More results...
A severe security flaw, dubbed nOAuth, has been identified in certain software-as-a-service (SaaS) applications integrated with Microsoft Entra ID, potentially allowing attackers to achieve full account takeover across tenant boundaries. Research condu…
Cisco has issued urgent security patches addressing two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) platforms. These flaws, which both carry the highest possible CVSS severity score of 10….
Hewlett Packard Enterprise (HPE) has issued a critical security bulletin warning customers of a significant vulnerability in its OneView for VMware vCenter (OV4VC) software. The flaw, tracked as CVE-2025-37101, could allow attackers with only read-only…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert following evidence of active exploitation of a critical vulnerability (CVE-2024-0769) in legacy D-Link DIR-859 WiFi routers. The flaw, which enables attackers t…
Two critical vulnerabilities in Cisco ISE could allow remote attackers to execute arbitrary code with root privileges.
The post Critical Cisco ISE Vulnerabilities Allow Remote Code Execution appeared first on SecurityWeek.
A critical security vulnerability has been identified in IBM i, potentially allowing attackers to escalate privileges and execute arbitrary code with administrator rights. The flaw, tracked as CVE-2025-36004, affects IBM Facsimile Support for i across …
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding critical vulnerabilities in ControlID’s iDSecure On-premises software, a widely used vehicle control and access management platform. The alert, designated …
A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is bein…
A critical vulnerability in Realtek’s Bluetooth Low Energy (BLE) implementation enables attackers to launch denial-of-service (DoS) attacks during device pairing. The flaw (CVE-2024-48290) affects Realtek RTL8762E BLE SDK v1.4.0, allowing malicio…
The Chrome team has announced the rollout of a critical security update for its popular web browser, Chrome, addressing 11 code execution vulnerabilities that could potentially put millions of users at risk. The update, Chrome 138.0.7204.49 for Linux a…