Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks.

SAP has released 26 new security notes, including two that address critical vulnerabilities in CRM, S/4HANA, and NetWeaver.

Security researchers at JFrog worked with biotechnology company 23andMe to address a vulnerability with Yamale, a tool written by the company and used by over 200 repositories. The smartest companies ...

Elegant Themes announced that several of their products contained a code injection vulnerability and should be updated right away. The vulnerability allows an untrustworthy user to execute PHP ...

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively ...

The code injection flaws allow for unauthenticated remote code execution on Ivanti Endpoint Manager Mobile deployments, but ...

Docker has released security fixes for a critical vulnerability affecting its AI-assisted feature known as Ask Gordon. The ...

SAP’s December update patched 14 flaws, including three critical vulnerabilities in key products CVE‑2025‑42880 (9.9) in SAP Solution Manager allows code injection and full system compromise ...

A dependent action in Bazel could permit malicious code injection into a GitHub Actions workflow, highlighting risk from third-party dependencies. Security researchers demonstrated a software ...

Developers of the widely used WordPress content management system released an update last week, but intentionally delayed announcing that the patch addressed a severe vulnerability. WordPress version ...