A critical vulnerability in Microsoft Authenticator tracked as CVE-2026-41615 allows remote attackers to silently steal sign-in access tokens from...
Month: May 2026
A critical server-side request forgery vulnerability in the popular Next.js React framework is putting tens of thousands...
A high-severity code injection vulnerability in protobufjs-cli, the command-line companion to one of npm’s most downloaded packages, could...
A high-severity local privilege escalation (LPE) vulnerability in its CoworkVMService component. This flaw required no admin rights...
A newly disclosed security vulnerability in GitHub Copilot CLI allows attackers to achieve arbitrary code execution by...
A perfect-10 CVSS code-injection flaw in the widely used Node.js sandboxing library vm2 allows unauthenticated remote attackers...
A high-severity vulnerability in Anthropic’s Claude Desktop has been disclosed, exposing millions of remote development sessions to...
A high-severity authentication bypass vulnerability has slipped through the cracks of a previously issued security fix in...
A newly disclosed Linux kernel vulnerability dubbed Fragnesia (CVE-2026-46300) gives any unprivileged local user a direct path to root,...
A high-severity vulnerability in Composer, the PHP dependency manager, has been actively exposing GitHub Actions tokens in...
