Siemens SENTRON 7KT PAC1261 Data Manager
View CSAF Summary The web server in SENTRON 7KT PAC1261 Data Manager Before V2.1.
Vulnerability Disclosure
20 articles
Siemens Ruggedcom Rox
View CSAF Summary Ruggedcom Rox contains an improper access control vulnerability that could allow an authenticated remote attacker to read arbitrary files w...
Siemens Industrial Devices
View CSAF Summary Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has releas...
Siemens SIMATIC
View CSAF Summary SIMATIC HMI Unified Comfort Panels before V21.0 are affected by a vulnerability that allows an unauthenticated attacker to access the web b...
PraisonAI vulnerability gets scanned within 4 hours of disclosure
A newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours aft...
Canon MailSuite Security Flaw Allows Attackers to Execute Code Remotely
Canon has disclosed a critical security vulnerability in its GUARDIANWALL MailSuite product that could allow attackers to execute arbitrary code remotely, ra...
Microsoft patches 138 vulnerabilities as AI-driven discovery accelerates
Microsoft is poised to set a new record for yearly patching by having released patches for over 130 vulnerabilities as part of its May Patch Tuesday release,...
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonA...
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypas...
GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoS
GitLab has issued an urgent security update to neutralize a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silen...
High-Severity Vulnerability Patched in VMware Fusion
The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware ...
PoC Released for 18-Year-Old NGINX Flaw Allowing Remote Code Execution
A critical vulnerability in NGINX’s source code, hidden since 2008, has finally been exposed, and a working exploit is already in the wild. Security research...
Packagist Warns: Update Composer Now After GitHub Actions Token Leak
A sudden change in GitHub’s token format has triggered an unexpected security vulnerability in Composer, exposing sensitive authentication tokens in CI/CD lo...
New Exim BDAT GnuTLS Vulnerability Enables Code Execution Attacks
A critical, stealthy vulnerability is lurking deep within Exim, the software powering a massive share of the world’s email infrastructure. Sitting exposed on...
PoC Exploit Released for Fragnesia Linux Flaw Enabling Root Access
A newly discovered Linux local privilege escalation vulnerability, dubbed “Fragnesia,” is sending shockwaves through the cybersecurity community. This critic...
Critical Fortinet FortiSandbox Vulnerability Enables Code Execution Attacks
The ultimate irony in cybersecurity has just struck the very tool designed to catch and isolate deadly malware has become an open door for hackers. A newly d...
[webapps] Apache HertzBeat 1.8.0 - Remote Code Execution
Apache HertzBeat 1.8.
NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals
NVD enrichment now covers only 15–20% of CVEs. Learn how Recorded Future Vulnerability Intelligence prioritizes risk using real attacker behavior signals.
New critical Exim mailer flaw allows remote code execution
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacke...
House committee chair calls on Instructure to testify in Canvas hack
ShinyHunters hit Canvas twice, exposing student data via XSS and identity compromise.