Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin
On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 ac...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
359 articles found
On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 ac...
Microsoft is facing scrutiny after reportedly declining to treat a critical dependency confusion vulnerability affecting Azure Portal assets as a security is...
A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enable...
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity B...
A critical security vulnerability in a widely used Magento extension is exposing thousands of online stores to remote code execution (RCE) attacks. The vulne...
Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in th...
Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Research...
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests w...
The browser update resolves critical-severity security defects that could potentially lead to remote code execution. The post Chrome 148 Update Patches 151 V...
A new 0-day vulnerability in Gogs, a popular self-hosted Git service, allows authenticated users to run arbitrary commands on the server and potentially take...
Wing FTP Server 8.1.
MixPHP Framework 2.2.
Langflow 1.3.
Quick Playground for WordPress 1.3.
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arb...
A critical FortiClient Endpoint Management Server (EMS) vulnerability patched in April has been exploited in fresh attacks to deploy information-stealing mal...
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [.
A newly observed intrusion demonstrates how attackers are replacing static playbooks with AI-driven agents that adapt in real time. The attack began on May 1...
Overview Rapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scor...
Notepad++ has released version 8.9.