The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting ...

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through ...

Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability to control tens of thousands of firewall devices remotely. The vulnerability, ...

Zyxel has patched a critical-severity OS command execution vulnerability that is remotely exploitable via crafted UPnP requests.

Zyxel fixes a handful of worrying router flaws ...

The Salt Project has issued a secondary fix for a command injection vulnerability after the first attempt to patch the issue partially failed. The vulnerability, tracked as CVE-2020-28243, impacts ...

The US government has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities. The alert from the Cybersecurity and Infrastructure ...

Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a ...

Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware. Buggy firmware opens a number of D-Link VPN router models to ...