Skip to main content
← All Tags

Vulnerability Management

30 articles in this category (Page 1 of 2)

AI NewsCybersecurityVulnerability Management

CISA Adds Critical Roundcube RCE and XSS Flaws to KEV Catalog

CISA adds two actively exploited Roundcube flaws to KEV, including a 9.9-rated RCE weaponized within 48 hours of public disclosure.

Read more
AI NewsCybersecurityVulnerability Management

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability

BeyondTrust fixes CVSS 9.9 pre-auth RCE flaw in Remote Support and PRA, with 11,000 instances exposed.

Read more
AI NewsCybersecurityVulnerability Management

New Data Tool Helps Orgs Prioritize Exploited Flaws Smarter

KEV Collider combines data from multiple open source vulnerability frameworks to help cybersecurity teams assess which issues need their attention first, with over 48,100 vulnerabilities reported in 2025.

Read more
AI NewsCybersecurityVulnerability Management

CISA Flags Actively Exploited SolarWinds Web Help Desk RCE

CISA adds SolarWinds Web Help Desk RCE flaw to KEV catalog with a CVSS score of 9.8, ordering federal agencies to patch by February 2026.

Read more
AI NewsCybersecurityVulnerability Management

Ivanti EPMM Zero-Day RCE Flaws Actively Exploited

Ivanti released fixes for two actively exploited EPMM zero-day RCE flaws, including CVE-2026-1281, affecting versions before 12.8 with a CVSS score of 9.8.

Read more
AI NewsCybersecurityVulnerability Management

WinRAR Vulnerability Exploited by Nation-State Attackers

A months-old WinRAR vulnerability is being exploited by Russian and Chinese nation-state attackers, despite a patch released last July, affecting hundreds of millions of users.

Read more
AI NewsCybersecurityVulnerability Management

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

CISA added four actively exploited vulnerabilities to its KEV catalog, requiring federal agencies to patch by February 12, 2026.

Read more
AI NewsCybersecurityVulnerability Management

Exploited Zero-Day Flaw in Cisco UC Could Affect Millions

A critical zero-day vulnerability (CVE-2026-20045) in Cisco Unified Communications Manager is being actively exploited, potentially impacting 30 million users.

Read more
AI NewsCybersecurityVulnerability Management

Cisco Patches Actively Exploited Zero-Day (CVE-2026-20045) in Unified CM and Webex

Cisco addressed a critical zero-day vulnerability (CVE-2026-20045) enabling unauthenticated remote code execution, with a CISA deadline of February 11, 2026.

Read more
AI NewsCybersecurityVulnerability Management

Exposure Assessment Platforms Signal a Shift in Focus

Gartner introduces Exposure Assessment Platforms, showing 74% of vulnerabilities are dead ends and projecting 30% less downtime by 2027.

Read more
AI NewsCybersecurityVulnerability Management

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

A critical command injection vulnerability (CVE-2025-64155) in FortiSIEM is being actively exploited, allowing unauthenticated attackers remote code execution.

Read more
AI NewsCybersecurityVulnerability Management

Vulnerabilities Surge, But Messy Reporting Blurs Picture

A record 48,177 vulnerabilities were assigned CVE identifiers in 2025, driven by expanded reporting and a shift in CVE issuance leadership.

Read more
AI NewsCybersecurityVulnerability Management

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

CISA added a high-severity Gogs flaw (CVE-2025-8110) to its KEV catalog due to active exploitation leading to remote code execution, with 700 instances already compromised.

Read more
AI NewsCybersecurityVulnerability Management

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

CISA added two vulnerabilities – CVE-2009-0556 in Microsoft Office and CVE-2025-37164 in HPE OneView – to its KEV catalog, requiring patching by January 28, 2026.

Read more
AI NewsCybersecurityVulnerability Management

Maximum Severity HPE OneView Flaw Exploited in the Wild

CVE-2025-37164, a critical remote code execution vulnerability in HPE OneView, is now being actively exploited in the wild.

Read more
AI NewsCybersecurityVulnerability Management

RustFS Flaw, Iranian Ops, and Cloud Leaks Dominate Recent Cybersecurity Headlines

A critical RustFS vulnerability allowing remote code execution, alongside increased Iranian cyberattacks and widespread cloud data leaks, highlight escalating cybersecurity threats.

Read more
AI NewsCybersecurityVulnerability Management

Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

Veeam addressed CVE-2025-59470, a critical remote code execution flaw (CVSS 9.0) in Backup & Replication, requiring updates to version 13.0.1.1071.

Read more
AI NewsCybersecurityVulnerability Management

Sunken Ships: Learning From Ivanti EPMM Attacks

The Ivanti EPMM zero-day attacks in Spring 2025 compromised thousands of organizations via a simple GET request, highlighting critical risks in endpoint management systems.

Read more
AI NewsCybersecurityVulnerability Management

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet reports active attacks exploiting CVE-2020-12812, potentially bypassing two-factor authentication for admin and VPN users.

Read more
AI NewsCybersecurityVulnerability Management

Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices

A critical zero-day vulnerability (CVE-2025-14733) in WatchGuard Firebox devices is under active exploitation, impacting nearly 125,000 IPs globally.

Read more
AI NewsCybersecurityVulnerability Management

WatchGuard Fireware OS VPN Vulnerability Under Active Exploitation

WatchGuard addressed CVE-2025-14733, a critical 9.3 CVSS-rated Fireware OS VPN flaw, currently exploited in the wild.

Read more
AI NewsCybersecurityVulnerability Management

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA added CVE-2025-59374, a critical ASUS Live Update vulnerability, to its KEV list due to active exploitation stemming from a 2019 supply chain attack.

Read more
AI NewsCybersecurityVulnerability Management

HPE OneView Vulnerability Enables Unauthenticated Remote Code Execution (CVE-2025-37164)

HPE addressed a critical vulnerability in OneView Software (CVE-2025-37164) with a CVSS score of 10.0, allowing unauthenticated remote code execution.

Read more
AI NewsCybersecurityVulnerability Management

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall addressed CVE-2025-40602, an actively exploited vulnerability enabling privilege escalation and potential root access on SMA 100 appliances.

Read more