#vulnerability
31 stories taggedvulnerability.
ServiceNow Patches Auth Bug After Attackers Pivot Deeper Into Hosted Instances
An unauthenticated flaw let intruders escalate access inside customer tenants before ServiceNow shipped a hosted-side fix.
Veeam Patches 9.4-Severity RCE in Backup & Replication; Domain Auth Required
CVE-2026-44963 lets any authenticated domain user run code on the backup server. Veeam shipped fixes Tuesday.
Public PoC Lands for Cisco Unified CM Root-Write Bug CVE-2026-20230
An unauthenticated SSRF in Cisco Unified Communications Manager opens a path to root. Cisco's PSIRT hasn't observed in-the-wild use — yet.
Diverging Paths to Cybersecurity: Tools vs. Operational Control
New reports debate whether inadequate tools or operational lapses are to blame for cybersecurity issues.
Exploit Code Goes Public for Critical Flowise One-Click RCE Flaw
A published proof-of-concept puts every self-hosted Flowise deployment at risk of full remote code execution — no authentication required from the attacker, just a malicious chatflow import.
CIFSwitch: Linux Kernel Key-Handling Bug Hands Out Root Across Major Distros
A local privilege escalation in the kernel's CIFS authentication path lets an unprivileged user forge key descriptions and walk away with root.
Critical Argument Injection Flaw in Gogs Remains Unpatched
Authenticated users can exploit a critical flaw in Gogs, posing security risks for internal Git deployments.
Authenticated RCE in Gogs Hits CVSS 9.4 — and There's No CVE Yet
A critical flaw in the self-hosted Git service lets any logged-in account execute arbitrary code on the server. The auth bar is low. The blast radius isn't.
FortiClient EMS Flaw Sees Fresh Exploitation After April Hotfix
Attackers are still hitting a critical FortiClient EMS vulnerability that Fortinet patched — and flagged as actively exploited — months ago.
Gitea Patches Unauthenticated Container Image Disclosure Flaw in 1.26.2
CVE-2026-27771 allowed anonymous pulls of private container images from all Gitea deployments prior to version 1.26.2, according to maintainers.
CISA Gives Federal Agencies Four Days to Kill a cPanel Plugin Bug Already Being Exploited
The LiteSpeed plugin sits on millions of shared hosting accounts. CISA's compressed timeline says the quiet part loud: someone's already inside.
SharePoint's latest RCE bug hands attackers the keys with no extra paperwork
CVE-2026-45659 is a deserialization flaw that doesn't ask for much — and that's exactly why Microsoft is shipping fixes across every supported SharePoint Server build.
ChromaDB Flaw Exposes Servers to Remote Attacks
A vulnerability in ChromaDB allows attackers to execute code remotely, posing a risk to AI application servers.
Cisco Secure Workload Flaw Demands Immediate Attention
Cisco Secure Workload vulnerability allows attackers admin-level access; patch now.
Cisco's Secure Workload Earns a Perfect 10, in the Wrong Sense
An unauthenticated REST API flaw rated CVSS 10.0 lets remote attackers help themselves to sensitive data. Cisco has issued fixes.