Proof-of-concept (PoC) code has been published for a one-click RCE vulnerability in open source LLM building platform Flowise.

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background ...

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by ...

Ivanti has released emergency patches for its Endpoint Manager Mobile platform after confirming that attackers exploited a previously unknown vulnerability to execute code remotely on targeted servers ...

Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an ...

SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well.

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise ...

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active ...

Chinese APT group UNC5221 appears to have studied a recent Ivanti Connect Secure patch to develop a remote code execution exploit on previous versions, and on end-of-support Pulse Connect Secure ...