More results...
A critical security vulnerability has been identified in libssh2, a widely used client-side SSH library. This flaw allows remote attackers to execute code by sending specially crafted SSH packets. The vulnerability, tracked as CVE-2026-55200, has a CVS…
A critical memory corruption vulnerability in FFmpeg has been disclosed, allowing for remote code execution through specially crafted media files. This flaw, tracked as CVE-2026-8461 and named “PixelSmash,” affects the MagicYUV decoder within FFmpeg’s …
A recently disclosed vulnerability in Squid Proxy, tracked as CVE-2026-47729 and referred to as “Squidbleed,” is exposing sensitive user data, including HTTP authorization headers and API keys. This issue arises from a decades-old memory-handling flaw …
QNAP has issued security advisory QSA-26-10, which addresses 14 vulnerabilities affecting its widely used NAS and surveillance platforms, including QTS, QuTS hero, QuTS cloud, and QVP (QVR Pro appliances). These vulnerabilities were disclosed on April …
Apple has revealed a significant security vulnerability affecting Beats Studio Buds, which could allow attackers within Bluetooth range to access a device’s microphone without user consent. This issue, identified as CVE-2025-20701, was addressed …
pgAdmin 4 version 9.16 has been released by the pgAdmin Development Team, introducing significant security improvements along with feature enhancements and bug fixes. This update addresses seven vulnerabilities, tracked as CVE-2026-12044 through CVE-20…
Fortinet has issued a security warning about ongoing credential-harvesting attacks targeting FortiGate devices in a campaign known as “FortiBleed.” Threat actors are exploiting weak authentication practices rather than any newly disclosed vulnerabiliti…
A critical security flaws in widely used Chrome extensions, exposing millions of users to the risk of full browser compromise. The vulnerabilities, named “MaXSS” and “Spyder,” affect popular AI-powered extensions SiderAI and Max…
A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attackers to delete arbitrary files and potentially compromise entire websites across more than one m…
CISA has issued an urgent alert regarding a critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, which is now listed in the Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation. The flaw, categorize…