Topic: cve identifiers
-
Apple Patches Critical Zero-Day Flaw Actively Exploited in Attacks
Apple has patched a critical zero-day vulnerability (CVE-2026-20700) in its dyld component, which was exploited in a sophisticated, targeted attack against older iOS versions. The updates also fix two related WebKit vulnerabilities, all discovered and reported by Google's Threat Analysis Group, t...
Read More » -
Urgent SolarWinds Web Help Desk Patch Fixes Critical RCE Flaws
SolarWinds has urgently patched multiple critical vulnerabilities in its Web Help Desk software, strongly advising all customers to immediately upgrade to version 2026.1 to mitigate risks like remote code execution. The critical flaws, discovered by external researchers, include authentication by...
Read More » -
NSA-Reported VMware Flaws Patched by Broadcom
Broadcom has released critical patches for two VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) that allow unauthenticated attackers to enumerate valid usernames, posing risks of unauthorized access. Additional high-severity flaws were addressed in VMware vCenter (CVE-2025-41250) an...
Read More » -
CISA Warns of Active Attacks on 4 Critical Software Flaws
CISA has issued a critical alert, adding four actively exploited software vulnerabilities to its KEV catalog, impacting tools from Versa, Zimbra, Vite, and Prettier. The exploited flaws include an authentication bypass in Versa's SD-WAN platform, a file access bug in the Vite framework, a supply-...
Read More » -
Google Patches Actively Exploited Android Security Flaws
Google's December security update patches over 50 Android vulnerabilities, including two high-severity flaws in the Android Framework that are already being used in limited, targeted attacks. The two critical vulnerabilities (CVE-2025-48633 and CVE-2025-48572) could allow unauthorized access to s...
Read More » -
Microsoft Patches Critical Zero-Day and 63 Flaws
Microsoft's November 2025 Patch Tuesday addresses 63 vulnerabilities, including one actively exploited zero-day and four critical issues, requiring immediate deployment by system administrators. The update includes the first extended security update (ESU) for Windows 10, urging organizations to u...
Read More » -
Critical RCE flaw in Zyxel routers puts users at risk
A critical command injection vulnerability (CVE-2025-13942) in Zyxel devices allows remote code execution, but exploitation requires both UPnP and WAN access to be enabled, with WAN disabled by default. Zyxel has released firmware patches for this and other high-severity flaws, while also confirm...
Read More » -
Critical SolarWinds Serv-U Flaws Grant Root Server Access
SolarWinds has released critical security patches for its Serv-U file transfer software to fix four vulnerabilities that could allow remote code execution and full administrative takeover of servers. All four flaws require the attacker to already have high-privilege access, limiting exploitation ...
Read More » -
SolarWinds Help Desk Flaw Under Active Attack
A critical vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk is under active attack, allowing unauthenticated attackers to execute remote code and gain administrative control, prompting urgent patching orders from US authorities. The flaw is one of four critical vulnerabilities, all with...
Read More » -
Hackers Target Unpatched Fortinet Flaws After Fix
Attackers are exploiting two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in Fortinet products, gaining administrative access to steal sensitive system configuration files. The theft of these configuration files poses a severe risk, exposing network details and...
Read More » -
Ivanti warns of critical code execution flaw in Endpoint Manager
A critical vulnerability (CVE-2025-10573) in Ivanti's Endpoint Manager allows unauthenticated attackers to execute arbitrary code by tricking an administrator into viewing a compromised dashboard. Ivanti has released a patch, but the risk is heightened as hundreds of EPM instances are exposed onl...
Read More » -
Critical runC Flaws Let Hackers Escape Docker Containers
Three critical vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) in runC allow attackers to escape Docker and Kubernetes containers and gain root access to the host system by exploiting flaws in bind mounts and symbolic link handling. Successful exploitation requires starting conta...
Read More » -
Trend Micro Apex One Flaws: Critical Code Execution Risk
Trend Micro has patched two critical remote code execution vulnerabilities (CVE-2025-71210 & CVE-2025-71211) in its Apex One endpoint protection platform, urging immediate updates. The flaws are path traversal issues in the management console, where exploitation requires prior access, and the com...
Read More » -
Critical Veeam Flaws Let Hackers Execute Code on Backup Servers
Veeam has released a critical security patch for its Backup & Replication software to address a high-severity remote code execution vulnerability (CVE-2025-59470) that requires privileged account access. The update fixes two additional vulnerabilities, including one allowing remote code execution...
Read More » -
D-Link DIR-878 routers have critical RCE flaws
D-Link has issued a critical alert for its unsupported DIR-878 router, revealing three severe vulnerabilities that allow unauthenticated remote command execution, with exploit code already public. The router, discontinued in 2021 but still sold, will not receive patches, and D-Link advises users ...
Read More » -
Urgent Microsoft Update: Patch Windows 10, 11, Server Now
Microsoft has urgently patched a zero-day vulnerability (CVE-2025-62215) in the Windows Kernel, which is already being actively exploited to gain system-level privileges. The flaw involves improper synchronization in concurrent execution, allowing attackers to escalate privileges after initial ac...
Read More » -
iOS Spyware 'Coruna' Powers Financial Crime Wave
The 'Coruna' exploit kit is a sophisticated iOS threat that evolved from a surveillance tool to a weapon for state-sponsored espionage and, most recently, large-scale financial crimes targeting cryptocurrency and sensitive data. It consolidates multiple exploit chains, leveraging both known and u...
Read More » -
Fortinet warns of critical FortiCloud SSO auth bypass flaw
Fortinet has patched two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in several products, which could allow attackers to gain unauthorized access via a crafted SAML message. The affected FortiCloud SSO feature is not enabled by default on new devices, but it i...
Read More » -
Google Patches Actively Exploited Zero-Day Vulnerabilities
Google has released a critical Android security update patching over 100 vulnerabilities, including three severe flaws that are under active, targeted exploitation. Two high-severity information disclosure vulnerabilities (CVE-2025-48633 & CVE-2025-48572) can expose sensitive data or grant elevat...
Read More » -
Google Patches Actively Exploited Chrome Zero-Day Vulnerability
Google has issued an urgent update for Chrome to fix a critical zero-day vulnerability (CVE-2025-13223) that is actively being exploited, requiring immediate user action to prevent data breaches. The vulnerability is a type confusion flaw in the V8 engine that attackers can exploit via malicious ...
Read More » -
CISA Alerts: 2 New Dassault Flaws Under Active Attack
CISA warns that two new security flaws in Dassault Systèmes' DELMIA Apriso platform are being actively exploited, posing risks to manufacturing operations management. The vulnerabilities include CVE-2025-6205, allowing unauthenticated remote access, and CVE-2025-6204, enabling code injection, wit...
Read More » -
Critical DNS Cache Poisoning Flaws Found in 2 Apps
Critical vulnerabilities in BIND and Unbound DNS software allow attackers to poison DNS caches and redirect users to fraudulent websites, with severity ratings up to 8.6. These flaws enable malicious actors to replace legitimate domain IP addresses with attacker-controlled ones, but security patc...
Read More » -
Zero-Day Attack Hits Gladinet File Sharing Software
A zero-day vulnerability (CVE-2025-11371) in Gladinet's CentreStack and Triofox platforms allows unauthenticated attackers to access sensitive files via Local File Inclusion, with at least three organizations already targeted. Attackers exploit the LFI flaw to retrieve machine keys and chain it w...
Read More » -
Cisco ASA Firewalls Under Active Attack from Zero-Day Exploits
Cisco has issued an urgent alert to patch two actively exploited zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) affecting its ASA and FTD software. The company, aided by international cybersecurity agencies, also addressed a third critical flaw (CVE-2025-20363) but has not linked it...
Read More » -
Supermicro Motherboards Harbor Unremovable Malware
Supermicro motherboards have critical vulnerabilities allowing malware to be embedded so deep that standard removal methods fail, as attackers can remotely install malicious firmware before the operating system loads. The flaws include an incomplete patch for a prior high-severity issue and a sep...
Read More » -
Lenovo UEFI Updates Patch Critical Secure Boot Vulnerabilities
Lenovo released critical firmware updates to fix high-risk vulnerabilities in Secure Boot for several all-in-one desktop models, which could allow attackers to bypass security and execute malicious code at the firmware level. The affected devices include IdeaCentre AIO 3 and Yoga AIO models, with...
Read More » -
CISA Warns: VMware ESXi Flaw Actively Exploited by Ransomware
CISA warns that a critical, patched VMware ESXi vulnerability (CVE-2025-22225) is now being actively exploited by ransomware groups to escape virtual machine sandboxes. The flaw, part of a trio of zero-days, impacts a wide range of VMware products and has reportedly been used by threat actors sin...
Read More » -
Anthropic's Official Git MCP Server Exposes Prompt Injection Bugs
Critical vulnerabilities were discovered in Anthropic's official Git server for its Model Context Protocol (MCP), exploitable via prompt injection attacks to manipulate AI assistants into unauthorized actions. The flaws, present in default installations, allow attackers to execute code, delete fi...
Read More » -
Trend Micro Apex Central RCE PoC Released (CVE-2025-69258)
Trend Micro has issued a critical security update for its Apex Central on-premise platform, addressing multiple vulnerabilities, including a severe one (CVE-2025-69258) that allows unauthenticated attackers to execute code with SYSTEM privileges. The vulnerabilities, discovered by Tenable, involv...
Read More » -
Urgent Chrome Update Fixes Actively Exploited 0-Day Bug
Google has released a critical update for Chrome to patch a zero-day vulnerability (CVE-2025-13223) that is already being actively exploited in attacks. The flaw is a type confusion issue in the V8 JavaScript engine that could allow attackers to execute unauthorized code and potentially take cont...
Read More » -
Oracle Warns Known Flaws Fueling Recent Ransomware Attacks
Oracle is warning that known vulnerabilities in its E-Business Suite are being exploited in ransomware attacks, with customers receiving extortion emails linked to patched security flaws. The Cl0p ransomware group, possibly connected to FIN11, is suspected of sending these emails from compromised...
Read More » -
SolarWinds Serv-U Exposes Critical RCE Vulnerabilities
SolarWinds has released critical patches for its Serv-U file transfer software to address four severe vulnerabilities that could allow attackers to gain full system control, requiring immediate updates. The vulnerabilities, which include broken access control and type confusion bugs, enable remot...
Read More » -
Hackers Exploit Critical Microsoft Zero-Day Bugs in Windows, Office
Microsoft has released critical patches for actively exploited zero-day vulnerabilities in Windows and Office, including a severe flaw (CVE-2026-21510) in the Windows shell that bypasses the SmartScreen security filter. A second critical vulnerability (CVE-2026-21513) exists in the legacy MSHTML ...
Read More » -
Urgent ASUS Router Security Flaw Exposed
ASUS has released an urgent firmware update (version 1.1.2.3_1010) to fix a critical security flaw (CVE-2025-59367) that allows unauthorized remote access to DSL-AC51, DSL-N16, and DSL-AC750 routers without a password. For users unable to update immediately, ASUS recommends disabling internet-acc...
Read More » -
SAP Issues Critical Security Alert for Multiple Products
SAP has issued a critical security alert for multiple vulnerabilities, including one with the highest severity score, as threat actors actively exploit a separate high-severity flaw. The most severe vulnerability, CVE-2025-42944 with a CVSS score of 10.0, affects the NetWeaver platform and allows...
Read More » -
Critical Veeam Flaws Expose Backup Servers to RCE Attacks
Veeam has patched multiple critical vulnerabilities in its Backup & Replication platform that allow unauthorized remote code execution, posing a severe risk to enterprise backup servers. The flaws, which include four critical RCE issues, can be exploited by low-privileged users to run malicious c...
Read More » -
Microsoft Patches 3 Zero-Days, 57 Flaws in December Update
Microsoft's December 2025 Patch Tuesday addressed 57 vulnerabilities, including three critical remote code execution flaws and three zero-day issues. One zero-day (CVE-2025-62221) is actively exploited, allowing local privilege escalation, while two others were publicly disclosed before patching....
Read More » -
Microsoft Patch Tuesday fixes 3 zero-days, 114 flaws in January 2026 update
Microsoft's January 2026 Patch Tuesday addresses 114 vulnerabilities, including eight critical flaws and three zero-days, with one confirmed as actively exploited. The actively exploited zero-day (CVE-2026-20805) is an information disclosure flaw in the Desktop Window Manager, while the other two...
Read More »