A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated ...

For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical ...

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by ...

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform ...

A critical Telnet vulnerability with a CVSS rating of 9.8 enables attackers to take full control of affected systems before authentication even kicks in, security researchers at Dream Security have ...

MetInfo CMS flaw CVE-2026-29014 exploited after April 7 patch, enabling remote code execution and targeting 2,000 instances.

Google announced on Monday the release of an Android update patching a critical vulnerability that can be exploited for ...

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately. A maximum severity remote code execution vulnerability in Hewlett Packard ...

A set of previously unknown flaws in Windows Graphics Device Interface (GDI) that could enable remote code execution and information disclosure has been revealed after Microsoft released fixes. These ...