CVE News

Over 46,000 Unpatched Grafana Instances Vulnerable to Account Takeover via Open Redirect Flaw

CVE News

Over 46,000 Unpatched Grafana Instances Vulnerable to Account Takeover via Open Redirect Flaw

More than 46,000 internet-facing Grafana instances remain unpatched against a high-severity vulnerability (CVE-2025-4123) that chains an open...

Trend Micro Patches Critical RCE and Authentication Bypass Vulnerabilities in Apex Central and Endpoint Encryption

CVE News

Trend Micro Patches Critical RCE and Authentication Bypass Vulnerabilities in Apex Central and Endpoint Encryption

Trend Micro has released urgent security updates addressing multiple critical-severity vulnerabilities in its Apex Central and Endpoint...

GitLab Patches Critical Account Takeover and Pipeline Hijacking Vulnerabilities

CVE News

GitLab Patches Critical Account Takeover and Pipeline Hijacking Vulnerabilities

GitLab has released security updates addressing multiple high-severity vulnerabilities in its DevSecOps platform, including flaws that could...

Microsoft Releases Revised Windows 11 24H2 Update for Incompatible PCs

CVE News

Microsoft Releases Revised Windows 11 24H2 Update for Incompatible PCs

Microsoft has confirmed the release of a revised security update for Windows 11 24H2, specifically targeting systems...

Microsoft Resolves Windows Server Authentication Failures After April 2025 Updates

CVE News

Microsoft Resolves Windows Server Authentication Failures After April 2025 Updates

Microsoft has addressed critical authentication failures affecting Windows Server domain controllers following the April 2025 security updates....

New Secure Boot Bypass (CVE-2025-3052) Enables Bootkit Malware Installation

CVE News

New Secure Boot Bypass (CVE-2025-3052) Enables Bootkit Malware Installation

A newly disclosed Secure Boot vulnerability, tracked as CVE-2025-3052, allows attackers to disable security protections on PCs...

Microsoft June 2025 Patch Tuesday: Critical Zero-Day Fixes and 66 Flaws Addressed

CVE News

Microsoft June 2025 Patch Tuesday: Critical Zero-Day Fixes and 66 Flaws Addressed

Microsoft’s June 2025 Patch Tuesday has arrived, delivering security updates for 66 vulnerabilities, including one actively exploited...

Google Patches Critical Vulnerability Exposing Account Recovery Phone Numbers

CVE News

Google Patches Critical Vulnerability Exposing Account Recovery Phone Numbers

Google has addressed a high-severity vulnerability that allowed attackers to brute-force recovery phone numbers tied to user...

New Mirai Botnet Variant Exploits TBK DVR Devices via CVE-2024-3721

CVE News

New Mirai Botnet Variant Exploits TBK DVR Devices via CVE-2024-3721

A new variant of the Mirai botnet is actively exploiting a command injection vulnerability (CVE-2024-3721) in TBK...

Cisco Patches Critical ISE and CCP Vulnerabilities with Public Exploits

CVE News

Cisco Patches Critical ISE and CCP Vulnerabilities with Public Exploits

Cisco has issued patches for three high-severity vulnerabilities affecting its Identity Services Engine (ISE) and Customer Collaboration...

Critical Authentication Bypass and RCE Vulnerabilities in HPE StoreOnce Software

CVE News

Critical Authentication Bypass and RCE Vulnerabilities in HPE StoreOnce Software

Hewlett Packard Enterprise (HPE) has issued an urgent security bulletin warning of eight vulnerabilities in its StoreOnce...

Qualcomm Patches Actively Exploited Adreno GPU Zero-Day Vulnerabilities

CVE News

Qualcomm Patches Actively Exploited Adreno GPU Zero-Day Vulnerabilities

Qualcomm has addressed three critical zero-day vulnerabilities in its Adreno Graphics Processing Unit (GPU) driver that were...

Public Exploit Details Emerge for Critical Cisco IOS XE Vulnerability (CVE-2025-20188)

CVE News

Public Exploit Details Emerge for Critical Cisco IOS XE Vulnerability (CVE-2025-20188)

Technical details surrounding CVE-2025-20188, a maximum-severity arbitrary file upload vulnerability affecting Cisco IOS XE Wireless LAN Controller...

Apple Safari Fullscreen BitM Attack: Exploitation and Mitigation

CVE News

Apple Safari Fullscreen BitM Attack: Exploitation and Mitigation

A newly identified weakness in Apple’s Safari browser enables attackers to execute fullscreen browser-in-the-middle (BitM) attacks, potentially...

Critical Unpatched Vulnerabilities in Versa Concerto Expose Systems to Auth Bypass and RCE

CVE News

Critical Unpatched Vulnerabilities in Versa Concerto Expose Systems to Auth Bypass and RCE

Multiple critical vulnerabilities in Versa Networks’ Concerto platform remain unpatched, exposing enterprise networks to authentication bypass and...

Critical SAMLify SSO Vulnerability Enables Admin Impersonation via Signature Wrapping

CVE News

Critical SAMLify SSO Vulnerability Enables Admin Impersonation via Signature Wrapping

A critical authentication bypass vulnerability (CVE-2025-47949) in the Node.js SAML library samlify allows attackers to forge admin-level...

Critical Privilege Escalation Vulnerability in WordPress Motors Theme (CVE-2025-4322)

CVE News

Critical Privilege Escalation Vulnerability in WordPress Motors Theme (CVE-2025-4322)

A critical privilege escalation vulnerability (CVE-2025-4322) has been identified in the premium WordPress Motors theme, allowing unauthenticated...

O2 UK VoLTE/WiFi Calling Flaw Exposes User Location via Call Metadata

CVE News

O2 UK VoLTE/WiFi Calling Flaw Exposes User Location via Call Metadata

A recently discovered vulnerability in O2 UK’s implementation of Voice over LTE (VoLTE) and WiFi Calling technologies...

Microsoft Resolves Linux Boot Issues Caused by August 2024 Windows Security Updates

CVE News

Microsoft Resolves Linux Boot Issues Caused by August 2024 Windows Security Updates

Microsoft has addressed a critical issue affecting dual-boot systems where Linux distributions failed to boot after installing...

Ivanti EPMM Zero-Days Exploited in Chained Remote Code Execution Attacks

CVE News

Ivanti EPMM Zero-Days Exploited in Chained Remote Code Execution Attacks

Ivanti has issued an urgent patch advisory for two zero-day vulnerabilities (CVE-2025-4427 and CVE-2025-4428) affecting its Endpoint...

Posts pagination

1 2 3 4 … 11 Next

CVE News

Over 46,000 Unpatched Grafana Instances Vulnerable to Account Takeover via Open Redirect Flaw

Trend Micro Patches Critical RCE and Authentication Bypass Vulnerabilities in Apex Central and Endpoint Encryption

GitLab Patches Critical Account Takeover and Pipeline Hijacking Vulnerabilities

Microsoft Releases Revised Windows 11 24H2 Update for Incompatible PCs

Microsoft Resolves Windows Server Authentication Failures After April 2025 Updates

New Secure Boot Bypass (CVE-2025-3052) Enables Bootkit Malware Installation

Microsoft June 2025 Patch Tuesday: Critical Zero-Day Fixes and 66 Flaws Addressed

Google Patches Critical Vulnerability Exposing Account Recovery Phone Numbers

New Mirai Botnet Variant Exploits TBK DVR Devices via CVE-2024-3721

Cisco Patches Critical ISE and CCP Vulnerabilities with Public Exploits

Critical Authentication Bypass and RCE Vulnerabilities in HPE StoreOnce Software

Qualcomm Patches Actively Exploited Adreno GPU Zero-Day Vulnerabilities

Public Exploit Details Emerge for Critical Cisco IOS XE Vulnerability (CVE-2025-20188)

Apple Safari Fullscreen BitM Attack: Exploitation and Mitigation

Critical Unpatched Vulnerabilities in Versa Concerto Expose Systems to Auth Bypass and RCE

Critical SAMLify SSO Vulnerability Enables Admin Impersonation via Signature Wrapping

Critical Privilege Escalation Vulnerability in WordPress Motors Theme (CVE-2025-4322)

O2 UK VoLTE/WiFi Calling Flaw Exposes User Location via Call Metadata

Microsoft Resolves Linux Boot Issues Caused by August 2024 Windows Security Updates

Ivanti EPMM Zero-Days Exploited in Chained Remote Code Execution Attacks

You may have missed

Over 46,000 Unpatched Grafana Instances Vulnerable to Account Takeover via Open Redirect Flaw

Anubis Ransomware Now Includes File-Wiping Module, Rendering Recovery Impossible

WestJet Investigates Cyberattack Disrupting Internal Systems: Technical Analysis and Industry Context

Meta AI’s Public Search Leak: Privacy Risks and Technical Implications