More results...
Security researchers have published a proof-of-concept exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress’s most popular caching plugins with over one million active installations. The flaw, tracked as …
High command injection vulnerabilities have been discovered in Tenda’s N300 Wi-Fi 4G LTE Router and the 4G03 Pro model, allowing authenticated attackers to execute arbitrary commands with root privileges on affected devices. With no patches curre…
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through malici…
A critical security flaw (CVE-2025-11001) in 7-Zip has a public exploit. Learn why this high-risk vulnerability is dangerous and how to manually update to version 25.01 now.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new Oracle vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that attackers are already exploiting it in real-world attacks. The bug, tracked as CVE-…
Rapid7’s Metasploit team has released a new exploit module targeting critical zero-day vulnerabilities in Fortinet’s FortiWeb web application firewall, chaining two security flaws to achieve unauthenticated remote code execution with root p…
CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager.
The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek.
Microsoft disclosed a critical authentication bypass vulnerability in Azure Bastion, its managed remote access service, enabling attackers to escalate privileges to administrative levels with a single network request. The vulnerability, designated CVE-…
The vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories.
The post SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance appeared first…
SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake.
The post SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability appeared first on SecurityWeek.