A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated ...

For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical ...

NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for ...

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by ...

Microsoft’s May Patch Tuesday fixes 120 flaws, including 31 remote code execution bugs, with no zero-days reported at release ...

Microsoft patches a critical Outlook vulnerability tracked as CVE-2026-40361 that can be exploited for remote code execution.

Windows networking and authentication components, including four critical remote code execution bugs patched in this month’s ...

Exim has released security updates to address a severe security issue affecting certain configurations that could enable ...

Microsoft has published security updates to fix 120 CVEs in the May Patch Tuesday, 16 of which were discovered by a new multi ...

Microsoft's May Patch Tuesday release broke a long zero-day streak, arriving without any vulnerabilities listed as exploited or publicly disclosed.