Vulnerabilities

SolarWinds Fixes Four Critical Web Help Desk Flaws Allowing Unauthenticated RCE and Authentication Bypass

SolarWinds has issued security updates to fix multiple vulnerabilities affecting SolarWinds Web Help Desk (WHD), including four critical flaws that could enable unauthenticated attackers to bypass authentication and execute arbitrary code on affected systems. The vulnerabilities pose a serious risk to organizations using the platform, as several of the issues can be exploited without valid credentials, potentially giving […]

SolarWinds Fixes Four Critical Web Help Desk Flaws Allowing Unauthenticated RCE and Authentication Bypass Read More »

Critical vm2 Node.js Vulnerability Allows Sandbox Escape and Arbitrary Code Execution

A critical security vulnerability has been disclosed in the widely used vm2 Node.js library, exposing systems to sandbox escape and arbitrary code execution risks. If exploited successfully, attackers could execute malicious code directly on the host operating system, completely bypassing vm2’s intended isolation mechanisms. The flaw is tracked as CVE-2026-22709 and carries a CVSS score of 9.8, placing it among the

Critical vm2 Node.js Vulnerability Allows Sandbox Escape and Arbitrary Code Execution Read More »

Two High Severity n8n Vulnerabilities Allow Authenticated Remote Code Execution

Cybersecurity researchers have disclosed two serious security flaws in the n8n workflow automation platform that could allow authenticated attackers to achieve remote code execution (RCE) and potentially take full control of affected environments. The vulnerabilities were discovered by the JFrog Security Research team and impact n8n’s sandboxing mechanisms for both JavaScript and Python execution. Given n8n’s deep integration across enterprise automation

Two High Severity n8n Vulnerabilities Allow Authenticated Remote Code Execution Read More »

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google has warned that multiple threat actors are actively exploiting a critical security vulnerability in WinRAR, despite the issue being patched months ago. The attacks involve a mix of nation state groups and financially motivated cybercriminals using the flaw to gain initial system access and deploy malware. According to the Google Threat Intelligence Group (GTIG), the vulnerability

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 Read More »

Critical Grist Core Vulnerability Enables RCE Attacks Through Spreadsheet Formulas

A severe security vulnerability has been identified in Grist-Core, the open-source self-hosted variant of the Grist relational spreadsheet-database, which could allow remote code execution (RCE). The flaw, cataloged as CVE-2026-24002 with a CVSS score of 9.1, has been dubbed Cellbreak by Cyera Research Labs. “One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,” said security researcher Vladimir Tokarev, who

Critical Grist Core Vulnerability Enables RCE Attacks Through Spreadsheet Formulas Read More »

Microsoft Office Zero-Day CVE-2026-21509 – Emergency Patch Released Amid Active Exploitation

Microsoft has released emergency security updates for a critical Microsoft Office zero-day vulnerability that has been actively exploited by attackers. The flaw, identified as CVE-2026-21509 with a CVSS score of 7.8, is a security feature bypass within Microsoft Office. According to Microsoft, “Reliance on untrusted inputs in a security decision allows unauthorized attackers to bypass

Microsoft Office Zero-Day CVE-2026-21509 – Emergency Patch Released Amid Active Exploitation Read More »

Fortinet Patches CVE-2026-24858 Following Active FortiOS SSO Exploitation

Fortinet has started rolling out security updates to fix a critical vulnerability in FortiOS, which has recently been actively exploited in the wild. The flaw, tracked as CVE-2026-24858 with a CVSS score of 9.4, is an authentication bypass issue linked to FortiOS single sign-on (SSO). This vulnerability also impacts FortiManager and FortiAnalyzer, while Fortinet continues to investigate potential

Fortinet Patches CVE-2026-24858 Following Active FortiOS SSO Exploitation Read More »

CISA Adds Actively Exploited VMware vCenter Vulnerability CVE-2024-37079 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed evidence of active exploitation in real world attacks. The flaw, tracked as CVE-2024-37079 and assigned a CVSS score of 9.8, impacts the implementation of the DCE/RPC protocol within VMware

CISA Adds Actively Exploited VMware vCenter Vulnerability CVE-2024-37079 to KEV Catalog Read More »

CISA Updates KEV Catalog to Include Four Actively Exploited Software Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog by adding four software security flaws that are confirmed to be actively exploited in real world attacks. CISA stated that these additions are based on verified evidence of exploitation, highlighting an increased risk to both public and private sector

CISA Updates KEV Catalog to Include Four Actively Exploited Software Vulnerabilities Read More »

Critical GNU InetUtils telnetd Vulnerability Allows Login Bypass and Root Access

A severe security vulnerability has been disclosed in the GNU InetUtils telnet daemon (telnetd) that has remained unnoticed for nearly 11 years. The flaw allows remote attackers to bypass authentication and gain root access on affected systems. Vulnerability Overview The flaw, tracked as CVE-2026-24061, carries a CVSS score of 9.8/10. It impacts all GNU InetUtils versions from 1.9.3 through

Critical GNU InetUtils telnetd Vulnerability Allows Login Bypass and Root Access Read More »