A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by ...

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under ...

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks.

F5 fixes CVE-2026-42530 and CVE-2026-42055 in NGINX Open Source, addressing HTTP/3 and HTTP/2 flaws that could allow remote ...

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...

Chinese APT group UNC5221 appears to have studied a recent Ivanti Connect Secure patch to develop a remote code execution exploit on previous versions, and on end-of-support Pulse Connect Secure ...

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise traffic to large language model providers, and walked away with arbitrary ...

Nightmare Eclipse Zero-Days: Three zero-day vulnerabilities disclosed by Nightmare Eclipse, complete with exploit code, were ...

The risk of attackers exploiting a recently disclosed maximum severity vulnerability in Cisco's IOS XE Wireless Controller software has increased significantly following the public release of detailed ...