The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical OS command injection vulnerability in Fortinet's FortiWeb web application firewall to its Known Exploited Vulnerabilities (KEV) catalog.
This flaw, tracked as CVE-2025-58034, allows authenticated attackers to execute arbitrary code on affected systems...
WhatsApp, the world's most popular messaging app with 3.5 billion active users as of early 2025, has been exposed to a major privacy flaw that allowed researchers to scrape phone numbers and profile data on a massive scale.
Security experts from the University of...
D-Link has disclosed four critical vulnerabilities in its DIR-878 router series, which reached end-of-life status over four years ago, allowing attackers to execute remote code without authentication.
These flaws affect all hardware revisions and firmware versions worldwide, posing severe risks to users still relying...
Fortinet's popular web application firewall, FortiWeb, faces a serious threat from a newly discovered zero-day vulnerability that enables remote code execution (RCE).
This flaw, classified as an OS Command Injection issue under CWE-78, allows authenticated attackers to run unauthorized commands on the device's underlying...
SolarWinds has patched three critical vulnerabilities in its Serv-U file transfer software that could let attackers with administrative access run malicious code remotely.
These flaws, disclosed on November 18, 2025, affect versions up to 15.5.2 and each carries a CVSS score of 9.1.
The...
A critical security flaw in the popular W3 Total Cache WordPress plugin has exposed over one million websites to remote code execution attacks, allowing hackers to run malicious commands without logging in.
This vulnerability, tracked as CVE-2025-9501, affects versions before 2.8.13 and was publicly...