This critical (CVSS 10.0) use-after-free (UAF) vulnerability in Lua scripting could allow authenticated attackers to execute ...

In Monsta FTP, a web-based FTP client, attackers can inject and execute malicious code through a vulnerability.

Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...

Google announced a fresh set of security updates for the Android platform, to address two vulnerabilities in the System component.

QNAP patched two dozen vulnerabilities across its product portfolio, including 7 flaws demonstrated at Pwn2Own Ireland 2025.

Security researchers discovered multiple vulnerabilities in AI infrastructure products, including one capable of remote code ...

Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in ...

A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of ...

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User ...

VMware released multiple updates today to address five critical severity vulnerabilities in the VMware vSphere ESXi, VMware Workstation Pro / Player, and VMware Fusion Pro / Fusion, two of which were ...

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now A high-severity remote code execution ...