Robuta

Nov 28, 2025 - Cosa rende pericolosa la vulnerabilità Canon CVE-2024-12649 e come viene compromessa la rete di un'organizzazione tramite il semplice invio in...

Jan 8, 2026 - Protect your apps from the critical React RCE bugs (CVE-2025-55182/66478). Fastly's NGWAF Virtual Patch provides proactive defense.

Aug 27, 2025 - This article provides coverage details of the latest RCE vulnerability CVE-2023-3519 found in NetScaler ADC and NetScaler Gateway.

A Cross‑Site Scripting (XSS) vulnerability in jQuery UI’s .position() utility (CVE‑2021‑41184) allows script injection through unsafe handling of the of...

Nov 14, 2025 - Horizon3.ai uncovered 0-days in N-able N-central (CVE-2025-9316, CVE-2025-11700). Use NodeZero® Rapid Response to validate...

Dec 2, 2025 - The SecurityBridge Research Labs has identified a critical Remote Code Execution vulnerability in SAP S/4HANA, registered as CVE-2025-42957.

Patch CVE-2018-14042 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates...

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the...

May 13, 2025 - CVE-2025-30377, a critical use-after-free vulnerability in Microsoft Office, enables attackers to execute arbitrary code via Outlook's Preview Pane...

Oct 7, 2025 - Exploring a dangerous vulnerability in the Unity game engine, and how to protect your devices

Nov 19, 2025 - Learn how to use Vulnhuntr to find vulnerabilities in open-source projects and secure your first CVE with this comprehensive step-by-step guide.

Nov 27, 2025 - Learn how to quickly detect and respond to the actively exploited Chrome CVE-2025-13223 code execution vulnerability using Wazuh's capabilities.

A PoC for CVE-2026-1731 hit GitHub on Feb 10. Within 24 hours, GreyNoise observed reconnaissance probing for vulnerable BeyondTrust instances.

Jan 13, 2026 - Horizon3.ai details CVE-2025-64155, revealing chained FortiSIEM vulnerabilities enabling remote code execution and root access, analysis of the root cause, and...

CVE-2022-0635: DNAME insist with synth-from-dnssec enabled

Discover how a single line of faulty pointer arithmetic in Firefox's WebAssembly engine created CVE-2025-13016, affecting 180M+ users.

A critical security issue in Linux in a core system library has come to light. Although exploits are considered improbable, there's a risk that malicious...

NASA's CryptoLib had a critical 3-year-old authentication flaw. AISLE's AI detected it and helped ship CVE-2025-59534 fix in just 4 days.

If you’re running ROS in production, it’s important to know whether a specific CVE has been patched in your environment. You can find detailed step-by-step...

Feb 2, 2026 - Discover the risks of the CVE-2025-67813 vulnerability in Quest Desktop Authority. Learn how this RCE flaw impacts your organization and how to mitigate it.

Jan 14, 2026 - Learn how the JFrog Security research team discovered and disclosed CVE-2025-11953 which poses a threat to developers using the popular React Native CLI.

A cross-site scripting (XSS) vulnerability has been identified within the Bootstrap 3 Carousel component.

Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’...

Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path...

Oct 7, 2025 - Exploring a dangerous vulnerability in the Unity game engine, and how to protect your devices

Sep 29, 2023 - The exploited Chrome zero-day exploited recently patched by Google is actually in the libwebp library and has a new ID: CVE-2023-5129.

In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing...

Fortinet published a Critical Advisory (FG-IR-22-300 / CVE-2022-39952) for FortiNAC on February 16, 2023. This article adds perspective to that Advisory to...

Jul 9, 2025 - Learn how the JFrog Security research team discovered and disclosed CVE-6514, a critical vulnerability in the mcp-remote project used by Model Context Protocol...

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can...

Nov 18, 2025 - What makes the Canon vulnerability CVE-2024-12649 dangerous and how to compromise an organization’s network by simply sending a document to print.

May 23, 2025 - See how a vulnerability in the Arm Mali GPU can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.

Vert.x | Reactive applications on the JVM

Google fixes actively exploited Chrome zero-day CVE-2026-2441, a high-severity CSS use-after-free flaw enabling sandboxed remote code execution.

Cloud vulnerabilities prove to be increasingly difficult to manage. As networks grow more complex, the need to identify and mitigate security weaknesses...

jQuery UI Dialog contains an XSS vulnerability (CVE-2010-5312) caused by unsafe title rendering with .html(). HeroDevs delivers a secure, backported fix for...

Oct 6, 2025 - The latest versions of HAProxy Community and HAProxy Enterprise have patches for a high severity denial of service vulnerability in the mjson library.

MongoBleed, tracked as CVE-2025-14847, allows unauthenticated memory disclosure in MongoDB via zlib compression. See impact and remediation.

Jan 28, 2026

A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are...

Today, Fortinet published a CVSS Critical PSIRT Advisory (FG-IR-23-097 / CVE-2023-27997) along with several other SSL-VPN related fixes. This blog adds context...

Get instant remediation for CVE-2020-11022. This Medium level exploit can be found in jQuery versions greater than or equal to 1.2 and before 3.5.0. The...

Nov 22, 2025 - Google confirma una vulnerabilidad crítica en el subsistema Bluetooth de Android que permite ejecución remota de código. Conoce cómo ...

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Just as its funding was due to run out.

Dec 10, 2025 - Discover Cato Networks' Rapid CVE Mitigation, offering automated virtual patching for critical vulnerabilities, without customer involvement.

Nov 18, 2025 - What makes the Canon vulnerability CVE-2024-12649 dangerous and how to compromise an organization's network by simply sending a document to...

Stay informed with official vulnerability disclosures and remediation updates for Sangfor products. Browse CVE announcements, impact assessments, and patch...

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.

Dec 22, 2025 - Met een mechanisch ventilatiesysteem van Itho Daalderop zorg je voor een comfortabel, gezond en vochtvrij binnenklimaat. De Itho Daalderop CVE-S ECO SP is een...

When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm...

Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7.

According to a recent study, 96% of applications in the enterprise market use open-source software. As the open source landscape becomes more and more...

Oct 7, 2025 - Exploring a dangerous vulnerability in the Unity game engine, and how to protect your devices

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 (the only allowable value other than...

Nov 28, 2025 - Qu’est-ce qui rend la vulnérabilité CVE 2024-12649 de Canon dangereuse et comment compromettre le réseau d’une organisation en envoyant simplement un...

Medium-severity XSS vulnerability (CVE-2025-3573) in jQuery Validation affects versions <1.20.0, allowing script injection via unsanitized placeholders.

Secure embedded systems in defense and aerospace with SBOM, CVE, and VEX integration, enabling compliance, visibility, and proactive DevSecOps protection.

There are several crucial developments in the cybersecurity landscape in 2024, including a significant rise in reported CVEs and the need for advanced d...

Feb 19, 2026 - In this excerpt of a TrendAI Research Services vulnerability report, Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team detail a recently patched...

Oct 22, 2025 - We have more than 20 years of experience in IoT devices and embedded systems security, and software development.

The information security industry feared a lapse would lead to industrywide exposures of software vulnerabilities.

Nov 24, 2025 - Safely validate exposure to Oracle Identity Manager CVE-2025-61757. Learn how attackers exploit it, what’s at risk, and how NodeZero Rapid Response...

CVE-2025-59287 is a critical RCE vulnerability identified in Microsoft’s WSUS. Our observations from cases show a consistent methodology.

CVE-2026-23004 is a use-after-free vulnerability in the Linux kernel. Learn about its impact, affected versions, and mitigation methods.

Team Huntress has analyzed Cleo's software vulnerability CVE-2024-55956. Take a look at the technical breakdown of a new family of malware we’ve named...

Mar 24, 2025 - Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.

Nov 18, 2025 - FortiWeb faces a critical vulnerability ⚡ Greenbone provides accurate detection and protection for CVE-2025-64446.

Feb 5, 2025 - Chainguard CVE Visualizations, now generally available, is a capability that allows users to compare CVE numbers in both Chainguard Containers and upstream.

Wazuh CTI provides access to a comprehensive database of vulnerabilities, enabling you to quickly identify and address potential risks.

Nov 20, 2025 - On-Demand Replay Webinar Replay: From CVE Alert to Patient Risk (streamed November 13, 2025) Why Context Matters in Medical Device Security (in collaboration...

Dec 2, 2025 - CVE-2025-42957 is a critical ABAP code injection flaw in SAP S/4HANA (CVSS 9.9) discovered by SecurityBridge - patching is imperative!

Malformed BRID/HHIT records can cause named to terminate unexpectedly. An attacker can cause named to crash via queries that create corrupt records.

May 14, 2025 - The CVE program narrowly avoided shutdown after a funding crisis, prompting calls for alternative models and renewed debate about the future of global...

CVE-2025-55182 (React2shell) sparked global confusion and false positives. Discover how Patrowl delivered real exploitability testing and clarity from day one.

Get instant remediation for CVE-2020-11023. This Medium level exploit is related to CVE-2020-11022; it can be found in jQuery versions greater than or equal to...

A cross-site scripting (XSS) vulnerability has been identified within the Bootstrap 4 Carousel component.

Control channel messages call certain functions recursively during packet parsing. A large recursion depth may cause the packet-parsing code to run out of...

Palo Alto Networks Security Advisory: CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal A vulnerability in Palo Alto...