GHSA-86vw-x4ww-x467: Craft CMS: RCE via missing cleanseConfig in FieldsController::actionRenderCardPreview
Craft CMS versions 5.5.0 up to but not including 5.9.14 contain a vulnerability in the FieldsController::actionRenderCardPreview method where the fieldLayoutConfig POST parameter is passed directly…
Read the full articleYou might also wanna read

dompdf security alert: RCE vulnerability found in popular PHP PDF library
A major RCE vulnerability has been identified in PHP library dompdf. Code can be loaded into an application and then remotely executed whils

WAF - WAF Release - 2025-10-06
This week’s highlights prioritise an emergency Oracle E-Business Suite RCE rule deployed to block active, high-impact exploitation. Also add

WAF - WAF Release - 2026-04-21
This week's release introduces a new detection for a Remote Code Execution (RCE) vulnerability in Apache ActiveMQ (CVE-2026-34197) and an up

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along

WAF - WAF Release - 2025-06-16
This week’s roundup highlights multiple critical vulnerabilities across popular web frameworks, plugins, and enterprise platforms. The focus

Details Emerge for SharePoint RCE Vulnerability Exploit
Explore the latest technical details of SharePoint RCE vulnerability CVE-2025-53770. Learn about the risks and mitigation strategies now.

Comments
Sign in to join the conversation.
No comments yet. Be the first.