A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated ...

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Adobe has released patches for 52 vulnerabilities across 10 products, including flaws leading to arbitrary code execution.

For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical ...

Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could ...

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

F5’s May 2026 quarterly security notification details 51 high and medium-severity vulnerabilities impacting BIG-IP, BIG-IQ, ...

Admins with Dynamics 365 on-prem should also take note of a “severe” vulnerability that allows remote code execution.

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...

This month's Patch Tuesday addressed 120 vulnerabilities across Windows, Office, and cloud services, including critical ...

Remote code execution vulnerabilities pose especially critical threats to organizations, and VMware’s stronghold in data centers worldwide give patching these flaws particular urgency. VMware fixed ...