Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries
Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers.
The flaw enables authenticated attackers to execute arbitrary SQL...
PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability
Security researchers have released proof-of-concept (PoC) exploit code for CVE-2025-20029, a high-severity command injection vulnerability affecting F5's BIG-IP application delivery controllers.
The flaw, which carries a CVSS v3.1 score of 8.8, enables authenticated attackers to...
GPU Driver Vulnerabilities in Imagination Let Attackers Gain Kernel Access Remotely
Imagination Technologies, a leader in GPU innovation, has issued updates to address a series of critical vulnerabilities identified in its GPU driver software.
Imagination Technologies is a global leader in developing GPUs, AI solutions,...
.webp?w=324&resize=324,235&ssl=1 "Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload")
Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload
Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability, identified as CVE-2025-20229, could allow a low-privileged user to execute arbitrary code...
Exim Use-After-Free Vulnerability Allows Privilege Escalation
A critical security vulnerability has been identified in the widely used Exim mail transfer agent (MTA), potentially allowing attackers with command-line access to escalate privileges on affected systems.
The vulnerability, tracked as CVE-2025-30232, affects Exim...
Chrome Use-After-Free Vulnerabilities Let Attackers Execute Remote Code – Update Now
The Google Chrome team has officially released Chrome 133, now available on the stable channel for Windows, Mac, and Linux.
This update, version 133.0.6943.53 for Linux and 133.0.6943.53/54 for Windows and Mac, brings a host...
Hackers Exploiting Ivanti Connect Secure RCE Vulnerability to Install SPAWNCHIMERA Malware
A critical vulnerability in Ivanti Connect Secure (CVE-2025-0282) is being actively exploited by multiple threat actors to deploy an advanced malware variant known as SPAWNCHIMERA.
This vulnerability, disclosed in January 2025, is a stack-based buffer...
Linux X.509 Certificate-Based User Login Flaws Let Attackers Bypass Authentication
Three critical vulnerabilities have been identified in the PAM-PKCS#11 module, a widely used Linux-PAM login module that facilitates X.509 certificate-based user authentication.
These vulnerabilities, cataloged under CVE-2025-24032, CVE-2025-24531, and CVE-2025-24031, pose significant risks by...
Critical OpenSSL Vulnerability Allow Hackers to Launch Man-in-the-Middle Attacks
The OpenSSL Project announced a high-severity vulnerability (CVE-2024-12797) affecting versions 3.2, 3.3, and 3.4 of the widely used cryptographic library.
The vulnerability, discovered by Apple Inc. in December 2024, could potentially allow man-in-the-middle (MitM)...
FortiOS & FortiProx 0-Day Allows Attackers Hijacks Firewall & Gain Super Admin Access
Fortinet has issued an urgent warning about actively exploiting an already patched authentication bypass zero-day vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products.
This critical flaw allows remote attackers to gain super-admin privileges by sending...
