For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical security flaw. Nobody caught it. Not the open-source contributors who maintained ...

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...

Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.

A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated attacker full remote code execution on the underlying server. The vulnerability, ...

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform ...

An LLM-powered system found 4 security bugs, including a critical one in the web server’s URL rewrite module. Researchers have found a critical vulnerability in the widely used Nginx web server that ...

A critical remote code execution vulnerability was discovered using an AI model and patched within hours. A critical remote code execution vulnerability was discovered using an AI model and patched ...

A 9.9-severity vulnerability in Flowise’s MCP stdio implementation can allow attackers to achieve remote code execution in ...

In a nutshell: The 7-Zip file archiver is a popular open-source alternative to paid programs like WinZip and WinRAR. Widely used by both organizations and individuals, it has also become a frequent ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

A set of previously unknown flaws in Windows Graphics Device Interface (GDI) that could enable remote code execution and information disclosure has been revealed after Microsoft released fixes. These ...