Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could ...

Earlier this week, security researchers from VulnCheck announced finding a command injection vulnerability due to improper ...

CISA’s Known Exploited Vulnerabilities (KEV) catalog includes four weaknesses found in the product in recent years, including ...

The vendor has issued a patch to close four holes in its flagship Backup & Replication suite; version 13 users are advised to ...

Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical ...

Veeam patched four Backup & Replication flaws, including CVE-2025-59470 (CVSS 9.0) enabling RCE; update to version ...

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...

Threat actors are exploiting CVE-2026-0625, a critical zero-day vulnerability in discontinued D-Link devices for remote code ...

CVE-2026-21877, a critical authenticated RCE flaw with CVSS 10.0, fixed in version 1.121.3 after affecting earlier releases.

Cyera researchers detail critical 'Ni8mare' vulnerability allowing full takeover of n8n instances - SiliconANGLE ...

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.