25-Year-Old Vulnerability Patched in Curl
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek.
More results...
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek.
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution.
The post Chrome 149 Update Resolves 18 Severe Vulnerabilities appeared first on SecurityWeek.
Google has released Chrome version 149.0.7827.196/197 for Windows and macOS, and version 149.0.7827.196 for Linux. This update addresses 18 security vulnerabilities, including several critical memory safety flaws in the WebGL and Autofill components. T…
A newly disclosed vulnerability in the Microsoft Windows Recovery Environment (WinRE) could allow attackers to bypass UEFI and BIOS password protections, exposing systems to unauthorized access even when firmware-level security controls are active. Thi…
A newly disclosed vulnerability in the Microsoft Windows Recovery Environment (WinRE) could allow attackers to bypass UEFI and BIOS password protections, exposing systems to unauthorized access even when firmware-level security controls are active. Thi…
Cisco Catalyst SD-WAN Manager instances are currently being targeted in a zero-day exploitation campaign that allows attackers to escalate their privileges to root through a malicious CSV upload mechanism. Mandiant reported this information on June 24,…
Agentic red-team tools designed for autonomous offensive security operations are themselves vulnerable, allowing attackers to steal API keys, weaponize the agents, escape sandboxes, and fully compromise the hosts that run them. A new academic study by …
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
The post Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.
CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution capability on the underlying server. “O…
The security defects allow unauthenticated users to take control of the open source software supply chain.
The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek.