Vulnerability News

Several significant security vulnerabilities have been identified and patched in PowerDNS, a widely used open-source nameserver known for its high performance, flexibility, and scalability. It serves as an alternative to traditional DNS solutions like BIND...

SAP has disclosed two critical vulnerabilities in its NetWeaver Application Server for ABAP and ABAP Platform, urging immediate action to mitigate potential security risks. The vulnerabilities tracked as CVE-2025-0070 and CVE-2025-0066, both carry a CVSS...

Cybersecurity researchers at EXPMON have uncovered an intriguing "zero-day behavior" in PDF samples that could potentially be exploited by attackers to leak sensitive NTLM authentication data. The discovery highlights vulnerabilities in how Adobe Reader...

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with two new critical vulnerabilities, urging organizations to act promptly to mitigate the risks. This catalog serves as the authoritative...

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical OS command injection vulnerability (CVE-2024-12686) found in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) tools to its Known Exploited Vulnerabilities (KEV)...

Imagination Technologies, a leader in GPU innovation, has issued updates to address a series of critical vulnerabilities identified in its GPU driver software. Imagination Technologies is a global leader in developing GPUs, AI solutions,...

A proof-of-concept exploit was released for a critical vulnerability impacting macOS systems, identified as CVE-2024-54498. Security researcher @wh1te4ever recently revealed a proof-of-concept (PoC) exploit showcasing how the flaw allows malicious applications to escape the...

A critical security vulnerability, CVE-2025-0282, has been identified and exploited in the wild, affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow vulnerability, rated with a CVSS score...

IBM disclosed a significant vulnerability in its watsonx.ai platform, potentially exposing users to cross-site scripting (XSS) attacks. The vulnerability, identified as CVE-2024-49785, affects both IBM watsonx.ai on Cloud Pak for Data and standalone IBM...

Security researchers have successfully hacked Apple's proprietary ACE3 USB-C controller. This chip, introduced with the iPhone 15 and iPhone 15 Pro, represents a significant leap in USB-C technology, handling power delivery and acting as...