More results...
A critical vulnerability has been discovered in React Router and Remix that could allow attackers to access or modify sensitive files on web servers. The flaw affects multiple packages and has received a severity rating of Critical with a CVSS score of…
Security researchers have discovered critical vulnerabilities in InputPlumber, a Linux input device utility used in SteamOS, that could allow attackers to inject keystrokes, leak sensitive information, and cause denial-of-service conditions. The flaws,…
A severe buffer overflow vulnerability has been discovered in the zlib untgz utility, affecting version 1.3.1.2, allowing attackers to trigger memory corruption via maliciously crafted command-line arguments. The vulnerability resides in the TGZfname()…
CISA adds a critical HPE OneView flaw (CVE-2025-37164) to its KEV catalogue with a Jan 28 deadline. Learn how this 10.0 RCE bug puts server infrastructure at risk.
Cybersecurity researchers from Huntress detail a major VM Escape attack where hackers took over host servers. Using a secret toolkit called MAESTRO, the attackers stayed hidden for over a year. Read the exclusive details on how this breach was stopped …
Tenable has released PoC code and technical details after the vendor announced the availability of patches for three vulnerabilities.
The post Trend Micro Patches Critical Code Execution Flaw in Apex Central appeared first on SecurityWeek.
The Emergency Directives were retired because they achieved objectives or targeted vulnerabilities included in the KEV catalog.
The post CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over appeared first on SecurityWeek.
A newly disclosed vulnerability in the OWASP Core Rule Set (CRS) allows attackers to bypass charset validation in web application firewalls (WAFs), enabling dangerous payloads to reach backend applications. Tracked as CV…
Trend Micro has issued a critical security update for Apex Central to address multiple remotely exploitable vulnerabilities, including a bug that allows unauthenticated attackers to execute code with SYSTEM-level privileges. Organizations running vuln…
Microsoft is tightening security for its cloud customers by making multi-factor authentication mandatory for anyone accessing the Microsoft 365 admin center, effectively ending password-only logins for high-privilege admin portals.&…