Vulnerability News

A decade-old critical security vulnerability has been discovered in Roundcube Webmail that could allow authenticated attackers to execute arbitrary code on vulnerable systems, potentially affecting millions of installations worldwide. The flaw, tracked as CVE-2025-49113, carries...

A significant security vulnerability in the Splunk Enterprise platform could allow low-privileged attackers to execute unauthorized JavaScript code through a reflected Cross-Site Scripting (XSS) flaw.  The vulnerability, tracked as CVE-2025-20297, affects multiple versions of Splunk...

Mobile chipmaker Qualcomm has issued urgent security patches for three critical zero-day vulnerabilities in its Adreno GPU drivers that are actively being exploited in targeted attacks against Android users worldwide. The company confirmed that patches...

Two critical local information-disclosure vulnerabilities affecting millions of Linux systems worldwide, potentially allowing attackers to extract sensitive password data through core dump manipulation. The Qualys Threat Research Unit (TRU) disclosed two race-condition vulnerabilities that target...

A new security vulnerability has been discovered in Apache Tomcat's CGI servlet implementation that could allow attackers to bypass configured security constraints under specific conditions. The vulnerability, designated CVE-2025-46701, was disclosed on May 29, 2025,...

A critical security flaw in Microsoft's OneDrive File Picker has exposed millions of users to unauthorized data access, allowing third-party web applications to gain complete access to users' entire OneDrive storage rather than just...

Cybersecurity researchers have uncovered a sophisticated new attack method called "ChoiceJacking" that allows malicious charging stations to steal sensitive data from smartphones and tablets, effectively bypassing security measures that have protected mobile devices for...

Three critical vulnerabilities in XenServer VM Tools for Windows allow attackers to execute arbitrary code and escalate privileges within guest operating systems.  The flaws, identified as CVE-2025-27462, CVE-2025-27463, and CVE-2025-27464, affect all versions of XenServer...

Mozilla has released emergency security updates to address a critical vulnerability in Firefox that could allow attackers to execute arbitrary code on victims' systems without any user interaction.  The security flaw, tracked as CVE-2025-5262, was...

Google has officially promoted Chrome 137 to the stable channel for Windows, Mac, and Linux platforms, marking a significant milestone in browser security and artificial intelligence integration. The Chrome team announced the release on...