CISA has expanded the KEV list with exploited vulnerabilities in Zimbra, eslint-config-prettier, Versa Concerto, and Vite framework.

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated.

The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities ...

The RCE flaw lets remote attackers gain root on affected systems with no user interaction. Cisco has released multiple ...

The project developer for one of the Internet’s most popular networking tools is scrapping its vulnerability reward program ...

Cisco fixes actively exploited CVE-2026-20045 zero-day enabling unauthenticated RCE in Unified CM and Webex; CISA sets Feb 11, 2026 deadline.

High-severity flaws in the Chainlit AI framework could allow attackers to steal files, leak API keys & perform SSRF attacks; ...

No reports of active exploitation … yet Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level ...

The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security ...

Earlier this week, programmer and “accidental security researcher” Simon Aarons disclosed a bug in Google’s Markup screenshot editing tool for its Pixel phones. Dubbed “acropalypse,” the bug allows ...

A Linux kernel bug cataloged as CVE-2022-0847 – which is being referred to as Dirty Pipe due to its similarity to another exploit, Dirty Cow – was recently discovered, though it has reportedly been ...