SIEM as a Service
Home Vulnerability News

Vulnerability News

PostgreSQL Terminal Tool Injection Vulnerability

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql.  This flaw was identified during research into the exploitation of CVE-2024-12356, a remote code execution (RCE) vulnerability in BeyondTrust Privileged...

WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code

A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive files. The flaw, rated 7.8 on the CVSS scale, impacts...

Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as CVE-2025-0108, affecting their PAN-OS software. GreyNoise has observed active exploitation attempts targeting this vulnerability. The flaw allows unauthenticated attackers to bypass...
ThinkPHP & ownCloud

Hackers Exploiting ThinkPHP & ownCloud Vulnerabilities at Large Scale

A recent surge in exploitation activity has been observed targeting two critical vulnerabilities, CVE-2022-47945 in ThinkPHP and CVE-2023-49103 in ownCloud. These attacks highlight the persistent threat posed by unpatched systems and the challenges organizations face...
Windows 11’s New Compression

Windows 11’s New Compression Formats Pose Security Risks with libarchive

Microsoft introduced a major update to Windows 11 (KB5031455), adding native support for 11 new compression formats, including RAR and 7z.  This update aimed to enhance user convenience by enabling file management directly within File...
PAN-OS (CVE-2025-0108)

Path Confusion in Nginx/Apache Leads to Critical Auth Bypass in PAN-OS

Palo Alto Networks has recently disclosed a critical vulnerability in its PAN-OS network security operating system, tracked as CVE-2025-0108, which allows attackers to bypass authentication on the management web interface.  This vulnerability, with a CVSSv3.1...
mazon Machine Image Name Confusion Attack

Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource

Researchers uncovered a critical vulnerability in Amazon Web Services (AWS) involving Amazon Machine Images (AMIs).  Dubbed the "whoAMI" attack, this exploit leverages a name confusion attack, a subset of supply chain attacks, to gain unauthorized...
KASLR Exploited

KASLR Exploited: Breaking macOS Apple Silicon Kernel Hardening Techniques

Security researchers from Korea University have unveiled a new vulnerability in macOS systems running on Apple Silicon processors.  Dubbed "SysBumps," this attack successfully circumvents Kernel Address Space Layout Randomization (KASLR), a critical security mechanism designed...
CrowdStrike Falcon Sensor Linux TLS Vulnerability

CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enables MiTM Attack

CrowdStrike has disclosed a high-severity vulnerability in its Falcon Sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability, identified as CVE-2025-1146, originates from a validation logic error in the Transport...
Chrome use-after-free Vulnerability v8

Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely

Google has rolled out an urgent security update for Chrome, addressing four high-severity vulnerabilities that could allow attackers to execute malicious code or compromise user data. The update, Chrome version 133.0.6943.98/.99 for Windows/Mac and 133.0.6943.98...
SIEM as a Service

Recent Posts

PostgreSQL Terminal Tool Injection Vulnerability

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql.  This flaw was identified during research into the exploitation of...