Vulnerability News

A critical security flaw in Moxa’s PT series industrial Ethernet switches enables attackers to bypass authentication mechanisms and compromise device integrity.  Tracked as CVE-2024-12297, this vulnerability (CVSS 4.0: 9.2) affects nine PT switch models and...

Commvault, a global leader in enterprise data protection and management solutions, has urgently patched a high-severity webserver vulnerability that enables attackers to compromise systems by creating and executing malicious webshells.  The flaw affects multiple versions...

A recently disclosed vulnerability in the widely used Python JSON Logger library has exposed an estimated 43 million installations to potential remote code execution (RCE) attacks through a dependency chain flaw.  Tracked as GHSA-wmxh-pxcx-9w24 and...

Jenkins, the widely adopted open-source automation server central to CI/CD pipelines, has disclosed four critical security vulnerabilities enabling unauthorized secret disclosure, cross-site request forgery (CSRF), and open redirect attacks.  These flaws, patched in versions 2.500...

Security researchers have uncovered a critical vulnerability in AMD Zen CPUs that allows attackers with elevated privileges to load malicious microcode patches, bypassing cryptographic signature checks. Dubbed "EntrySign," this flaw stems from AMD's use of...

A newly identified vulnerability in the Cisco Secure Client for Windows could allow attackers to execute arbitrary code with SYSTEM privileges. The vulnerability lies within the interprocess communication (IPC) channel and can be exploited...

A newly disclosed critical vulnerability in Sitecore Experience Platform (CVE-2025-27218) allows unauthenticated attackers to execute arbitrary code on unpatched systems.  The flaw, rooted in insecure deserialization practices, affects Sitecore Experience Manager (XM) and Experience Platform...

A critical security oversight in widely used Apache Airflow instances has exposed credentials for platforms like AWS, Slack, PayPal, and other services, leaving organizations vulnerable to data breaches and supply chain attacks.  Researchers at Intezer...

A critical security vulnerability in LibreOffice tracked as CVE-2025-1080, has exposed millions of users to potential remote code execution attacks through manipulated macro URLs.  Patched in versions 24.8.5 and 25.2.1 released on March 4, 2025,...

Shadowserver observed that 41,500+ internet-exposed VMware ESXi hypervisors as of March 4, 2025, are vulnerable to CVE-2025-22224, a critical zero-day vulnerability actively exploited in attacks. Broadcom patched the vulnerability in an emergency update. It...