Static AES keys are enabling attackers to decrypt access tokens and reach remote code execution, triggering urgent patch ...

Research shows a .NET proxy design flaw enables file writes and RCE through attacker-supplied WSDL in multiple products.

A critical Ivanti EPM vulnerability could allow unauthenticated attackers to execute arbitrary code remotely with ...

A six-month investigation into AI-assisted development tools has uncovered over thirty security vulnerabilities that allow ...

An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code ...

Huntress reports active attacks abusing Gladinet’s fixed cryptographic keys to forge tickets and gain remote code execution ...

React2Shell flaw under active attack exposes thousands of React and Next.js apps to remote code execution, forcing urgent ...

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ...

SAP released 14 new security notes, including 3 addressing critical vulnerabilities in Solution Manager, Commerce Cloud, and ...

Microsoft' 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day ...

In the remote maintenance software Connectwise ScreenConnect, authenticated attackers can inject malicious code. An update is ...

A critical, unauthenticated remote code execution vulnerability known as React2Shell has been added to the Cybersecurity and ...