Vulnerebility List 2025 - 2026 2025 2024 2023 2021 2020 2019 2018
DATE |
NAME |
Info | CATEG. |
WEB |
| 31.12.25 | MongoDB warns admins to patch severe vulnerability immediately | MongoDB has warned IT admins to immediately patch a high-severity memory-read vulnerability that may be exploited by unauthenticated attackers remotely. | Vulnerebility | |
| 31.12.25 | IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass | IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is | Vulnerebility | The Hacker News |
| 31.12.25 | CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution | The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to | Vulnerebility | The Hacker News |
| 30.12.25 | MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide | A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 potentially susceptible instances identified across the world. The | Vulnerebility | The Hacker News |
| 27.12.25 | New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory | A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE- | Vulnerebility | The Hacker News |
| 25.12.25 | Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection | A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses | Vulnerebility | The Hacker News |
| 25.12.25 | CISA flags ASUS Live Update CVE, but the attack is years old | An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. | Vulnerebility | |
| 25.12.25 | New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock | The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. | Vulnerebility | |
| 23.12.25 | Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances | A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain | Vulnerebility | The Hacker News |
| 21.12.25 | HPE warns of maximum severity RCE flaw in OneView software | Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables attackers to execute arbitrary code remotely. | Vulnerebility | |
| 21.12.25 | Zeroday Cloud hacking event awards $320,0000 for 11 zero days | The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. | Vulnerebility | |
| 20.12.25 | Microsoft: December security updates cause Message Queuing failures | Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. | Vulnerebility | |
| 20.12.25 | Apple fixes two zero-day flaws exploited in 'sophisticated' attacks | Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific individuals. | Vulnerebility | |
| 19.12.25 | New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards | Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct | Vulnerebility | The Hacker News |
| 18.12.25 | HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution | Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical | Vulnerebility | The Hacker News |
| 18.12.25 | SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances | SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild. The vulnerability, tracked | Vulnerebility | The Hacker News |
| 17.12.25 | FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE | Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an | Vulnerebility | The Hacker News |
| 14.12.25 | New Windows RasMan zero-day flaw gets free, unofficial patches | Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. | Vulnerebility | |
| 14.12.25 | Google fixes eighth Chrome zero-day exploited in attacks in 2025 | Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, marking the eighth such security flaw patched since the start of the year. | Vulnerebility | |
| 13.12.25 | SAP fixes three critical vulnerabilities across multiple products | SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. | Vulnerebility | |
| 13.12.25 | Fortinet warns of critical FortiCloud SSO login auth bypass flaws | Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. | Vulnerebility | |
| 13.12.25 | Ivanti warns of critical Endpoint Manager code execution flaw | American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. | Vulnerebility | |
| 12.12.25 | New React RSC Vulnerabilities Enable DoS and Source Code Exposure | The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code | Vulnerebility | The Hacker News |
| 12.12.25 | .NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL | New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. | Vulnerebility | The Hacker News |
| 10.12.25 | Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling | Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption ( IDE ) protocol specification that could expose | Vulnerebility | The Hacker News |
| 10.12.25 | Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known | Vulnerebility | The Hacker News |
| 10.12.25 | Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days | Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of | Vulnerebility | The Hacker News |
| 10.12.25 | Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws | Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The | Vulnerebility | The Hacker News |
| 7.12.25 | Cloudflare blames today's outage on React2Shell mitigations | Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks. | Vulnerebility | |
| 7.12.25 | Critical React, Next.js flaw lets hackers execute code on servers | A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications. | Vulnerebility | |
| 7.12.25 | Critical flaw in WordPress add-on for Elementor exploited in attacks | Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions during the registration process. | Vulnerebility | |
|
6.12.25 |
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch | A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity ( XXE ) injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on | Vulnerebility | The Hacker News |
|
6.12.25 |
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability | Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public | Vulnerebility | The Hacker News |
| 4.12.25 | Critical Remote Code Execution (RCE) Vulnerabilities in React and Next.js | React (CVE-2025-55182) and Next.js (CVE-2025-66478) contain critical RCE vulnerabilities. Organizations should apply patches immediately. | Vulnerebility | ENDORLABS |
| 30.11.25 | Popular Forge library gets fix for signature verification bypass flaw | A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. | Vulnerebility | |
| 30.11.25 | ASUS warns of new critical auth bypass flaw in AiCloud routers | ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. | Vulnerebility | |
| 29.11.25 | CISA warns Oracle Identity Manager RCE flaw is being actively exploited | The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day. | Vulnerebility | |
| 29.11.25 | Grafana warns of max severity admin spoofing vulnerability | Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. | Vulnerebility | |
| 24.11.25 | New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions | Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit , an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud | Vulnerebility | The Hacker News |
| 23.11.25 | New SonicWall SonicOS flaw allows hackers to crash firewalls | American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. | Vulnerebility | |
| 23.11.25 | D-Link warns of new RCE flaws in end-of-life DIR-878 routers | D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. | Vulnerebility | |
| 22.11.25 | CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities ( KEV ) | Vulnerebility | The Hacker News |
| 21.11.25 | Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation | Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The | Vulnerebility | The Hacker News |
| 20.11.25 | DoorDash email spoofing vulnerability sparks messy disclosure dispute | A vulnerability in DoorDash's systems could allow anyone to send "official" DoorDash-themed emails right from company's authorized servers, paving a near-perfect phishing channel. DoorDash has now patched the issue, but a contentious disclosure dispute has erupted, with both sides accusing each other of acting in bad faith. | Vulnerebility | |
| 19.11.25 | Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild | Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034 , carries a CVSS score of | Vulnerebility | The Hacker News |
| 16.11.25 | ASUS warns of critical auth bypass flaw in DSL series routers | ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. | Vulnerebility | |
| 16.11.25 | RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk | The ImunifyAV malware scanner for Linux server, used by tens of millions of websites, is vulnerable to a remote code execution vulnerability that could be exploited to compromise the hosting environment. | Vulnerebility | |
| 16.11.25 | CISA warns of WatchGuard firewall flaw exploited in attacks | CISA has ordered federal agencies to patch an actively exploited vulnerability in WatchGuard Firebox firewalls, which allows attackers to gain remote code execution on compromised devices. | Vulnerebility | |
| 14.11.25 | SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor | SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. | Vulnerebility | |
| 14.11.25 | CISA orders feds to patch Samsung zero-day used in spyware attacks | CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. | Vulnerebility | |
| 14.11.25 | Popular JavaScript library expr-eval vulnerable to RCE flaw | A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. | Vulnerebility | |
| 14.11.25 | Dangerous runC flaws could allow hackers to escape Docker containers | Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. | Vulnerebility | |
| 14.11.25 | Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts | Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and | Vulnerebility | The Hacker News |
| 9.11.25 | Critical Cisco UCCX flaw lets attackers run commands as root | Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges. | Vulnerebility | |
| 9.11.25 | Cyber theory vs practice: Are you navigating with faulty instruments? | Security teams rely on dashboards and data feeds, but outdated or fragmented tools leave dangerous blind spots across assets, vulnerabilities, and credentials. Learn how Outpost24's CompassDRP unifies EASM and DRP to reveal what attackers see and what's already exposed. | Vulnerebility | |
| 5.11.25 | CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited | Vulnerebility | The Hacker News |
| 4.11.25 | Google's AI 'Big Sleep' Finds 5 New Vulnerabilities in Apple's Safari WebKit | Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit | Vulnerebility | The Hacker News |
| 2.11.25 | WordPress security plugin exposes private data to site subscribers | The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. | Vulnerebility | |
| 1.11.25 | QNAP warns of critical ASP.NET flaw in its Windows backup software | QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. | Vulnerebility | |
| 1.11.25 | CISA orders feds to patch Windows Server WSUS flaw used in attacks | The Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its catalog of security flaws exploited in attacks. | Vulnerebility | BleepingComputer |
| 1.11.25 | Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery | Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS | Vulnerebility | |
| 27.10.25 | Critical WSUS flaw in Windows Server now exploited in attacks | Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code. | Vulnerebility | |
| 27.10.25 | Windows Server emergency patches fix WSUS bug with PoC exploit | Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. | Vulnerebility | |
| 26.10.25 | Hackers exploiting critical "SessionReaper" flaw in Adobe Magento | Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. | Vulnerebility | |
| 26.10.25 | TARmageddon flaw in abandoned Rust library enables RCE attacks | A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. | Vulnerebility | |
| 26.10.25 | Sharepoint ToolShell attacks targeted orgs across four continents | Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations. | Vulnerebility | |
| 26.10.25 | TP-Link warns of critical command injection flaw in Omada gateways | TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection. | Vulnerebility | |
| 26.10.25 | CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw | CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. | Vulnerebility | |
| 25.10.25 | Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities | The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and patched security issues in the Chromium browser and the V8 JavaScript engine. | Vulnerebility | |
| 25.10.25 | Over 75,000 WatchGuard security devices vulnerable to critical RCE | Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code without authentication. | Vulnerebility | |
| 25.10.25 | Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation | Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit | Vulnerebility | |
| 22.10.25 | TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution | Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote | Vulnerebility | |
| 22.10.25 | TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution | TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution. The | Vulnerebility | The Hacker News |
| 19.10.25 | Microsoft fixes Windows bug breaking localhost HTTP connections | Microsoft has fixed a known issue breaking HTTP/2 localhost (127.0.0.1) connections and IIS websites after installing recent Windows security updates. | Vulnerebility | |
| 19.10.25 | F5 releases BIG-IP patches for stolen security vulnerabilities | Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. | Vulnerebility | |
| 19.10.25 | F5 says hackers stole undisclosed BIG-IP flaws, source code | U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. | Vulnerebility | |
| 18.10.25 | Oracle silently fixes zero-day exploit leaked by ShinyHunters | Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. | Vulnerebility | |
| 18.10.25 | Security firms dispute credit for overlapping CVE reports | FuzzingLabs has accused the YCombinator-backed startup, Gecko Security, of replicating its vulnerability disclosures. Gecko allegedly filed for 2 CVEs based on FuzzingLabs' reports without crediting them. Gecko denies any wrongdoing, calling the allegations a misunderstanding over disclosure process. | Vulnerebility | |
| 18.10.25 | Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops | Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections. | Vulnerebility | |
| 18.10.25 | Oracle releases emergency patch for new E-Business Suite flaw | Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers. | Vulnerebility | |
| 18.10.25 | Microsoft Defender mistakenly flags SQL Server as end-of-life | Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. | Vulnerebility | |
| 17.10.25 | Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices | Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. | Vulnerebility | |
| 16.10.25 | Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in "Zero Disco' Attacks | Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux | Vulnerebility | The Hacker News |
| 16.10.25 | CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited | Vulnerebility | |
| 16.10.25 | New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login | SAP has rolled out security fixes for 13 new security issues , including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary | Vulnerebility | |
| 16.10.25 | RMPocalypse: Single 8-Byte Write Shatters AMD's SEV-SNP Confidential Computing | Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure | Vulnerebility | |
| 16.10.25 | New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions | Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google | Vulnerebility | |
|
11.10.25 |
Redis warns of critical flaw impacting thousands of instances | The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. | Vulnerebility | |
|
11.10.25 |
Steam and Microsoft warn of Unity flaw exposing gamers to attacks | A code execution vulnerability in the Unity game engine could be exploited to achieve code execution on Android and privilege escalation on Windows. | Vulnerebility | |
|
11.10.25 |
Oracle links Clop extortion attacks to July 2025 vulnerabilities | Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. | Vulnerebility | |
|
11.10.25 |
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation | Fortra on Thursday revealed the results of its investigation into CVE-2025-10035 , a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under | Vulnerebility | |
|
9.10.25 |
Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks | SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain | Vulnerebility | |
|
8.10.25 |
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now | Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol ( MCP ) server that could allow attackers to | Vulnerebility | |
|
7.10.25 |
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely | Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The | Vulnerebility | |
|
7.10.25 |
Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks | CrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful | Vulnerebility | |
|
7.10.25 |
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks | Oracle has released an emergency update to address a critical security flaw in its E-Business Suite software that it said has been exploited in the recent wave of Cl0p data theft attacks. The | Vulnerebility | |
|
5.10.25 |
DrayTek warns of remote code execution bug in Vigor routers | Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. | Vulnerebility | |
|
5.10.25 |
HackerOne paid $81 million in bug bounties over the past year | Bug bounty platform HackerOne announced that it paid out $81 million in rewards to white-hat hackers worldwide over the past 12 months. | Vulnerebility | |
|
5.10.25 |
Microsoft Defender bug triggers erroneous BIOS update alerts | Microsoft is working to resolve a bug that causes Defender for Endpoint to incorrectly tag some devices' BIOS (Basic Input/Output System) firmware as outdated, prompting users to update it. | Vulnerebility | |
|
5.10.25 |
Adobe Analytics bug leaked customer tracking data to other tenants | Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day. | Vulnerebility | |
| 4.10.25 | Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws | Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers. | Vulnerebility | |
| 4.10.25 | Critical WD My Cloud bug allows remote command injection | Western Digital has released firmware updates for multiple My Cloud NAS models to patch a critical-severity vulnerability that could be exploited remotely to execute arbitrary system commands. | Vulnerebility | |
| 4.10.25 | CISA warns of critical Linux Sudo flaw exploited in attacks | Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems. | Vulnerebility | |
| 4.10.25 | Broadcom fixes high-severity VMware NSX bugs reported by NSA | Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). | Vulnerebility | |
| 3.10.25 | CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited | Vulnerebility | The Hacker News |
| 28.9.25 | New Supermicro BMC flaws can create persistent backdoors | Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to update systems with maliciously crafted images. | Vulnerebility | |
| 28.9.25 | Unpatched flaw in OnePlus phones lets rogue apps text messages | A vulnerability in multiple OnePlus OxygenOS versions allows any installed app to access SMS data and metadata without requiring permission or user interaction. | Vulnerebility | |
| 27.9.25 | SolarWinds releases third patch to fix Web Help Desk RCE bug | SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication. | Vulnerebility | |
| 27.9.25 | American Archive of Public Broadcasting fixes bug exposing restricted media | A vulnerability in the American Archive of Public Broadcasting's website allowed downloading of protected and private media for years, with the flaw quietly patched this month. | Vulnerebility | |
| 27.9.25 | Microsoft Entra ID flaw allowed hijacking any company's tenant | A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. | Vulnerebility | |
| 26.9.25 | Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive | Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat | Vulnerebility | The Hacker News |
| 25.9.25 | Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS SoftwareCisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software | Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) | Vulnerebility | The Hacker News |
| 24.9.25 | Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security | Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow | Vulnerebility | The Hacker News |
| 23.9.25 | SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw | SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary | Vulnerebility | The Hacker News |
| 22.9.25 | Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants | A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any | Vulnerebility | The Hacker News |
| 21.9.25 | Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet | Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. | Vulnerebility | |
| 20.9.25 | Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability | Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, | Vulnerebility | The Hacker News |
| 18.9.25 | Stop waiting on NVD — get real-time vulnerability alerts now | Vulnerabilities are discovered daily—but not every alert matters. SecAlerts pulls from 100+ sources for faster, real-time vuln alerts, filtering the noise so teams can patch quicker and stay secure. | Vulnerebility | |
| 13.9.25 | Adobe patches critical SessionReaper flaw in Magento eCommerce platform | Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product. | Vulnerebility | |
| 13.9.25 | SAP fixes maximum severity NetWeaver command execution flaw | SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. | Vulnerebility | |
| 13.9.25 | Microsoft testing new AI features in Windows 11 File Explorer | Microsoft is testing new File Explorer AI-powered features that will enable Windows 11 users to work with images and documents without needing to open the files. | Vulnerebility | |
| 12.9.25 | Max severity Argo CD API flaw leaks repository credentials | An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. | Vulnerebility | |
| 11.9.25 | SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers | Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. | Vulnerebility | The Hacker News |
| 10.9.25 | Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs | Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. | Vulnerebility | The Hacker News |
| 10.9.25 | Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts | Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take | Vulnerebility | The Hacker News |
| 10.9.25 | SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws | SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code | Vulnerebility | The Hacker News |
| 6.9.25 | CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation | Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw | Vulnerebility | The Hacker News |
| 5.9.25 | SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild | A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The | Vulnerebility | The Hacker News |
| 4.9.25 | Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack | Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two | Vulnerebility | The Hacker News |
| 31.8.25 | Passwordstate dev urges users to patch auth bypass vulnerability | Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity authentication bypass vulnerability as soon as possible. | Vulnerebility | |
| 31.8.25 | Over 28,000 Citrix devices vulnerable to new exploited RCE flaw | More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild. | Vulnerebility | |
| 30.8.25 | Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks | Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability. | Vulnerebility | |
| 30.8.25 | Critical Docker Desktop flaw lets attackers hijack Windows hosts | A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. | Vulnerebility | |
| 29.8.25 | Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page | Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication | Vulnerebility | The Hacker News |
| 29.8.25 | Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names | Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed | Vulnerebility | The Hacker News |
| 27.8.25 | Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775 | Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. | Vulnerebility | The Hacker News |
| 26.8.25 | Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 | Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to | Vulnerebility | The Hacker News |
| 23.8.25 | Elastic rejects claims of a zero-day RCE flaw in Defend EDR | Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product. | Vulnerebility | |
| 23.8.25 | Over 800 N-able servers left unpatched against critical flaws | Over 800 N-able N-central servers remain unpatched against a pair of critical security vulnerabilities tagged as actively exploited last week. | Vulnerebility | |
| 19.8.25 | Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution | A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and | Vulnerebility | The Hacker News |
| 15.8.25 | Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution | Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to | Vulnerebility | The Hacker News |
| 14.8.25 | Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws | Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code | Vulnerebility | The Hacker News |
| 14.8.25 | Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code | Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256 , | Vulnerebility | The Hacker News |
| 13.8.25 | Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws | Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known | Vulnerebility | The Hacker News |
| 13.8.25 | Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager | Cybersecurity researchers are warning of a "significant spike" in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence | Vulnerebility | The Hacker News |
| 12.8.25 | Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors | The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC | Vulnerebility | The Hacker News |
| 12.8.25 | New TETRA Radio Encryption Flaws Expose Law Enforcement Communications | Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic. | Vulnerebility | The Hacker News |
| 12.8.25 | WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately | The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 | Vulnerebility | The Hacker News |
| 12.8.25 | Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation | Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) communication | Vulnerebility | The Hacker News |
| 12.8.25 | Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models | Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been | Vulnerebility | The Hacker News |
| 12.8.25 | CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials | Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow | Vulnerebility | The Hacker News |
| 12.8.25 | Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups | Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated | Vulnerebility | The Hacker News |
| 12.8.25 | 6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits | Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, | Vulnerebility | The Hacker News |
| 12.8.25 | SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day | SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and | Vulnerebility | The Hacker News |
| 12.8.25 | Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft | Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service ( ECS ) that could be exploited by an | Vulnerebility | The Hacker News |
| 08.08.25 | Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft | Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service ( ECS ) that could be exploited by an | Vulnerebility | The Hacker News |
| 08.08.25 | SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day | SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and | Vulnerebility | The Hacker News |
| 08.08.25 | Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups | Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated | Vulnerebility | The Hacker News |
| 06.08.25 | Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems | Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been | Vulnerebility | The Hacker News |
| 05.08.25 | NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers | A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) | Vulnerebility | The Hacker News |
| 05.08.25 | SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported | SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July | Vulnerebility | The Hacker News |
| 05.08.25 | Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks | In SaaS security conversations, "misconfiguration" and "vulnerability" are often used interchangeably. But they're not the same thing. And misunderstanding that | Vulnerebility | The Hacker News |
| 25.7.25 | Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems | Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. "An | Vulnerebility | The Hacker News |
| 25.7.25 | Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices | Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be | Vulnerebility | The Hacker News |
| 23.7.25 | CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited | Vulnerebility | The Hacker News |
| 22.7.25 | Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access | Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker | Vulnerebility | The Hacker News |
| 20.7.25 | Microsoft mistakenly tags Windows Firewall error log bug as fixed | Microsoft has mistakenly tagged an ongoing Windows Firewall error message bug as fixed in recent updates, stating that they are still working on a resolution. | Vulnerebility | |
| 20.7.25 | Hackers scanning for TeleMessage Signal clone flaw exposing passwords | Researchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data. | Vulnerebility | |
| 20.7.25 | Max severity Cisco ISE bug allows pre-auth command execution, patch now | A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. | Vulnerebility | |
| 20.7.25 | New Fortinet FortiWeb hacks likely linked to public RCE exploits | Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257. | Vulnerebility | BleepingComputer |
| 18.7.25 | Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot | Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls. | Vulnerebility | |
| 18.7.25 | Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services | Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud | Vulnerebility | The Hacker News |
| 17.7.25 | Golden dMSA: What Is dMSA Authentication Bypass? | Semperis Security Researcher Adi Malyanker found a critical design flaw in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. | Vulnerebility | Semperis |
| 17.7.25 | Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access | Cybersecurity researchers have disclosed what they say is a "critical design flaw" in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. | Vulnerebility | The Hacker News |
| 13.7.25 | PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars | Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda. | Vulnerebility | |
| 13.7.25 | Ruckus Networks leaves severe flaws unpatched in management devices | Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve. | Vulnerebility | |
| 13.7.25 | New ServiceNow flaw lets attackers enumerate restricted data | A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. | Vulnerebility | |
| 12.7.25 | Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications | Laravel APP_KEY leaks enable RCE via deserialization attacks. Collaboration with Synacktiv scaled findings to 600 vulnerable applications using 260K exposed keys from GitHub. Analysis reveals 35% of exposures coincide with other critical secrets including database, cloud tokens, and API credentials. | Vulnerebility | GITGUARDIAN |
| 11.7.25 | Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now | Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. | Vulnerebility | BleepingComputer |
| 11.7.25 | Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) | Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on | Vulnerebility | The Hacker News |
| 11.7.25 | PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution | Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow | Vulnerebility | The Hacker News |
| 11.7.25 | Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild | A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The | Vulnerebility | The Hacker News |
| 11.7.25 | CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its | Vulnerebility | The Hacker News |
| 11.7.25 | Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads | Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system | Vulnerebility | The Hacker News |
| 10.7.25 | ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs | A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The | Vulnerebility | The Hacker News |
| 9.7.25 | Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server | For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the | Vulnerebility | The Hacker News |
| 6.7.25 | Grafana releases critical security update for Image Renderer plugin | Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. | Vulnerebility | |
| 5.7.25 | Citrix warns of login issues after NetScaler auth bypass patch | Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances. | Vulnerebility | |
| 5.7.25 | Forminator plugin flaw exposes WordPress sites to takeover attacks | The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. | Vulnerebility | |
| 5.7.25 | Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros | Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local | Vulnerebility | The Hacker News |
| 3.7.25 | Over 1,200 Citrix servers unpatched against critical auth bypass flaw | Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions. | Vulnerebility | |
| 3.7.25 | Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials | Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications | Vulnerebility | The Hacker News |
| 2.7.25 | Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits | Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol ( MCP ) Inspector | Vulnerebility | The Hacker News |
| 1.7.25 | New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status | A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in | Vulnerebility | The Hacker News |
| 30.6.25 | Bluetooth flaws could let hackers spy through your microphone | Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information. | Vulnerebility | |
| 29.6.25 | Brother printer bug in 689 models exposes default admin passwords | A total of 689 printer models from Brother, along with 53 other models from Fujifilm, Toshiba, and Konica Minolta, come with a default administrator password that remote attackers can generate. Even worse, there is no way to fix the flaw via firmware in existing printers. | Vulnerebility | BleepingComputer |
| 29.6.25 | Cisco warns of max severity RCE flaws in Identity Services Engine | Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). | Vulnerebility | |
| 29.6.25 | CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks | CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation. | Vulnerebility | |
| 28.6.25 | WinRAR patches bug letting malware launch from extracted archives | WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. | Vulnerebility | BleepingComputer |
| 28.6.25 | New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions | A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices. | Vulnerebility | BleepingComputer |
| 27.6.25 | MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted | Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025— | Vulnerebility | The Hacker News |
| 27.6.25 | Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks | Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled | Vulnerebility | The Hacker News |
| 26.6.25 | Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access | Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that | Vulnerebility | The Hacker News |
| 26.6.25 | CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, | Vulnerebility | The Hacker News |
| 26.6.25 | nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery | New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID , potentially enabling malicious actors to achieve account | Vulnerebility | The Hacker News |
| 26.6.25 | Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC | Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE- | Vulnerebility | The Hacker News |
| 26.6.25 | Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure | Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, | Vulnerebility | The Hacker News |
| 23.6.25 | Microsoft investigates OneDrive bug that breaks file search | Microsoft is investigating a known OneDrive issue that is causing searches to appear blank for some users or return no results even when searching for files they know they've already uploaded. | Vulnerebility | |
| 22.6.25 | BeyondTrust warns of pre-auth RCE in Remote Support software | BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers. | Vulnerebility | |
| 21.6.25 | New Linux udisks flaw lets attackers get root on major Linux distros | Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. | Vulnerebility | BleepingComputer |
| 21.6.25 | New Veeam RCE flaw lets domain users hack backup servers | Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a critical remote code execution (RCE) vulnerability. | Vulnerebility | |
| 21.6.25 | ASUS Armoury Crate bug lets attackers get Windows admin privileges | A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. | Vulnerebility | BleepingComputer |
| 20.6.25 | New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions | Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux | Vulnerebility | The Hacker News |
| 18.6.25 | Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication | Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under | Vulnerebility | The Hacker News |
| 18.6.25 | Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments | Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre- | Vulnerebility | The Hacker News |
| 18.6.25 | TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited | Vulnerebility | The Hacker News |
| 15.6.25 | Trend Micro fixes critical vulnerabilities in multiple products | Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. | Vulnerebility | BleepingComputer |
| 15.6.25 | GitLab patches high severity account takeover, missing auth issues | GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. | Vulnerebility | BleepingComputer |
| 14.6.25 | Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot | A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction. | Vulnerebility | |
| 14.6.25 | New Secure Boot flaw lets attackers install bootkit malware, patch now | Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. | Vulnerebility | BleepingComputer |
| 14.6.25 | Ivanti Workspace Control hardcoded key flaws expose SQL credentials | Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution. | Vulnerebility | BleepingComputer |
| 11.6.25 | SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords | Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and | Vulnerebility | The Hacker News |
| 11.6.25 | Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild | Microsoft has released patches to fix 67 security flaws , including one zero-day bug in Web Distributed Authoring and Versioning (WebDAV) that it said has come under | Vulnerebility | The Hacker News |
| 11.6.25 | Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps | Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager | Vulnerebility | The Hacker News |
| 10.6.25 | Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account | Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to | Vulnerebility | The Hacker News |
| 7.6.25 | Hewlett Packard Enterprise warns of critical StoreOnce auth bypass | Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. | Vulnerebility | |
| 6.6.25 | Google patches new Chrome zero-day bug exploited in attacks | Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. | Vulnerebility | BleepingComputer |
| 6.6.25 | SentinelOne: Last week’s 7-hour outage caused by software flaw | American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. | Vulnerebility | |
| 5.6.25 | Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI | Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow | Vulnerebility | The Hacker News |
| 4.6.25 | HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass | Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication | Vulnerebility | The Hacker News |
| 3.6.25 | Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code | Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be | Vulnerebility | The Hacker News |
| 3.6.25 | Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU | Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in | Vulnerebility | The Hacker News |
| 1.6.25 | Mozilla releases Firefox 139.0.1 update to fix artifacts on Nvidia GPUs | Mozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs. | Vulnerebility | |
| 1.6.25 | New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora | Two information disclosure flaws have been identified in apport and systemd-coredump , the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, | Vulnerebility | The Hacker News |
| 29.5.24 | Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin | Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited | Vulnerebility | The Hacker News |
| 29.5.24 | Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File | Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's | Vulnerebility | The Hacker News |
| 25.5.24 | Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE | Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. | Vulnerebility | |
| 25.5.24 | Critical Samlify SSO flaw lets attackers log in as admin | A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. | Vulnerebility | |
| 23.5.24 | O2 UK patches bug leaking mobile user location from call metadata | A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. | Vulnerebility | |
| 23.5.24 | ViciousTrap – Infiltrate, Control, Lure: Turning edge devices into honeypots en masse | In a previous blogpost, Sekoia’s Threat Detection & Research (TDR) team documented the exploitation of the CVE-2023-20118 vulnerability, which was used to deploy two distinct threats: a webshell and the PolarEdge malware. | Vulnerebility | SEKOIA |
| 22.5.24 | Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host | Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform | Vulnerebility | The Hacker News |
| 17.5.24 | SAP patches second zero-day flaw exploited in recent attacks | SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. | Vulnerebility | BleepingComputer |
| 17.5.24 | Fortinet fixes critical zero-day exploited in FortiVoice attacks | Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. | Vulnerebility | BleepingComputer |
| 17.5.24 | Ivanti warns of critical Neurons for ITSM auth bypass flaw | Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability. | Vulnerebility | BleepingComputer |
| 16.5.24 | New Intel CPU flaws leak sensitive data from privileged memory | A new "Branch Privilege Injection" flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel. | Vulnerebility | BleepingComputer |
| 16.5.24 | ASUS DriverHub flaw let malicious sites run commands with admin rights | The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. | Vulnerebility | |
| 16.5.24 | Cisco fixes max severity IOS XE flaw letting attackers hijack devices | Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. | Vulnerebility | BleepingComputer |
| 16.5.24 | Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks | Researchers at ETH Zürich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from | Vulnerebility | |
| 15.5.24 | Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit | Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, | Vulnerebility | The Hacker News |
| 14.5.24 | Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server | Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active | Vulnerebility | The Hacker News |
| 14.5.24 | Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems | Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, | Vulnerebility | The Hacker News |
| 14.5.24 | Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks | Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote | Vulnerebility | The Hacker News |
| 13.5.24 | Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers | A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber | Vulnerebility | The Hacker News |
| 13.5.24 | ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files | ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the | Vulnerebility | The Hacker News |
| 11.5.24 | Microsoft: April updates cause Windows Server auth issues | Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers. | Vulnerebility | BleepingComputer |
| 11.5.24 | Apache Parquet exploit tool detect servers vulnerable to critical flaw | A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. | Vulnerebility | BleepingComputer |
| 9.5.24 | Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell | A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere | Vulnerebility | The Hacker News |
| 8.5.24 | SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root | SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote | Vulnerebility | The Hacker News |
| 8.5.24 | Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT | Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker | Vulnerebility | The Hacker News |
| 7.5.24 | SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version | Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre- | Vulnerebility | The Hacker News |
| 6.5.24 | Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers | Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. | Vulnerebility | The Hacker News |
| 6.5.24 | Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi | Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable | Vulnerebility | The Hacker News |
| 6.5.24 | Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its | Vulnerebility | The Hacker News |
| 1.5.24 | Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach | Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE- | Vulnerebility | The Hacker News |
| 27.4.25 | SAP fixes suspected Netweaver zero-day exploited in attacks | SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. | Vulnerebility | BleepingComputer |
| 26.4.25 | Microsoft fixes machine learning bug flagging Adobe emails as spam | Microsoft says it mitigated a known issue in one of its machine learning (ML) models that mistakenly flagged Adobe emails in Exchange Online as spam. | Vulnerebility | |
| 26.4.25 | ASUS releases fix for AMI bug that lets hackers brick servers | ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. | Vulnerebility | BleepingComputer |
| 25.4.25 | Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers | Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain | Vulnerebility | The Hacker News |
| 24.4.25 | Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely | A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, | Vulnerebility | The Hacker News |
| 22.4.25 | GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages | Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges | Vulnerebility | The Hacker News |
| 21.4.25 | ASUS warns of critical auth bypass flaw in routers using AiCloud | ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. | Vulnerebility | |
| 21.4.25 | SonicWall SMA VPN devices targeted in attacks since January | A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. | Vulnerebility | |
| 21.4.25 | Cisco Webex bug lets hackers gain code execution via meeting links | Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. | Vulnerebility | BleepingComputer |
| 20.4.25 | New Windows Server emergency updates fix container launch issue | Microsoft has released emergency Windows Server updates to address a known issue preventing Windows containers from launching. | Vulnerebility | |
| 20.4.25 | Apple fixes two zero-days exploited in targeted iPhone attacks | Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. | Vulnerebility | BleepingComputer |
| 20.4.25 | Chrome 136 fixes 20-year browser history privacy risk | Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users' browsing history through the previously visited links. | Vulnerebility | BleepingComputer |
| 19.4.25 | ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware | ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions | Vulnerebility | The Hacker News |
| 18.4.25 | CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known | Vulnerebility | The Hacker News |
| 17.4.25 | Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution | A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. | Vulnerebility | The Hacker News |
| 16.4.25 | Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence | A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain | Vulnerebility | The Hacker News |
| 13.4.25 | Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks | Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. | Vulnerebility | |
| 13.4.25 | Critical FortiSwitch flaw lets hackers change admin passwords remotely | Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. | Vulnerebility | BleepingComputer |
| 10.4.25 | Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes | Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if | Vulnerebility | The Hacker News |
| 9.4.25 | CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known | Vulnerebility | The Hacker News |
| 9.4.25 | Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability | Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been | Vulnerebility | The Hacker News |
| 9.4.25 | Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered | Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that | Vulnerebility | The Hacker News |
| 9.4.25 | Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw | Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password | Vulnerebility | The Hacker News |
| 9.4.25 | Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal | Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully | Vulnerebility | The Hacker News |
| 8.4.25 | CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation | A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known | Vulnerebility | The Hacker News |
| 8.4.25 | Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities | Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE- | Vulnerebility | The Hacker News |
| 6.4.25 | Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws | A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, | Vulnerebility | The Hacker News |
| 6.4.25 | WinRAR flaw bypasses Windows Mark of the Web security alerts | A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. | Vulnerebility | |
| 6.4.25 | Max severity RCE flaw discovered in widely used Apache Parquet | A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. | Vulnerebility | BleepingComputer |
| 6.4.25 | Ivanti patches Connect Secure zero-day exploited since mid-March | Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. | Vulnerebility | |
| 6.4.25 | Verizon Call Filter API flaw exposed customers' incoming call history | A vulnerability in Verizon's Call Filter feature allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request. | Vulnerebility | BleepingComputer |
| 5.4.25 | Cisco warns of CSLU backdoor admin account used in attacks | Cisco warns admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks. | Vulnerebility | BleepingComputer |
| 5.4.25 | Critical auth bypass bug in CrushFTP now exploited in attacks | Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. | Vulnerebility | BleepingComputer |
| 4.4.25 | Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware | Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. | Vulnerebility | The Hacker News |
| 4.4.25 | Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code | A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to | Vulnerebility | The Hacker News |
| 4.4.25 | New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It | Whether it's CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. | Vulnerebility | |
| 3.4.25 | Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent | Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to | Vulnerebility | The Hacker News |
| 3.4.25 | Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse | Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have | Vulnerebility | The Hacker News |
|
30.3.25 |
Microsoft fixes button that restores classic Outlook client | Microsoft resolved an issue that caused the new Outlook email client to crash when users clicked a button designed to switch back to classic Outlook. | Vulnerebility | |
|
30.3.25 |
The 4 WordPress flaws hackers targeted the most in Q1 2025 | A new report sheds light on the most targeted WordPress plugin vulnerabilities hackers used in the first quarter of 2025 to compromise sites. | Vulnerebility | |
|
30.3.25 |
Mozilla warns Windows users of critical Firefox sandbox escape flaw | Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser's sandbox on Windows systems. | Vulnerebility | |
|
30.3.25 |
Dozens of solar inverter flaws could be exploited to attack power grids | Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor's cloud platform. | Vulnerebility | |
|
29.3.25 |
Microsoft fixes printing issues caused by January Windows updates | Microsoft has fixed a known issue causing some USB printers to start printing random text after installing Windows updates released since late January 2025. | Vulnerebility | |
|
28.3.25 |
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA | Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited | Vulnerebility | The Hacker News |
|
28.3.25 |
Windows 11 update breaks Veeam recovery, causes connection errors | Microsoft and Veeam are investigating a known issue that triggers connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media. | Vulnerebility | |
|
28.3.25 |
Google fixes Chrome zero-day exploited in espionage campaign | Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian media outlets and government organizations. | Vulnerebility | |
|
28.3.25 |
CrushFTP warns users to patch unauthenticated access flaw immediately | CrushFTP warned customers of an authentication bypass security vulnerability and urged them to patch their servers immediately. | Vulnerebility | |
|
28.3.25 |
Cloudflare R2 service outage caused by password rotation error | Cloudflare has announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. | Vulnerebility | |
|
28.3.25 |
Broadcom warns of authentication bypass in VMware Windows Tools | Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. | Vulnerebility | |
|
28.3.25 |
New Windows zero-day leaks NTLM hashes, gets unofficial patch | Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. | Vulnerebility | |
|
28.3.25 |
Mozilla Patches Critical Firefox Bug Similar to Chrome's Recent Zero-Day Vulnerability | Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in | Vulnerebility | The Hacker News |
|
27.3.25 |
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It | Whether it's CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. | Vulnerebility | The Hacker News |
|
27.3.25 |
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) | Vulnerebility | The Hacker News |
|
27.3.25 |
NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems | A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an | Vulnerebility | The Hacker News |
|
26.3.25 |
DrayTek routers worldwide go into reboot loops over weekend | Many Internet service providers (ISPs) worldwide are alerting customers of an outage that started Saturday night and triggered DrayTek router connectivity problems. | Vulnerebility | |
|
26.3.25 |
Critical flaw in Next.js lets hackers bypass authorization | A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. | Vulnerebility | |
|
26.3.25 |
New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround | Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked | Vulnerebility | The Hacker News |
|
25.3.25 |
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication | A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code | Vulnerebility | The Hacker News |
|
24.3.25 |
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks | A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain | Vulnerebility | The Hacker News |
|
23.3.25 |
Veeam RCE bug lets domain users hack backup servers, patch now | Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. | Vulnerebility | |
|
22.3.25 |
WordPress security plugin WP Ghost vulnerable to remote code execution bug | Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. | Vulnerebility | |
|
22.3.25 |
Google to purchase Wiz for $32 billion in cloud security play | Google has announced it entered into a definitive agreement to acquire Wiz, a leading cloud security platform, for $32 billion in an all-cash transaction. | Vulnerebility | BleepingComputer |
|
22.3.25 |
Critical AMI MegaRAC bug can let attackers hijack, brick servers | A new critical severity vulnerability found in American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers. | Vulnerebility | BleepingComputer |
|
21.3.25 |
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems | Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The | Vulnerebility | The Hacker News |
|
20.3.25 |
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its | Vulnerebility | The Hacker News |
|
19.3.25 |
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems | Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO , a Supervisory Control and Data Acquisition (SCADA) system | Vulnerebility | The Hacker News |
|
19.3.25 |
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking | A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as | Vulnerebility | The Hacker News |
|
16.3.25 |
Cisco IOS XR vulnerability lets attackers crash BGP on routers | Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. | Vulnerebility | BleepingComputer |
|
16.3.25 |
Juniper patches bug that let Chinese cyberspies backdoor routers | Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. | Vulnerebility | BleepingComputer |
|
16.3.25 |
GitLab patches critical authentication bypass vulnerabilities | GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. | Vulnerebility | BleepingComputer |
|
15.3.25 |
Critical PHP RCE vulnerability mass exploited in new attacks | Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. | Vulnerebility | BleepingComputer |
|
15.3.25 |
CISA tags critical Ivanti EPM flaws as actively exploited in attacks | CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. | Vulnerebility | BleepingComputer |
| 13.3.25 | GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks | Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an XML-based markup | Vulnerebility | The Hacker News |
| 12.3.25 | Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack | Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning | Vulnerebility | The Hacker News |
| 12.3.25 | URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days | Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have | Vulnerebility | The Hacker News |
| 12.3.25 | Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks | Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been | Vulnerebility | The Hacker News |
| 11.3.25 | Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches | Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass | Vulnerebility | The Hacker News |
| 11.3.25 | CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint | Vulnerebility | The Hacker News |
| 9.3.25 | Over 37,000 VMware ESXi servers vulnerable to ongoing attacks | Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. | Vulnerebility | BleepingComputer |
| 8.3.25 | Broadcom fixes three VMware zero-days exploited in attacks | Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. | Vulnerebility | BleepingComputer |
| 8.3.25 | Google fixes Android zero-day exploited by Serbian authorities | Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices. | Vulnerebility | BleepingComputer |
| 7.3.25 | Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution | Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could | Vulnerebility | The Hacker News |
| 5.3.25 | VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches | Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead | Vulnerebility | The Hacker News |
| 4.3.25 | Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities | Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under | Vulnerebility | The Hacker News |
| 22.2.25 | Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks | Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171 , and by | Vulnerebility | The Hacker News |
| 22.2.25 | CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks | A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security | Vulnerebility | The Hacker News |
| 22.2.25 | New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now | Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active | Vulnerebility | The Hacker News |
| 22.2.25 | CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall | Vulnerebility | The Hacker News |
|
19.1.25 | New UEFI Secure Boot flaw exposes systems to bootkits, patch now | A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. | Vulnerebility | BleepingComputer |
|
19.1.25 | Hackers leak configs and VPN credentials for 15,000 FortiGate devices | A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. | Vulnerebility | BleepingComputer |
|
19.1.25 | SAP fixes critical vulnerabilities in NetWeaver application servers | SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. | Vulnerebility | BleepingComputer |
|
19.1.25 | Windows BitLocker bug triggers warnings on devices with TPMs | Microsoft is investigating a bug triggering security alerts on systems with a Trusted Platform Module (TPM) processor after enabling BitLocker. | Vulnerebility | BleepingComputer |
|
19.1.25 | January Windows updates may fail if Citrix SRA is installed | Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device. | Vulnerebility | BleepingComputer |
|
19.1.25 | Windows 10 KB5049981 update released with new BYOVD blocklist | Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks. | Vulnerebility | BleepingComputer |
|
19.1.25 | Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws | Today is Microsoft's January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. | Vulnerebility | BleepingComputer |
|
18.1.25 | Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation | Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve | Vulnerebility | The Hacker News |
|
16.1.25 | Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions | Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially | Vulnerebility | The Hacker News |
|
16.1.25 | Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager | Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including | Vulnerebility | The Hacker News |
|
16.1.25 | Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool | As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to | Vulnerebility | The Hacker News |
|
16.1.25 | 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update | Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have | Vulnerebility | The Hacker News |
|
16.1.25 | Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks | Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege | Vulnerebility | The Hacker News |
|
14.1.25 | Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls | Arctic Wolf observed a recent campaign affecting Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. | Vulnerebility | ArcticWolf |
|
14.1.25 | Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation | Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to | Vulnerebility | The Hacker News |
|
14.1.25 | Google OAuth Vulnerability Exposes Millions via Failed Startup Domains | New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain | Vulnerebility | The Hacker News |
|
14.1.25 | Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces | Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public | Vulnerebility | The Hacker News |
|
12.1.25 | Microsoft fixes bug causing Outlook to freeze when copying text | Microsoft has fixed a known issue causing the classic Outlook email client to stop responding when copying text with the CTRL+C keyboard shortcut. | Vulnerebility | BleepingComputer |
|
12.1.25 | Unpatched critical flaws impact Fancy Product Designer WordPress plugin | Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. | Vulnerebility | BleepingComputer |
|
12.1.25 | Ivanti warns of new Connect Secure flaw used in zero-day attacks | Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. | Vulnerebility | BleepingComputer |
|
12.1.25 | SonicWall urges admins to patch exploitable SSLVPN bug immediately | SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is "susceptible to actual exploitation." | Vulnerebility | BleepingComputer |
|
12.1.25 | Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens | Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. | Vulnerebility | BleepingComputer |
|
11.1.25 | Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices | Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code | Vulnerebility | The Hacker News |
|
11.1.25 | Vulnerable Moxa devices expose industrial networks to attacks | Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances. | Vulnerebility | BleepingComputer |
|
10.1.25 | Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices | Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code | Vulnerebility | The Hacker News |
|
10.1.25 | Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers | Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an | Vulnerebility | The Hacker News |
|
10.1.25 | Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection | Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could | Vulnerebility | The Hacker News |
|
10.1.25 | Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure | Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild | Vulnerebility | The Hacker News |
|
7.1.25 | Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers | Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow | Vulnerebility | The Hacker News |
|
5.1.25 | Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution | A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei , a widely-used open-source vulnerability scanner that, if successfully exploited, could | Vulnerebility | The Hacker News |
|
4.1.25 | Bad Tenable plugin updates take down Nessus agents worldwide | Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. | Vulnerebility | BleepingComputer |
|
3.1.25 | Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption | Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their | Vulnerebility | |
|
2.1.25 | Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API | Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, | Vulnerebility | The Hacker News |