A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated ...

An unpatched vulnerability in ChromaDB could be exploited without authentication for remote code execution and server ...

Adobe has released patches for 52 vulnerabilities across 10 products, including flaws leading to arbitrary code execution.

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days ...

Apple released patches for a cluster of security flaws internally grouped under the tag “Coruna,” and at least one of them ...

Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could ...

Drupal released security updates for a highly critical Drupal Core vulnerability affecting sites that use PostgreSQL.

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by ...

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...

Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal or no ...

Remote code execution vulnerabilities pose especially critical threats to organizations, and VMware’s stronghold in data centers worldwide give patching these flaws particular urgency. VMware fixed ...