Public exploit code has been released for the **"wp2shell" remote code execution vulnerabilities** in WordPress Core, according to [BleepingComputer](https://www.bleepingcomputer.com/news/security/wor
SonicWall has confirmed two zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 series appliances are being actively exploited in the wild. The more severe of the two, [CVE-2026-15409](htt
CISA added [CVE-2026-45659](https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html) to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday — a high-severity remote co
Adobe has released an out-of-band security update addressing [seven maximum-severity vulnerabilities](https://www.bleepingcomputer.com/news/security/adobe-patches-seven-max-severity-coldfusion-campaig
Researchers have disclosed three security vulnerabilities in LangGraph, the open-source framework from LangChain used to build stateful, multi-step AI agent workflows. One of those flaws forms a criti
Oracle has disclosed a critical zero-day in PeopleSoft Suite — **CVE-2026-35273** — enabling unauthenticated remote code execution, and the ShinyHunters threat group is already exploiting it in live d
Ivanti has disclosed and patched two critical vulnerabilities in its Sentry secure mobile gateway — including a [maximum-severity flaw that allows unauthenticated remote attackers to execute arbitrary
Researchers have demonstrated that three previously patched vulnerabilities in Ubiquiti's UniFi OS can be chained to achieve remote code execution with root privileges — entirely without authenticatio
A zero-day vulnerability in [Gogs](https://gogs.io/), the popular self-hosted Git service, is actively exploitable and currently has **no patch**. According to [BleepingComputer](https://www.bleepingc