Fortinet's popular web application firewall, FortiWeb, faces a serious threat from a newly discovered zero-day vulnerability that enables remote code execution (RCE).
This flaw, classified as an OS Command Injection issue under CWE-78, allows authenticated attackers to run unauthorized commands on the device's underlying...
SolarWinds has patched three critical vulnerabilities in its Serv-U file transfer software that could let attackers with administrative access run malicious code remotely.
These flaws, disclosed on November 18, 2025, affect versions up to 15.5.2 and each carries a CVSS score of 9.1.
The...
A critical security flaw in the popular W3 Total Cache WordPress plugin has exposed over one million websites to remote code execution attacks, allowing hackers to run malicious commands without logging in.
This vulnerability, tracked as CVE-2025-9501, affects versions before 2.8.13 and was publicly...
A critical vulnerability in the AI-Bolit malware scanner, part of Imunify security products, could allow attackers to run arbitrary code and gain root access on Linux servers.
Discovered through responsible disclosure, the flaw affects widely used web hosting tools. It puts millions of sites...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical path traversal vulnerability in Fortinet's FortiWeb Web Application Firewall (WAF) to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation that allows unauthenticated attackers to gain administrative access through crafted HTTP or...
A subtle logic error in the popular mPDF PHP library allows attackers to trigger unauthorized web requests, potentially exposing internal networks even when user input is sanitized using standard PHP functions.
This flaw affects over 70 million installations on Packagist, a central PHP package...