Skip to main content
← All Tags

Vulnerability

17 articles in this category

AI NewsCybersecurityVulnerability

SmarterMail Authentication Bypass Exploited Days After Patch

A critical SmarterMail flaw (WT-2026-0001, now CVE-2026-23760) is being actively exploited in the wild, enabling admin password resets and SYSTEM-level code execution.

Read more
AI NewsCybersecurityVulnerability

Chainlit AI Framework Vulnerabilities Enable Data Theft and SSRF Attacks

High-severity flaws in the Chainlit AI framework (CVE-2026-22218 & CVE-2026-22219) could allow attackers to steal files, leak API keys, and perform SSRF attacks.

Read more
AI NewsCybersecurityVulnerability

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco addressed CVE-2025-20393, a critical 10.0 CVSS zero-day RCE flaw in AsyncOS, exploited by the China-linked UAT-9686 APT group.

Read more
AI NewsCyber SecurityVulnerability

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow resolved CVE-2025-12420, a critical vulnerability that allowed unauthenticated attackers to impersonate users on its AI Platform.

Read more
AI NewsCybersecurityVulnerability

Protect Critical Data in AI Workflows

A maximum-severity vulnerability in the n8n workflow automation platform allows unauthenticated remote code execution, potentially compromising systems.

Read more
AI NewsCybersecurityVulnerability

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro addressed a critical remote code execution vulnerability (CVE-2025-69258) in Apex Central on-prem Windows with a CVSS score of 9.8.

Read more
AI NewsCybersecurityVulnerability

Coolify Vulnerabilities Allow Full Server Compromise

Coolify discloses 11 critical flaws, including command injection vulnerabilities, potentially enabling full server compromise for self-hosted instances.

Read more
AI NewsCloud SecurityVulnerability

Critical 'MongoBleed' Bug Under Attack, Patch Now

A critical memory leak in MongoDB allows unauthenticated attackers to steal credentials and data, with active exploitation confirmed as of January 5, 2026.

Read more
AI NewsCybersecurityVulnerability

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS

Cisco confirms an unpatched CVSS 10.0 zero-day in AsyncOS actively exploited to gain root access on email security appliances.

Read more
AI NewsCyber SecurityVulnerability

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

Attackers are actively exploiting critical FortiGate vulnerabilities (CVE-2025-59718 & CVE-2025-59719) with a CVSS score of 9.8, prompting urgent patching recommendations.

Read more
AI NewsCybersecurityVulnerability

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

React2Shell vulnerability CVE-2025-55182 is actively exploited to deploy Linux malware, resulting in the compromise of over 59,000 servers.

Read more
AI NewsCybersecurityVulnerability

React2Shell Exploitation Escalates into Large-Scale Global Attacks

CISA urgently warns of widespread exploitation of the React2Shell CVE-2025-55182 flaw, impacting over 137,200 internet-exposed systems.

Read more
AI NewsCybersecurityVulnerability

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

Critical React Server Components flaw (CVE-2025-55182) fuels automated attacks dropping miners and multiple new Linux malware families.

Read more
AI NewsCybersecurityVulnerability

Chinese Hackers Exploit Critical React2Shell Vulnerability (CVE-2025-55182)

China-linked hackers weaponize React2Shell (CVSS 10.0) within hours of disclosure, targeting global sectors.

Read more
AI NewsCybersecurityVulnerability

Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet’s CVE-2025-58034 vulnerability (CVSS 6.7) is being exploited in the wild, requiring urgent patches.

Read more
AI NewsCybersecurityVulnerability

Hackers Actively Exploiting 7-Zip Vulnerability (CVE-2025-11001)

Active exploitation of 7-Zip CVE-2025-11001 allows remote code execution; update to version 25.00 is critical.

Read more
AI NewsCybersecurityVulnerability

NHS Alerts to Active Exploitation of 7-Zip Symbolic Link RCE (CVE-2025-11001)

The NHS initially warned of active exploitation of 7-Zip’s CVE-2025-11001, a symbolic link remote code execution vulnerability, before retracting the claim.

Read more