Vulnerability News

Security researchers have published a detailed technical analysis of a critical remote code execution (RCE) vulnerability (CVE-2023-38408) in OpenSSH's agent forwarding feature that was disclosed in July 2023. The Qualys Threat Research Unit discovered...

A critical Insecure Direct Object Reference (IDOR) vulnerability was recently discovered in ExHub, a cloud-based platform for hulia-based development.  This flaw allowed attackers to modify web hosting configurations of any project without proper authorization, posing...

A recently disclosed vulnerability in Palo Alto Networks' Expedition tool has raised significant security concerns, as a proof-of-concept (PoC) exploit has been released for CVE-2025-0107. This OS command injection vulnerability allows remote attackers to...

A critical set of 20 vulnerabilities in GRUB2, the ubiquitous bootloader underpinning most Linux distributions and Unix-like systems, has exposed millions of devices to potential secure boot bypass, remote code execution, and persistent firmware-level...

Security researchers have discovered vulnerabilities in Windows 11's core security features that could allow attackers to bypass multiple protection mechanisms and achieve arbitrary code execution at the kernel level. The affected security components include Virtualization-based...

A newly disclosed vulnerability in WinRAR allows attackers to bypass a core Windows security mechanism, enabling arbitrary code execution on affected systems. Tracked as CVE-2025-31334, this flaw impacts all WinRAR versions before 7.11 and has...

A critical security vulnerability tracked as CVE-2024-51479 has been identified in Next.js, a widely used React framework for building web applications. The flaw allowed unauthorized access to certain pages directly under the application's root directory,...

NVIDIA has issued a significant software update for its Riva speech AI platform, releasing version 2.19.0 to resolve two high-severity vulnerabilities (CVE-2025-23242 and CVE-2025-23243) involving improper access control mechanisms.  The update, detailed in a March...

The Google Chrome team has officially released Chrome 133, now available on the stable channel for Windows, Mac, and Linux. This update, version 133.0.6943.53 for Linux and 133.0.6943.53/54 for Windows and Mac, brings a host...

A serious security flaw has been identified in Ivanti Connect Secure, designated as CVE-2025-0282. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code. As of January 8, 2025, Ivanti has confirmed this stack-based buffer overflow...