[hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
D-Link DIR-825 Rev.B 2.
Vulnerability Disclosure
20 articles
Critical and High Severity n8n Sandbox Flaws Allow RCE
Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers
Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core
Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula
Critical Appsmith Flaw Enables Account Takeovers
Critical vulnerability in Appsmith allows account takeover via flawed password reset process
Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch
A new service, the Global Cybersecurity Vulnerability Enumeration (GCVE), offers an alternative to the US-led CVE
Researchers Exploit Bug in StealC Infostealer to Collect Evidence
CyberArk says it exploited a vulnerability in the StealC infostealer to gather intelligence
RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet
Threat and Vulnerability Management in 2026
Understand the future of threat and vulnerability management (TVM). Learn what TVM is, why traditional tools fail, and how intelligence is essential in today...
Cyber Threat Actors Ramp Up Attacks on Industrial Environments
Hacktivists and cybercriminals have intensified their efforts to exploit vulnerabilities in industrial systems, according to a Cyble report
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our e...
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the res...
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...
Lack of isolation in agentic browsers resurfaces old vulnerabilities
With browser-embedded AI agents, we’re essentially starting the security journey over again. We exploited a lack of isolation mechanisms in multiple agentic ...
[webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection
WordPress Quiz Maker 6.7.
[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
FreeBSD rtsold 15.
Use GWP-ASan to detect exploits in production environments
Memory safety bugs like use-after-free and buffer overflows remain among the most exploited vulnerability classes in production software. While AddressSaniti...
[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection
Summar Employee Portal 3.98.
Critical React2Shell Vulnerability Under Active Exploitation by Chinese Threat Actors
A critical vulnerability in React Server Components is allegedly being actively exploited by multiple Chinese threat actors, Recorded Future recommends organ...
[webapps] MaNGOSWebV4 4.0.6 - Reflected XSS
MaNGOSWebV4 4.0.
[webapps] Django 5.1.13 - SQL Injection
Django 5.1.