More results...
Security researchers have uncovered severe vulnerabilities in Django that could allow attackers to execute arbitrary code on affected systems. These flaws, ranging from directory traversal to log injection, highlight critical security risks in one of P…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert following the addition of a critical Citrix NetScaler vulnerability—CVE-2025-6543—to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of activ…
Google has issued an urgent security update for its Chrome browser, addressing a critical zero-day vulnerability that is being actively exploited by attackers. The flaw, tracked as CVE-2025-6554, is a type confusion vulnerability in Chro…
A series of critical security vulnerabilities have been identified in D-Link DIR-816 routers, exposing users worldwide to the risk of remote code execution and network compromise. The flaws affect all hardware revisions and firmware versions of t…
A critical security vulnerability, tracked as CVE-2025-36038, has been discovered in IBM WebSphere Application Server, exposing organizations to the risk of remote code execution by unauthenticated attackers. This flaw, which affects widely deployed ve…
A critical vulnerability in Synology’s Active Backup for Microsoft 365 (ABM) has exposed sensitive data from Microsoft 365 tenants worldwide, potentially impacting over a million organizations relying on the popular backup solution. The flaw,…
In a major security revelation, researchers have uncovered critical vulnerabilities in millions of Bluetooth headphones and earbuds, enabling hackers to eavesdrop on conversations, hijack devices, and access sensitive data—all without user authenticati…
A newly disclosed critical vulnerability in Hunt Electronics’ hybrid DVRs has left thousands of surveillance systems dangerously exposed, with administrator credentials accessible in plaintext to anyone on the internet. Security researchers have assign…
A critical security vulnerability has been discovered in multiple Mitsubishi Electric air conditioning systems, potentially allowing hackers to bypass authentication and remotely control affected units. The flaw, identified as CVE-2025-3699, was disclo…
A critical pre-authentication vulnerability (CVE-2025-6709) in MongoDB Server enables unauthenticated attackers to trigger denial-of-service (DoS) conditions by exploiting improper input validation in OIDC authentication. The flaw allows malicious acto…