Threat actors are exploiting a vulnerability in Gitea’s reverse-proxy authentication mechanism to access internet-accessible instances by supplying only a valid username.
A Gitea Docker vulnerability disclosed last month is now drawing real attacker interest, and it is easy to see why. CVE-2026-20896, rated 9.8 out of 10 on the CVSS scale, let anyone who could reach a ...
then LIST command, the server attempts to write to a NULL pointer. send_cmd(['PASV', 'A*'], true) # Assigns PASV port send_cmd(['PORT', 'A*'], true) # Rejected but ...
Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute ...
A vulnerability at the very heart of how the modern Internet operates is disproportionately affecting organizations that have large, distributed footprints on the Web. Patches are available, but some ...
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the ...
Fortinet and Ivanti on Tuesday rolled out fixes for multiple vulnerabilities in their products, including critical-severity OS command injection flaws. Fortinet published three advisories describing ...
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings ...
This module exploits a template injection vulnerability in the MotionEye Frontend. MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS Command Injection in configuration parameters ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results