An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...

Proof-of-concept (PoC) code has been published for a one-click RCE vulnerability in open source LLM building platform Flowise.

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by ...

Ivanti has released emergency patches for its Endpoint Manager Mobile platform after confirming that attackers exploited a previously unknown vulnerability to execute code remotely on targeted servers ...

Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an ...

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise ...

Chinese APT group UNC5221 appears to have studied a recent Ivanti Connect Secure patch to develop a remote code execution exploit on previous versions, and on end-of-support Pulse Connect Secure ...

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active ...

The latest Microsoft Patch Tuesday rollout featured no zero-days. However, an angry hacker has just dropped two new 0-day exploits targeting Windows users.