More results...
The Emergency Directives were retired because they achieved objectives or targeted vulnerabilities included in the KEV catalog.
The post CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over appeared first on SecurityWeek.
A newly disclosed vulnerability in the OWASP Core Rule Set (CRS) allows attackers to bypass charset validation in web application firewalls (WAFs), enabling dangerous payloads to reach backend applications. Tracked as CV…
Trend Micro has issued a critical security update for Apex Central to address multiple remotely exploitable vulnerabilities, including a bug that allows unauthenticated attackers to execute code with SYSTEM-level privileges. Organizations running vuln…
Microsoft is tightening security for its cloud customers by making multi-factor authentication mandatory for anyone accessing the Microsoft 365 admin center, effectively ending password-only logins for high-privilege admin portals.&…
A critical vulnerability (CVE-2026-21877) found by Upwind affects n8n automation tools. Learn why researchers are urging users to update to version 1.121.3 immediately to prevent remote code execution.
An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. The vulnerability’s inc…
The bug can allow attackers to read arbitrary files from the system, potentially exposing configurations and credentials.
The post Critical Vulnerability Patched in jsPDF appeared first on SecurityWeek.
Tracked as CVE-2026-21858 (CVSS score 10), the bug enables remote code execution without authentication.
The post Critical Vulnerability Exposes n8n Instances to Takeover Attacks appeared first on SecurityWeek.
Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow unauthenticated attackers to achieve code execution on affected installations. …
The maximum-severity code injection flaw can be exploited without authentication for remote code execution.
The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek.