Server Side Code Injection

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely

Microsoft: Hackers target universities in “payroll pirate” attacks

Co-op says it lost $107 million after Scattered Spider attack

ChatGPT Pulse is coming to the web, but no word on free or Plus roll out

Electronics giant Avnet confirms breach, says stolen data unreadable

Salesforce refuses to pay ransom over widespread data theft attacks

CVE-2021-43798 Grafana Path Traversal Vulnerability

CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

CVE-2025-61882 Oracle E-Business Suite Unspecified Vulnerability

CVE-2010-3765 Mozilla Multiple Products Remote Code Execution Vulnerability

CVE-2011-3402 Microsoft Windows Remote Code Execution Vulnerability

CVE-2013-3918 Microsoft Windows Out-of-Bounds Write Vulnerability

CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability

CVE-2010-3962 Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability

CVE-2021-22555 Linux Kernel Heap Out-of-Bounds Write Vulnerability

CVE-2025-4008 Smartbedded Meteobridge Command Injection Vulnerability

HighServer Side Include

InformationalCharset Mismatch

HighServer Side Request Forgery

MediumCSP: script-src unsafe-hashes

MediumWeak Authentication Method

HighSOAP XML Injection

LowInsufficient Site Isolation Against Spectre Vulnerability

InformationalSec-Fetch-Site Header Has an Invalid Value

HighHeartbleed OpenSSL Vulnerability (Indicative)

MediumSpring Actuator Information Leak

HighCWE-467 Use of sizeof() on a Pointer Type

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

MediumCWE-190 Integer Overflow or Wraparound

CWE-833 Deadlock

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1220 Insufficient Granularity of Access Control

LowCWE-601 URL Redirection to Untrusted Site ('Open Redirect')

MediumCWE-665 Improper Initialization

HighCWE-99 Improper Control of Resource Identifiers ('Resource Injection')

CWE-1065 Runtime Resource Management Control Element in a Component Built to Run on Application Servers