russian intelligence agencies.
Zyxel Fixes Critical RCE Vulnerability in UPnP Implementation
Zyxel releases patches for CVE-2024-42057, a command injection flaw in the UPnP function of several VMG and fiber router models, allowing unauthenticated RCE.
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited for Admin Access
CVE-2026-20127 is a critical CVSS 10.0 flaw in Cisco SD-WAN controllers exploited since 2023, allowing unauthenticated remote administrative access.