Vanilla Forums software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.

A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user’s password and in turn, gain access to their account.

SquirrelMail suffers from a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the remote system.

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.

Critical remote code execution vulnerabilities in PHPMailer and SwiftMailer, libraries used to send emails via PHP, were patched this week.

Nagios Core has been updated to take care of two critical vulnerabilities that can be pinned together to attack servers hosting the open source IT infrastructure monitoring software.

Critical vulnerabilities in MySQL and database servers MariaDB and PerconaDB can lead to arbitrary code execution, root privilege escalation, and server compromise.

A researcher has published details and a limited proof-of-concept exploit for a critical vulnerability in MySQL that has been patched by some vendors, but not yet by Oracle. The vulnerability allows an attacker to remotely or locally exploit a vulnerable MySQL database and execute arbitrary code, researcher Dawid Golunski of Legal Hackers wrote today in...

An Adobe ColdFusion vulnerability addressed Tuesday in a hotfix pushed to users put applications developed on the platform at risk to a number of serious issues. Researcher Dawid Golunski of Legal Hackers today revealed details on the flaw, which he privately disclosed to Adobe, as well as a proof-of-concept of the exploit. Golunski said that ColdFusion...

A serious vulnerability has been patched in forum software made by vBulletin that could allow attackers to scan servers hosting the package and possibly execute arbitrary code. Researcher Dawid Golunski of Legal Hackers privately disclosed the vulnerability, which was patched Aug. 5 in versions 3.8.9 (and 3.8.10 beta), 4.2.3 (and 4.2.4 beta), and 5.2.3 of...