Broadcom patches high-severity VMware Fusion flaw allowing local privilege escalation
The vulnerability is a time-of-check time-of-use (TOCTOU) flaw affecting operations performed by a SETUID binary.
Vulnerability Disclosure
20 articles
Critical 'NGINX Rift' vulnerability discovered, present for 18 years
The vulnerability, with a CVSS v4 score of 9.2, resides in the ngx_http_rewrite_module and affects a significant portion of internet infrastructure due to NG...
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [.
Meet Fragnesia, the third Linux kernel vulnerability in a month
Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply ch...
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN C...
Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory
Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network ...
18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under ce...
Microsoft details new AI system for vulnerability discovery
The MDASH system, developed by Microsoft's Autonomous Code Security team, utilizes over 100 specialized AI agents to find and validate exploitable bugs.
Critical Exim vulnerability allows remote code execution
The vulnerability, a user-after-free flaw, occurs during the TLS shutdown process when handling chunked SMTP traffic.
Researcher publishes proof-of-concept exploits for unpatched Windows vulnerabilities
A cybersecurity researcher has released proof-of-concept exploits for two unpatched Microsoft Windows vulnerabilities, YellowKey and GreenPlasma, which allow...
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploit...
OpenAI Daybreak joins growing movement of AI-driven vulnerability discovery
The program aims to leverage GPT models and Codex Security to improve software resilience.
Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
Independent benchmarking finds Mythos highly effective for source code audits, reverse engineering, and native-code analysis, though its exploit validation a...
FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit
Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,…
Siemens Siemens ROS#
View CSAF Summary ROS# contains a ROS service file_server, that before version 2.2.
Siemens Ruggedcom Rox
View CSAF Summary Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker t...
Siemens Simcenter Femap
View CSAF Summary Simcenter Femap is affected by heap based buffer overflow vulnerability in Datakit library that could be triggered when the application rea...
Siemens Ruggedcom Rox
View CSAF Summary Ruggedcom Rox contains an input validation vulnerability in the feature key installation process that could allow an authenticated remote a...