CVE News

Fake LDAPNightmare PoC Exploit (CVE-2024-49113) Delivers Information-Stealing Malware

CVE News

Fake LDAPNightmare PoC Exploit (CVE-2024-49113) Delivers Information-Stealing Malware

A malicious campaign is targeting security researchers by distributing a fake proof-of-concept (PoC) exploit for the LDAPNightmare...

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

CVE News

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

Vercel has resolved a significant security flaw in Next.js middleware authentication, which could have allowed attackers to...

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

CVE News

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

NetApp has resolved a critical privilege escalation vulnerability (NCSC-2025-0097) in its SnapCenter backup management platform, which could...

Critical Kubernetes Ingress-Nginx Vulnerability Exposes Clusters to RCE and Secret Theft (CVE-2025-1097)

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability Exposes Clusters to RCE and Secret Theft (CVE-2025-1097)

A newly disclosed critical vulnerability (CVE-2025-1097) in Kubernetes’ Ingress-Nginx controller enables attackers to execute arbitrary code and...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1098) Exposes Clusters to RCE and Secret Theft

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1098) Exposes Clusters to RCE and Secret Theft

A newly discovered high-severity vulnerability (CVE-2025-1098) in Kubernetes’ Ingress-Nginx controller allows attackers to execute arbitrary code and...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

A critical security vulnerability (CVE-2025-1974) in Kubernetes’ ingress-nginx controller has been disclosed, allowing unauthenticated attackers with pod...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

A newly disclosed high-severity vulnerability (CVE-2025-24514) in Kubernetes’ ingress-nginx controller enables attackers to execute arbitrary code and...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

A newly discovered critical vulnerability (CVE-2025-2726) affecting multiple H3C Magic series routers allows remote attackers to execute...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2728) Puts Networks at Risk

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2728) Puts Networks at Risk

A critical command injection vulnerability (CVE-2025-2728) affecting H3C Magic NX30 Pro and NX400 routers has been identified,...

Critical Command Injection Vulnerability in H3C Magic NX30 Pro Routers (CVE-2025-2727)

CVE News

Critical Command Injection Vulnerability in H3C Magic NX30 Pro Routers (CVE-2025-2727)

A critical security vulnerability (CVE-2025-2727) has been identified in H3C Magic NX30 Pro routers running firmware versions...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2729): What Security Teams Need to Know

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2729): What Security Teams Need to Know

A critical vulnerability (CVE-2025-2729) has been identified in multiple H3C Magic series routers, exposing them to remote...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

A critical security vulnerability affecting multiple H3C Magic series routers has been identified, allowing remote attackers to...

CVE-2024-7344: Critical UEFI Secure Boot Bypass Vulnerability Exposed

CVE News

CVE-2024-7344: Critical UEFI Secure Boot Bypass Vulnerability Exposed

Summary for CISOs: A critical vulnerability (CVE-2024-7344) in UEFI Secure Boot allows attackers to bypass security checks...

Critical Authentication Bypass in Kentico Xperience CMS (CVE-2025-2747)

CVE News

Critical Authentication Bypass in Kentico Xperience CMS (CVE-2025-2747)

A critical authentication bypass vulnerability (CVE-2025-2747) has been identified in Kentico Xperience CMS, affecting versions through 13.0.178....

CVE-2025-2683: Critical SQL Injection in PHPGurukul Bank Locker Management System

CVE News

CVE-2025-2683: Critical SQL Injection in PHPGurukul Bank Locker Management System

Summary A critical SQL injection vulnerability (CVE-2025-2683) has been discovered in PHPGurukul’s Bank Locker Management System version...

Critical Unrestricted File Upload Vulnerability in PHPGurukul eLearning System (CVE-2025-2687)

CVE News

Critical Unrestricted File Upload Vulnerability in PHPGurukul eLearning System (CVE-2025-2687)

A critical vulnerability (CVE-2025-2687) has been discovered in PHPGurukul eLearning System 1.0, affecting its Image Handler component....

Critical Yii2 Framework Vulnerability (CVE-2025-2690): Remote Code Execution Risk

CVE News

Critical Yii2 Framework Vulnerability (CVE-2025-2690): Remote Code Execution Risk

A critical deserialization vulnerability (CVE-2025-2690) has been discovered in the Yii2 PHP framework, allowing remote code execution....

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Blue-Team
CVE News

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Zoho Corporation has addressed a medium-severity authentication vulnerability (CVE-2025-1723) in ManageEngine ADSelfService Plus versions 6510 and earlier....

Critical VMware Vulnerabilities Patched: NCSC-2025-0073 Advisory on ESXi, Workstation, and Fusion Risks

CVE News

Critical VMware Vulnerabilities Patched: NCSC-2025-0073 Advisory on ESXi, Workstation, and Fusion Risks

Broadcom has addressed multiple high-severity vulnerabilities in VMware ESXi, Workstation, and Fusion products, as detailed in NCSC...

IBM Storage Products Patched for Critical Authentication Bypass and RCE Vulnerabilities

CVE News

IBM Storage Products Patched for Critical Authentication Bypass and RCE Vulnerabilities

Summary: IBM has addressed critical security vulnerabilities in its enterprise storage products, including authentication bypass (CVE-2025-0159) and...

Posts pagination

Previous 1 2 3 4 Next

CVE News

Fake LDAPNightmare PoC Exploit (CVE-2024-49113) Delivers Information-Stealing Malware

Critical Next.js Authentication Bypass Vulnerability Patched (CVE-2025-XXXX)

NetApp SnapCenter Privilege Escalation Vulnerability Patched (NCSC-2025-0097)

Critical Kubernetes Ingress-Nginx Vulnerability Exposes Clusters to RCE and Secret Theft (CVE-2025-1097)

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1098) Exposes Clusters to RCE and Secret Theft

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-24514) Exposes Clusters to RCE & Secret Theft

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2728) Puts Networks at Risk

Critical Command Injection Vulnerability in H3C Magic NX30 Pro Routers (CVE-2025-2727)

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2729): What Security Teams Need to Know

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2732): What Security Teams Need to Know

CVE-2024-7344: Critical UEFI Secure Boot Bypass Vulnerability Exposed

Critical Authentication Bypass in Kentico Xperience CMS (CVE-2025-2747)

CVE-2025-2683: Critical SQL Injection in PHPGurukul Bank Locker Management System

Critical Unrestricted File Upload Vulnerability in PHPGurukul eLearning System (CVE-2025-2687)

Critical Yii2 Framework Vulnerability (CVE-2025-2690): Remote Code Execution Risk

ManageEngine ADSelfService Plus Session Hijacking Vulnerability Patched (CVE-2025-1723)

Critical VMware Vulnerabilities Patched: NCSC-2025-0073 Advisory on ESXi, Workstation, and Fusion Risks

IBM Storage Products Patched for Critical Authentication Bypass and RCE Vulnerabilities

You may have missed

YesWiki Path Traversal Vulnerability (CVE-2025-31131): Technical Analysis and Mitigation

Critical SQL Injection Vulnerability in Next-Cart Store to WooCommerce Migration Plugin (CVE-2025-30807)

WpTravelly Plugin Vulnerability Exposes WordPress Sites to Object Injection Attacks

Critical SQL Injection Vulnerability in WooCommerce Order Splitter Plugin (CVE-2025-31089)