The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
The post Critical Ubiquiti Vulnerabilities in Attackersβ Crosshairs appeared first on SecurityWeek.
CISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution.
The post Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure appeared first on SecurityWeek.
The flaws allow attackers to execute arbitrary PHP code and gain root privileges on shared hosting servers.
The post Joomla, LiteSpeed Vulnerabilities Exploited in Attacks appeared first on SecurityWeek.
The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges.
The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek.
The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries.
The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek.
An improper authentication bug allows attackers to escalate their privileges and escape containers.
The post Organizations Warned of Exploited Linux Kernel Vulnerability appeared first on SecurityWeek.
The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers.
The post Oracle WebLogic Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges.
The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek.
CISA expanded the KEV catalog with eight flaws, but five of them have been flagged as exploited before.
The post Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities appeared first on SecurityWeek.
To optimize management of CVE volume, entries that do not meet specific criteria will not be automatically enriched.
The post NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software appeared first on SecurityWeek.
Login