Topic: cve identifier

Sort by: Relevance | Date
  • Microsoft fixes critical Office zero-day under active attack
    January 28, 2026
    90%

    Microsoft fixes critical Office zero-day under active attack

    Microsoft has urgently patched a critical, actively exploited zero-day vulnerability (CVE-2026-21509) in Office, which allows attackers to bypass security features by tricking users into opening malicious files. While patches are available for Office 2021, LTSC 2021/2024, and Microsoft 365, secur...

    Read More »
  • 6,000+ SmarterMail Servers Vulnerable to Hijacking
    January 29, 2026
    82%

    6,000+ SmarterMail Servers Vulnerable to Hijacking

    A critical authentication bypass vulnerability (CVE-2026-23760) in SmarterMail email servers allows attackers to reset administrator passwords and take full control of unpatched systems. Security researchers have identified thousands of vulnerable servers, with evidence of widespread, automated e...

    Read More »
  • Critical RCE Flaw in Trend Micro Apex Central: Patch Now
    January 10, 2026
    80%

    Critical RCE Flaw in Trend Micro Apex Central: Patch Now

    A critical vulnerability (CVE-2025-69258) in Trend Micro's Apex Central console allows unauthenticated attackers to remotely execute malicious code with the highest SYSTEM privileges. The flaw, discovered by Tenable, is exploited by sending a crafted message to a specific port, forcing the system...

    Read More »
  • Active Exploit Targets Suspected FortiWeb Zero-Day
    November 15, 2025
    80%

    Active Exploit Targets Suspected FortiWeb Zero-Day

    A critical zero-day vulnerability (CVE-2025-64446) in Fortinet's FortiWeb is being actively exploited, allowing unauthenticated attackers to create unauthorized admin accounts and gain full administrative access. Fortinet silently patched the flaw in multiple versions, including 8.0.2, but delaye...

    Read More »
  • SmarterMail Flaw Lets Attackers Hijack Admin Accounts
    January 25, 2026
    75%

    SmarterMail Flaw Lets Attackers Hijack Admin Accounts

    A critical authentication bypass flaw in SmarterMail's 'force-reset-password' API endpoint allows attackers to hijack administrator accounts and gain full server control. Threat actors began exploiting the vulnerability just two days after the patch was released, suggesting they reverse-engineere...

    Read More »
  • Synology Patches Critical BeeStation Flaws Exposed at Pwn2Own
    November 13, 2025
    75%

    Synology Patches Critical BeeStation Flaws Exposed at Pwn2Own

    Synology released a critical security update for BeeStation devices to fix a remote code execution vulnerability (CVE-2025-12686) caused by an unchecked buffer copy operation. The flaw was exploited live at Pwn2Own Ireland 2025, earning researchers a $40,000 prize, and users must upgrade to BeeSt...

    Read More »
  • SolarWinds Patches Critical RCE Flaw in Web Help Desk
    September 25, 2025
    70%

    SolarWinds Patches Critical RCE Flaw in Web Help Desk

    SolarWinds has released a critical update for its Web Help Desk software to patch CVE-2025-26399, an unauthenticated remote code execution vulnerability requiring immediate action to prevent system compromise. The flaw, located in the AjaxProxy class, allows remote attackers to execute arbitrary ...

    Read More »
  • Urgent Patch: Critical Passwordstate Vulnerability Exposed
    August 28, 2025
    60%

    Urgent Patch: Critical Passwordstate Vulnerability Exposed

    A critical security update is required for Passwordstate to address a high-severity vulnerability that allows attackers to bypass authentication and gain administrative control. The flaw involves a manipulated URL targeting the emergency access page, enabling unauthorized access to the administra...

    Read More »

Related Topics

remote code execution (4) vulnerability disclosure (4) authentication bypass (4) security advisory (2) proof-of-concept (2) active exploitation (2) software update (2) security vulnerability (2)