Vulnerability

CISA has added a critical Langflow vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.  The vulnerability, identified as CVE-2025-3248, allows unauthenticated remote attackers to execute arbitrary code...

A newly discovered vulnerability in Microsoft’s Windows Deployment Services (WDS) allows attackers to remotely crash servers with zero user interaction or authentication.  The flaw, which targets the UDP-based TFTP service at the WDS, could allow...

A new critical security vulnerability in Apache Parquet Java has been disclosed that could allow attackers to execute arbitrary code through specially crafted Parquet files.  The vulnerability, tracked as CVE-2025-46762, affects all versions of Apache...

A security vulnerability in macOS has been discovered. It allows malicious actors to escape the App Sandbox protection by manipulating security-scoped bookmarks.  Tracked as CVE-2025-31191, this vulnerability enables a threat actor to delete and replace a keychain...

NVIDIA has disclosed and patched a high-severity vulnerability in its TensorRT-LLM framework that could allow attackers with local access to execute malicious code, tamper with data, and potentially compromise AI systems.  The vulnerability, tracked as...

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-38475, a critical vulnerability affecting Apache HTTP Server, to its Known Exploited Vulnerabilities (KEV) catalog.  This vulnerability allows attackers to map URLs to unintended filesystem locations,...

Security experts revealed a critical vulnerability in Ruby on Rails that allows attackers to bypass Cross-Site Request Forgery (CSRF) protections. The flaw, disclosed on April 26, 2025, affects all current versions of the popular web...

A critical vulnerability in Tesla Model 3’s vehicle security systems has exposed thousands of cars to potential remote attacks, cybersecurity researchers revealed this week. Designated CVE-2025-2082, the flaw allows attackers within wireless range to...

A critical security vulnerability (CVE-2025-29953) in Apache ActiveMQ’s NMS OpenWire Client has been disclosed, enabling remote attackers to execute arbitrary code on vulnerable systems. The flaw, rooted in unsafe deserialization of untrusted data, affects versions...

A critical security flaw (CVE-2024-6198) in widely deployed Viasat satellite modems allows unauthenticated attackers to execute arbitrary code on affected devices via a stack buffer overflow in the “SNORE” web interface.  The vulnerability, rated 7.7...