All news

CVE

(10 articles)

May 26, 2026

CISA Orders Patch for Exploited Drupal SQL Injection

CISA added CVE-2026-9082, an actively exploited Drupal SQL injection flaw, to its KEV catalog. Federal agencies must patch by May 27. Here's what developers need to know.

May 22, 2026

Cisco Patches CVSS 10.0 REST API Flaw in Secure Workload

Cisco's Secure Workload has a CVSS 10.0 REST API vulnerability that allows full data access. Learn what's exposed and how to protect your systems now.

May 15, 2026

Avada Builder Flaws Enable WordPress Credential Theft

Two Avada Builder plugin vulnerabilities affect 1M+ WordPress sites, enabling file reads and SQL injection attacks. Learn what's exposed and how to patch now.

Google Fixes CVSS 10 Gemini CLI RCE and Cursor Flaws

April 30, 2026

Google Fixes CVSS 10 Gemini CLI RCE and Cursor Flaws

Google patched critical CVSS 10 RCE flaws in Gemini CLI and Cursor. Here's what developers need to know about the CI pipeline code execution risk.

Critical cPanel Auth Vulnerability: Update Now

April 29, 2026

Critical cPanel Auth Vulnerability: Update Now

A critical cPanel authentication vulnerability puts millions of servers at risk. Here's what developers need to know and how to patch immediately.

Flowise RCE CVE: 12,000+ Instances Under Attack

April 7, 2026

Flowise RCE CVE: 12,000+ Instances Under Attack

A CVSS 10.0 RCE flaw in Flowise AI Agent Builder is being actively exploited. Over 12,000 exposed instances face full remote takeover. Here's what you need to know.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

April 2, 2026

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Attackers exploited CVE-2025-55182 to compromise 766 Next.js hosts and harvest credentials. Here's what happened and how to protect your app.

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

March 26, 2026

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

CVE-2026-33017 in Langflow is being actively exploited for RCE - attackers went from advisory to full exploitation in under 24 hours. Here's what you need to know.

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

March 21, 2026

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle patches CVE-2026-21992, a critical unauthenticated RCE flaw in Identity Manager. Here's what happened and how to protect your stack now.

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

March 21, 2026

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

CISA added Apple, Craft CMS, and Laravel vulnerabilities to its KEV catalog, mandating federal agencies patch by April 3, 2026.