Vulnerability News

Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers.  The flaw enables authenticated attackers to execute arbitrary SQL...

Security researchers have released proof-of-concept (PoC) exploit code for CVE-2025-20029, a high-severity command injection vulnerability affecting F5's BIG-IP application delivery controllers.  The flaw, which carries a CVSS v3.1 score of 8.8, enables authenticated attackers to...

Imagination Technologies, a leader in GPU innovation, has issued updates to address a series of critical vulnerabilities identified in its GPU driver software. Imagination Technologies is a global leader in developing GPUs, AI solutions,...

The Google Chrome team has officially released Chrome 133, now available on the stable channel for Windows, Mac, and Linux. This update, version 133.0.6943.53 for Linux and 133.0.6943.53/54 for Windows and Mac, brings a host...

A critical vulnerability in Ivanti Connect Secure (CVE-2025-0282) is being actively exploited by multiple threat actors to deploy an advanced malware variant known as SPAWNCHIMERA.  This vulnerability, disclosed in January 2025, is a stack-based buffer...

Three critical vulnerabilities have been identified in the PAM-PKCS#11 module, a widely used Linux-PAM login module that facilitates X.509 certificate-based user authentication. These vulnerabilities, cataloged under CVE-2025-24032, CVE-2025-24531, and CVE-2025-24031, pose significant risks by...

The OpenSSL Project announced a high-severity vulnerability (CVE-2024-12797) affecting versions 3.2, 3.3, and 3.4 of the widely used cryptographic library. The vulnerability, discovered by Apple Inc. in December 2024, could potentially allow man-in-the-middle (MitM)...

Fortinet has issued an urgent warning about actively exploiting an already patched authentication bypass zero-day vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products. This critical flaw allows remote attackers to gain super-admin privileges by sending...

Microsoft released a security update as part of the February Patch Tuesday that addressed 61 vulnerabilities, including 25 classified as critical Remote Code Execution (RCE) vulnerabilities, including 3 zero-day vulnerabilities that were actively exploited...

Fortinet has rolled out critical security updates to address multiple high-risk flaws across its product portfolio, including FortiOS, FortiProxy, FortiManager, and FortiAnalyzer.  Fortinet warns of an already patched zero-day flaw (CVE-2024-55591 & new CVE-2025-24472), which...