Critical Vulnerability Patched in jsPDF
The bug can allow attackers to read arbitrary files from the system, potentially exposing configurations and credentials.
The post Critical Vulnerability Patched in jsPDF appeared first on SecurityWeek.
Vulnerabilities
Critical Vulnerability Exposes n8n Instances to Takeover Attacks
Tracked as CVE-2026-21858 (CVSS score 10), the bug enables remote code execution without authentication.
The post Critical Vulnerability Exposes n8n Instances to Takeover Attacks appeared first on SecurityWeek.
Critical HPE OneView Vulnerability Exploited in Attacks
The maximum-severity code injection flaw can be exploited without authentication for remote code execution.
The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek.
GitLab Patches Multiple Flaws Allowing Arbitrary Code ExecutionÂ
Linux administrators are being urged to update promptly after disclosures of multiple vulnerabilities in GitLab, including flaws that could enable cross-site scripting, authorization bypass, and denial of service in selfmanaged instances…
Cybercriminals Exploit VMware ESXi Vulnerabilities Using Zero-Day Toolset
Huntress security researchers have uncovered a sophisticated VMware ESXi exploitation campaign using a zero-day toolkit that remained undetected for over a year before VMware’s public disclosure. The December 2025 intrusion, which began through a…
Vulnerability in Totolink Range Extender Allows Device Takeover
An error in the firmware-upload handler leads to devices starting an unauthenticated root-level Telnet service.
The post Vulnerability in Totolink Range Extender Allows Device Takeover appeared first on SecurityWeek.
Several Code Execution Flaws Patched in Veeam Backup & Replication
Four vulnerabilities have been fixed in the latest release of Veeam Backup & Replication.
The post Several Code Execution Flaws Patched in Veeam Backup & Replication appeared first on SecurityWeek.
Hackers Exploit Zero-Day in Discontinued D-Link Devices
The critical-severity vulnerability allows unauthenticated, remote attackers to execute arbitrary shell commands.
The post Hackers Exploit Zero-Day in Discontinued D-Link Devices appeared first on SecurityWeek.
Critical Dolby Vulnerability Patched in Android
The flaw is tracked as CVE-2025-54957 and its existence came to light in October 2025 after it was discovered by Google researchers.
The post Critical Dolby Vulnerability Patched in Android appeared first on SecurityWeek.
CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries
With 24 new vulnerabilities known to be exploited by ransomware groups, the list now includes 1,484 software and hardware flaws.
The post CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries appeared first on SecurityWeek.