For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical security flaw. Nobody caught it. Not the open-source contributors who maintained ...

A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated attacker full remote code execution on the underlying server. The vulnerability, ...

Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform ...

An LLM-powered system found 4 security bugs, including a critical one in the web server’s URL rewrite module. Researchers have found a critical vulnerability in the widely used Nginx web server that ...

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...

A critical Telnet vulnerability with a CVSS rating of 9.8 enables attackers to take full control of affected systems before authentication even kicks in, security researchers at Dream Security have ...

A 9.9-severity vulnerability in Flowise’s MCP stdio implementation can allow attackers to achieve remote code execution in ...