Hole in widely-used FFmpeg codec could crash media servers or enable RCE
A newly discovered critical vulnerability in the FFmpeg media processing framework bundled in a huge number of open source and commercial applications points...
20 articles
A newly discovered critical vulnerability in the FFmpeg media processing framework bundled in a huge number of open source and commercial applications points...
The most severe flaw, CVE-2026-41947, resides in Dify's tracing system, enabling attackers to create a persistent channel for exfiltrating all messages and r...
Samsung’s KNOX flaw (CVE-2026-20971) is a kernel UAF in PROCA/FIVE that can enable corruption via a race; Samsung patched it in Jan 2026. Experts found a nas...
A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks. [.
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
A critical security vulnerability has been identified in libssh2, a widely used client-side SSH library. This flaw allows remote attackers to execute code by...
A critical memory corruption vulnerability in FFmpeg has been disclosed, allowing for remote code execution through specially crafted media files. This flaw,...
Squidbleed is a 29-year-old Squid Proxy flaw that can leak credentials, tokens, and other users’ HTTP data through a memory overread. Researchers at Calif.
A recently disclosed vulnerability in Squid Proxy, tracked as CVE-2026-47729 and referred to as “Squidbleed,” is exposing sensitive user data, including HTTP...
The vulnerability
Apple has revealed a significant security vulnerability affecting Beats Studio Buds, which could allow attackers within Bluetooth range to access a device’s ...
pgAdmin 4 version 9.16 has been released by the pgAdmin Development Team, introducing significant security improvements along with feature enhancements and b...
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnera...
A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attack...
CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and order...
U.S.
CISA has issued an urgent alert regarding a critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, which is now listed in the Known Exploite...
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on use...
CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. The post Splunk En...
The vulnerability, identified as CVE-2025-20701, was discovered by researchers Dennis Heinze and Frieder Steinmetz of ERNW GmbH.