Coverage
Vulnerabilities
738 articles on vulnerability disclosures and exploits
Advertisement
CVE-2026-9082: Drupal Core RCE via Database API (PostgreSQL)
A highly critical flaw, CVE-2026-9082, in Drupal Core's database abstraction API allows RCE, privilege escalation, and info disclosure on PostgreSQL sites. Patch
SonicWall Gen6 SSL-VPN MFA Bypass: Incomplete Patching Leads to Compromise
Hackers are bypassing MFA on SonicWall Gen6 SSL-VPN appliances via brute-force due to incomplete patching, enabling ransomware tool deployment.
OT Robot OS Command Injection: Unauthenticated RCE — Patch Now
Critical command injection vulnerability in OT Robot OS allows unauthenticated attackers to gain remote control, posing significant disruption risks to industrial
YellowKey BitLocker Bypass: Microsoft Mitigates Data Access
Microsoft addresses the 'YellowKey' BitLocker bypass, preventing unauthorized data access via the FsTx Auto Recovery Utility in WinRE. Understand the threat.
Claude Code Sandbox Bypass: Anthropic Patches CLI Vulnerability
Anthropic recently addressed a sandbox bypass in Claude Code. This vulnerability could have allowed data exfiltration when combined with prompt injection.
CVE-2024-51567: How Attackers Exploit Arch Linux genfstab — Patch Now
A public exploit for PinTheft (CVE-2024-51567) allows local attackers to gain root privileges on Arch Linux via the genfstab script. Update to version 31.
Drupal Core Security Release: Preparing for High-Risk Exploitation
Drupal warns of a critical core security update with high exploitation risk. Learn how to prepare for patches and protect your CMS from potential RCE.
AI-Driven Vulnerability Discovery: Automated Response Strategies
Frontier AI models like Mythos accelerate vulnerability discovery. Learn how to leverage agentic processing and threat intelligence for rapid mitigation.
CVE-2024-24919: Critical Information Disclosure in Check Point Gateways
A technical analysis of CVE-2024-24919, a high-severity information disclosure flaw in Check Point Quantum Gateways, including exploit detection and mitigation.
YellowKey Zero-Day: Mitigating BitLocker Encryption Bypasses in Windows
Microsoft releases mitigation guidance for the YellowKey zero-day, a Windows BitLocker vulnerability allowing unauthorized access to encrypted data volumes.
DBIR 2026: Vulnerability Exploitation Now Top Breach Vector
Verizon's 2026 DBIR reveals vulnerability exploitation as the leading breach vector, surpassing credential theft. AI accelerates attacks, patching delays persist, and
CVE-2024-34351: ChromaDB RCE via MinJinja Template Injection
A critical RCE vulnerability in ChromaDB (CVE-2024-34351) allows unauthenticated attackers to hijack servers via malicious metadata filters. Patch to 0.5.1 now.