Critical Vulnerability

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

CVE News

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

A critical vulnerability (CVE-2015-2079) in Usermin, a web-based administration tool, allows authenticated attackers to execute arbitrary code...

Analysis of iOS Darwin Notification Vulnerability: Impact and Mitigation

CVE News

Analysis of iOS Darwin Notification Vulnerability: Impact and Mitigation

A newly disclosed vulnerability in Apple’s iOS operating system (CVE-2025-24091) allows malicious applications to trigger an irreversible...

TOTOLINK N150RT Buffer Overflow Vulnerability (CVE-2025-3991): Analysis and Mitigation

CVE News

TOTOLINK N150RT Buffer Overflow Vulnerability (CVE-2025-3991): Analysis and Mitigation

A critical buffer overflow vulnerability (CVE-2025-3991) has been identified in TOTOLINK N150RT routers running firmware version 3.4.0-B20190525....

Analysis of Actively Exploited Chrome UAF Vulnerabilities and Mitigation Strategies

CVE News

Analysis of Actively Exploited Chrome UAF Vulnerabilities and Mitigation Strategies

Google Chrome recently faced two critical use-after-free (UAF) vulnerabilities that were actively exploited in the wild before...

Tenable Vulnerability Watch: A New Approach to Prioritizing and Reducing Remediation Times

Threat Intelligence

Tenable Vulnerability Watch: A New Approach to Prioritizing and Reducing Remediation Times

Organizations continue to face significant challenges in reducing vulnerability remediation times, with many struggling to prioritize exposures...

Critical RCE Vulnerability in Quantum StorNext Web GUI API (CVE-2025-46616)

CVE News

Critical RCE Vulnerability in Quantum StorNext Web GUI API (CVE-2025-46616)

A critical vulnerability (CVE-2025-46616) has been identified in Quantum StorNext Web GUI API versions prior to 7.2.4,...

Critical SQL Injection Vulnerability in Frontend Dashboard (CVE-2025-46248)

CVE News

Critical SQL Injection Vulnerability in Frontend Dashboard (CVE-2025-46248)

A critical SQL injection vulnerability (CVE-2025-46248) has been identified in M A Vinoth Kumar’s Frontend Dashboard, affecting...

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

CVE News

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

Security researcher Alessandro Sgreccia (aka “rainpwn”) has disclosed critical vulnerabilities in Zyxel’s USG FLEX-H firewall series, enabling...

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

CVE News

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

Organizations using Commvault’s backup and recovery software are under immediate threat due to an actively exploited pre-authenticated...

Critical SQL Injection Vulnerability in MuM MapEdit 24.2.3 (CVE-2025-43949)

CVE News

Critical SQL Injection Vulnerability in MuM MapEdit 24.2.3 (CVE-2025-43949)

A critical SQL injection vulnerability (CVE-2025-43949) has been identified in MuM MapEdit version 24.2.3, posing significant risk...

Supply Chain Attack Compromises xrpl.js Library to Steal XRP Wallet Keys

APT-News

Supply Chain Attack Compromises xrpl.js Library to Steal XRP Wallet Keys

The widely used xrpl.js library, a critical component for interacting with the XRP Ledger, was compromised in...

Critical Remote Code Execution Vulnerability in Dell EMC iDRAC7/iDRAC8 (CVE-2018-1207)

CVE News

Critical Remote Code Execution Vulnerability in Dell EMC iDRAC7/iDRAC8 (CVE-2018-1207)

A critical remote code execution vulnerability has been identified in Dell EMC’s Integrated Dell Remote Access Controller...

Critical RCE Vulnerability in ASUS ASMB8 iKVM Firmware (CVE-2023-26602)

CVE News

Critical RCE Vulnerability in ASUS ASMB8 iKVM Firmware (CVE-2023-26602)

A critical Remote Code Execution (RCE) vulnerability has been identified in ASUS ASMB8 iKVM firmware versions ≤1.14.51,...

NagVis 1.9.33 Arbitrary File Read Vulnerability (CVE-2022-46945): Analysis and Mitigation

CVE News

NagVis 1.9.33 Arbitrary File Read Vulnerability (CVE-2022-46945): Analysis and Mitigation

A critical vulnerability in NagVis 1.9.33, tracked as CVE-2022-46945, allows unauthenticated attackers to read arbitrary files via...

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

CVE News

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

A critical unauthenticated Cross-Site Scripting (XSS) vulnerability has been identified in ABB Cylon Aspect firmware version 4.00.00,...

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

CVE News

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

A critical unauthenticated SQL injection vulnerability (CVE-2024-11728) has been identified in KiviCare Clinic & Patient Management System...

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

CVE News

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

A critical supply chain attack has compromised Ripple’s official xrpl.js NPM package, injecting malicious code designed to...

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

Data Breach

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

In February 2024, Baltimore City Public Schools suffered a significant ransomware attack compromising over 25,000 records of...

Active! Mail Zero-Day RCE Exploited in Attacks Against Japanese Organizations

CVE News

Active! Mail Zero-Day RCE Exploited in Attacks Against Japanese Organizations

A critical zero-day remote code execution (RCE) vulnerability in Active! Mail, a widely used Japanese webmail client,...

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

Red-Team

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

A newly documented proof-of-concept attack named “Cookie-Bite” demonstrates how malicious Chrome extensions can hijack browser session cookies...

Posts pagination

Previous 1 2 3 4 5 Next

Critical Vulnerability

CVE-2015-2079: Critical Remote Code Execution Vulnerability in Usermin

Analysis of iOS Darwin Notification Vulnerability: Impact and Mitigation

TOTOLINK N150RT Buffer Overflow Vulnerability (CVE-2025-3991): Analysis and Mitigation

Analysis of Actively Exploited Chrome UAF Vulnerabilities and Mitigation Strategies

Tenable Vulnerability Watch: A New Approach to Prioritizing and Reducing Remediation Times

Critical RCE Vulnerability in Quantum StorNext Web GUI API (CVE-2025-46616)

Critical SQL Injection Vulnerability in Frontend Dashboard (CVE-2025-46248)

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

Critical SQL Injection Vulnerability in MuM MapEdit 24.2.3 (CVE-2025-43949)

Supply Chain Attack Compromises xrpl.js Library to Steal XRP Wallet Keys

Critical Remote Code Execution Vulnerability in Dell EMC iDRAC7/iDRAC8 (CVE-2018-1207)

Critical RCE Vulnerability in ASUS ASMB8 iKVM Firmware (CVE-2023-26602)

NagVis 1.9.33 Arbitrary File Read Vulnerability (CVE-2022-46945): Analysis and Mitigation

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

Active! Mail Zero-Day RCE Exploited in Attacks Against Japanese Organizations

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

You may have missed

Procolored Printer Drivers Distributed Malware for Six Months: Technical Analysis and Mitigation

Tor Oniux: Kernel-Level Network Anonymization for Linux Applications

Google Chrome’s Security Update: Blocking Admin-Level Launches in Windows

Australian Human Rights Commission Data Breach: Technical Analysis and Impact