A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by ...

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under ...

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks.

F5 fixes CVE-2026-42530 and CVE-2026-42055 in NGINX Open Source, addressing HTTP/3 and HTTP/2 flaws that could allow remote ...

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...

Chinese APT group UNC5221 appears to have studied a recent Ivanti Connect Secure patch to develop a remote code execution exploit on previous versions, and on end-of-support Pulse Connect Secure ...

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise traffic to large language model providers, and walked away with arbitrary ...

Nightmare Eclipse Zero-Days: Three zero-day vulnerabilities disclosed by Nightmare Eclipse, complete with exploit code, were ...

The risk of attackers exploiting a recently disclosed maximum severity vulnerability in Cisco's IOS XE Wireless Controller software has increased significantly following the public release of detailed ...