12 – 18 Jan 2026 This week’s CVE of the Week is about the recent remote code execution vulnerability in Cisco’s Unified Communications (CM) products and Webex Calling Dedicated Instance, that has been actively exploited as a zero-day. This vulnerability is due to improper validation …

12 – 18 Jan 2026 Our CVE of the Week series continues with an AI Agent vulnerability that affected ServiceNow, one of the most popular cloud-based platforms for IT and business process automation. The CVE-2025-12420 vulnerability, assigned with a CVSS 4.0 score of 9.3, allows …

5 – 11 Jan 2026 A new year, the same mission: raising awareness of critical vulnerabilities. Our CVE of the Week series continues in 2026 to help you stay ahead of emerging security risks. Let’s get started. Our first choice in 2026 is a vulnerability …

15 – 21 Dec 2025 As we reached the end of 2025 we have looked back to see the most impactful vulnerabilities of the year. Come and go through the TOP 10 CVEs of the year selected by our experts! A critical CVSS 9.1 flaw …

8 – 14 Dec 2025 A remote code execution vulnerability was found in React Server Components: CVE-2025-55182 – React2Shell. This week’s CVE of the Week is about the recent pre-authentication remote code execution vulnerability in Meta’s React Server Components. React is a free and open-source …

1 – 7 Dec 2025 Critical vulnerability has been found with the CVSS score of 10 in Manager-io/Manager, which is an accounting software. CVE-2025-64180 is the vulnerability of this week. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access …

14 – 30 Nov 2025 A newly disclosed and actively exploited FortiWeb vulnerability (CVE-2025-58034) allows authenticated attackers to execute arbitrary OS commands, posing a serious risk to organizations relying on the platform for critical web application protection. Despite its medium-severity vulnerability (CVSS score of 6.7), …

17 – 23 Nov 2025 On Monday Google released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. Our CVE of the Week is about CVE-2025-13223 vulnerability with a CVSS score of …

10 – 16 Nov 2025 Mandiant has confirmed that threat actors are actively exploiting a critical flaw (CVE-2025-12480) in Triofox by Gladinet — a remote access and file-sharing platform.The vulnerability allows authentication bypass, letting attackers create admin accounts and execute arbitrary code by abusing the …

03 – 09 Nov 2025 Our CVE of the Week, CVE-2025-62156, is about Argo Workflows, which is an open source container-native workflow engine for orchestrating complex, parallel jobs on Kubernetes. Critical flaw has been found in versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 …