Fortinet, Ivanti, and SAP patched critical flaws up to CVSS 10.0, reducing RCE, admin takeover, and data exposure risks.

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with ...

Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command ...

CVE-2026-10520, a critical-severity vulnerability in Ivanti Sentry, was flagged as exploited based on activity observed on ...

A dispute broke out on Tuesday after cybersecurity company Rapid7 released a report about a vulnerability in a Fortinet product before the company had time to release a patch addressing the issue.

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

The US government has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities. The alert from the Cybersecurity and Infrastructure ...

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...

Kaspersky’s Global Research and Analysis Team, identified a command injection vulnerability (CVE-2026-3102) in ExifTool, a free, open-source tool used worldwide to read and edit metadata in images, ...