Vulnerability

A significant vulnerability in Samsung Galaxy S24 devices that allows network-adjacent attackers to create arbitrary files on affected installations.  The flaw, identified as CVE-2024-49421, was publicly announced on April 9, 2025, as part of the...

A critical vulnerability affecting over 100,000 WordPress websites has been discovered in the SureTriggers WordPress plugin, potentially allowing attackers to create unauthorized administrator accounts. The flaw, identified as CVE-2025-3102 with a CVSS score of 8.1...

A critical vulnerability in NVIDIA’s Container Toolkit, CVE-2024-0132, remains exploitable due to an incomplete patch, endangering AI infrastructure and sensitive data. Coupled with a newly discovered denial-of-service (DoS) flaw in Docker on Linux, these...

A severe security vulnerability has been discovered in the popular InstaWP Connect WordPress plugin, potentially exposing thousands of websites to remote attacks.  Security researchers at Wordfence identified and reported the critical flaw (CVE-2025-2636), which allows...

A severe remote code execution (RCE) vulnerability affects certain Calix networking devices, allowing attackers to gain complete system control without authentication.  The flaw impacts legacy devices running vulnerable CWMP (CPE WAN Management Protocol) services on...

AMD has disclosed a significant security vulnerability that could allow attackers with administrative privileges to load unauthorized microcode patches into the company's processors.  Identified as CVE-2024-36347 with a CVSS score of 6.4 (Medium), this flaw...

A critical security flaw in widely used Jenkins Docker images has been discovered, potentially compromising build pipelines across thousands of organizations.  The vulnerability, disclosed in a Jenkins Security Advisory on April 10, 2025, affects SSH...

A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated remote code execution (RCE) vulnerability impacting several Ivanti products. The vulnerability was recently exploited in the wild by a suspected China-nexus threat actor, affecting...

SonicWall has released security updates addressing three critical vulnerabilities in its NetExtender VPN client for Windows.  The flaws, which could potentially allow attackers to escalate privileges and manipulate system files, affect both 32-bit and 64-bit...

The Cybersecurity and Infrastructure Security Agency (CISA) has added two significant Linux kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog yesterday, confirming both flaws are being actively weaponized in targeted attacks. Federal agencies have...