AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.

For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that...

PT-2026-48750

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

PT-2026-46377

Unauthenticated Local File Inclusion in Etude = 1.6 versions...

PT-2026-46368

Unauthenticated Local File Inclusion in Skyward = 1.10 versions...

Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC

Unpatched kernel flaw chain CVE-2026-43284, CVE-2026-43500 enables root escalation on major Linux distributions...

CVE-2023-25749

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other version...

PT-2026-1688

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Attackers are leveraging artificial intelligence to customize malicious payloads in phishing campaigns, enabling them to circumvent security defenses. This issue is related to email security protocol...

CVE-2025-12776

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

CVE-2025-12776 Stored Cross-Site Scripting

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

CVE-2025-67846

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that...

CVE-2025-67846

CVE-2025-67846 affects Mintlify Platform prior to 2025-11-15, where the Deployment Infrastructure allows remote attackers to bypass security patches and perform downgrade attacks by using predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure o...

EUVD-2025-203088

SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information...

Serious F5 Breach

This is bad: F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a "sophisticated" threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a "long-term." Security researchers who have...

EUVD-2021-24850

Malware in sbrugna...

EUVD-2023-29656

Malicious code in bioql PyPI...

CVE-2025-34192 Vasion Print (formerly PrinterLogic) Usage of Outdated and Unsupported OpenSSL Version

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 macOS/Linux client deployments are built against OpenSSL 1.0.2h-fips released May 2016, which has been end-of-life since 2019 and is no longer supported by the OpenSSL...

Linux Distros Unpatched Vulnerability : CVE-2015-2238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or...

Linux Distros Unpatched Vulnerability : CVE-2023-5870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum worker...

Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware

Warlock ransomware exploits unpatched Microsoft SharePoint vulnerabilities to gain access, escalate privileges, steal credentials, move laterally, and deploy ransomware with data exfiltration across enterprise environments...

Linux Distros Unpatched Vulnerability : CVE-2020-6826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory...