PHP Composer, the world’s most widely used dependency manager for PHP applications, has patched two high-severity command...
Cyber Attack
A newly disclosed critical-severity vulnerability in OpenAEV (CVE-2026-24467) allows unauthenticated remote attackers to fully compromise any registered user account,...
A state-sponsored campaign in which threat actor UAT-4356, the same group behind the 2024 ArcaneDoor espionage operation,...
A critical, unpatched vulnerability in Ollama’s GGUF model quantization engine, tracked as CVE-2026-5757, allows unauthenticated attackers to...
A critical out-of-bounds buffer write vulnerability (CVE-2026-3298) has been disclosed in Python’s asyncio.ProactorEventLoop on Windows, allowing attackers to write...
Microsoft has disclosed a critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2026-35431, in Microsoft Entra ID Entitlement Management,...
Microsoft has disclosed a critical Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview eDiscovery, tracked as CVE-2026-26150,...
A high-severity Cypher injection vulnerability (CVE-2026-41274, CVSS 8.1) has been disclosed in Flowise’s GraphCypherQAChain node. Allowing authenticated...
Marimo, a popular open‑source reactive Python notebook used in data science and AI workflows, is under active...
Microsoft has disclosed CVE-2026-32172, a critical remote code execution (RCE) vulnerability in Microsoft Power Apps caused by...
