Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. The ...

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. A critical vulnerability ...

The exploit takes advantage of a known file upload vulnerability that was not efficiently patched and can still be exploited in up-to-date versions of Cleo LexiCom, VLTrader and Harmony products.

Through the use of an automated testing toolkit, a team of South Korean academics has discovered 30 vulnerabilities in the file upload mechanisms used by 23 open-source web applications, forums, store ...

Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers. A vulnerability in the popular Apache Tomcat web server is ripe for active attack, ...

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.

Mozilla broke the news itself in a blog post yesterday. Security lead Daniel Veditz wrote that a Firefox user informed them of the major issue on August 5. The company has acted quickly to release a ...

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds.