Vulert - Open Source Security Blog

AI Security AI and Security Endpoint Security FFmpeg Vulnerability Management

AI Agent Uncovers 21 Zero-Days in FFmpeg as Chrome Patches Record 429 Bugs

Security teams are entering a new vulnerability era: machines are finding bugs faster, but humans still have to triage, patch, and deploy the fixes. AI zero-day vulnerabilities are no longer…

Wordpress CVE-2026-3300 Everest Forms Pro Web Security

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Everest Forms Pro CVE-2026-3300 is a critical remote code execution vulnerability affecting the Everest Forms Pro WordPress plugin. The flaw impacts all versions up to and including 1.9.12, and it…

Cisco CVE-2026-20230 Network Security Patch Management Unified CM

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

A Cisco Unified Communications Manager flaw that starts as unauthenticated SSRF can end with file writes on the appliance and a path to root privileges. Cisco Unified CM CVE-2026-20230 is…

dotnet csharp nuget

.NET NuGet Package Security — Scanning C# Dependencies for Vulnerabilities

NuGet package security matters because .NET and C# power a large share of enterprise software: internal business systems, banking portals, healthcare platforms, SaaS APIs, cloud workloads, desktop tools, identity services,…

Magento CISA KEV CVE-2026-45247 Mirasvit Web Security

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

A single malicious cookie on a Magento storefront can be enough to turn a cache extension into a remote code execution path. Magento CVE-2026-45247 is a critical vulnerability affecting Mirasvit…

Redis CVE-2026-23479 DevSecOps RCE

Redis CVE-2026-23479: AI-Discovered RCE Flaw Exposes Two Years of Hidden Risk

A Redis vulnerability introduced more than two years ago can let an authenticated attacker execute operating system commands on the machine hosting the database. Redis CVE-2026-23479 is an authenticated remote…

Oracle WebLogic CISA KEV CVE-2024-21182 Patch Management

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

A WebLogic vulnerability patched almost two years ago is now urgent again because CISA says attackers are actively exploiting it. Oracle WebLogic CVE-2024-21182 is a high-severity vulnerability affecting Oracle WebLogic…

Rust cargo lock Rust Cargo Security

Rust Cargo Security — How to Audit Your Dependencies for Known Vulnerabilities

Rust can prevent many memory bugs at compile time, but it cannot stop your application from importing a vulnerable crate. Rust cargo security is often misunderstood because Rust has a…

ruby bundler Gemfile rails Security

Ruby Gem Security — How to Scan Your Gemfile for Vulnerabilities

A Rails application can pass every unit test and still ship with a vulnerable gem buried three levels deep in Gemfile.lock. Ruby gem security is not only about keeping Rails…

Security DevOps Go Golang

Go Module Security — How to Scan Golang Dependencies for Vulnerabilities

Go makes dependencies easier to track than many ecosystems, but a clean go.mod file does not mean your application is safe from vulnerable packages. Go modules give engineering teams a…

You Missed