More results...
A newly uncovered XML External Entity (XXE) injection vulnerability in PHP has demonstrated how attackers can bypass multiple security mechanisms to access sensitive configuration files and private keys. The vulnerability, detailed by web application s…
A recent surge in Server-Side Request Forgery (SSRF) exploitation has been detected by GreyNoise, highlighting the ongoing threat posed by these vulnerabilities. GreyNoise observed a coordinated increase in SSRF attacks, with at least 400 unique IPs ac…
The Cybersecurity and Infrastructure Security Agency (CISA) highlighted a critical vulnerability in Microsoft Windows’ New Technology File System (NTFS). The vulnerability, designated as CVE-2025-24984, pertains to an information disclosure issue…
Recent security bulletins from Zoom have highlighted several high-severity vulnerabilities in their client software, raising concerns about potential data breaches for users. The latest security updates, issued on March 11, 2025, address multiple criti…
The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the active exploitation of a significant vulnerability in Microsoft Windows affecting the Microsoft Management Console (MMC). This security threat underscores the ongoing challen…
Historically, NULL pointer dereferences have been a significant vulnerability in operating systems, including macOS. These occur when software attempts to access memory at address 0 via a NULL pointer, leading to potential crashes or, under certain con…
A newly disclosed security vulnerability in Apache Camel, tracked as CVE-2025-27636, has raised alarms across the cybersecurity community. The flaw allows attackers to inject arbitrary headers into Camel Exec component configurations, potentially enabl…
SAP released 21 new security notes and updated three security notes on March 2025 security patch day.
The post SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver appeared first on SecurityWeek.
A Proof-of-Concept (PoC) has been released for a significant vulnerability discovered in SolarWinds Web Help Desk, exposing encrypted passwords and other sensitive data. This vulnerability arises from the predictable encryption keys used in the applica…
A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for real-time analytics, has been publicly disclosed. The flaw, identified as CVE-2024-56325, allows remote attackers to bypass authentication o…