18-year-old NGINX vulnerability allows DoS, potential RCE

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for ...
The Hacker News

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.

New critical Exim mailer flaw allows remote code execution

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by ...

Microsoft’s new agentic security system MDASH uncovers four critical Windows RCE flaws

Windows networking and authentication components, including four critical remote code execution bugs patched in this month’s ...
The Hacker News

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

One of the most severe vulnerabilities patched by Redmond is CVE-2026-41096 (CVSS score: 9.8), a heap-based buffer overflow ...

Google Update: Android Flaw Could Put Billions of Devices at Risk

Google patched an Android zero-click RCE flaw affecting multiple versions. Here’s what IT teams should know and how to reduce mobile risk.
CSO Online

Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox

The company — whose recent vulnerabilities have been hit with zero-day and n-day exploits — also released three patches for ...

Microsoft’s Patch Tuesday Update Targets 120 Security Flaws

Microsoft’s May Patch Tuesday fixes 120 flaws, including 31 remote code execution bugs, with no zero-days reported at release ...
CSO Online

AI finds 20-year-old bugs in PostgreSQL and MariaDB

Critical flaws affecting core components and extensions in PostgreSQL and MariaDB could allow remote code execution. The bugs ...