A decade-old critical security vulnerability affects over 800,000 internet-exposed telnet servers, with reports of active ...

Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in ...

CVE funding gets last-minute funding reprieve A MITRE head told CVE board members that government funding is about to expire Some have called the move "reckless and ignorant" US government funding for ...

CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP ...

Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security ...

By the time of CVE's launch, ISS (later acquired by IBM) maintained a fully public VDB, as of August 1997. A company I helped ...

If, like some 3 billion others worldwide, you use the Chrome web browser, you need to restart it now following this new ...

Another round of critical Web Help Desk flaws highlights how SolarWinds’ legacy code and past breaches continue to haunt IT ...

Patch Synology NAS now, a 9.8 flaw allows root by one command, and DSM 7.3.2 Update 1 blocks it for safer access.

Cybersecurity company FuzzingLabs has accused the Y Combinator-backed startup, Gecko Security, of replicating its vulnerability disclosures and backdating blog posts. According to the company, Gecko ...

Advanced application security testing startup Detectify AB today announced the launch of Alfred, a new system that uses artificial intelligence to autonomously source, prioritize and generate ...