Vulnerability News

Cisco disclosed a critical security vulnerability affecting Cisco Meraki MX and Z Series devices, which presents significant risks to enterprise networks.  The vulnerability tracked as CVE-2025-20212 and associated with allows authenticated remote attackers to trigger...

Attackers are actively exploiting a critical authentication bypass vulnerability in SonicWall firewalls to gain unauthorized network access.  The vulnerability tracked as CVE-2024-53704, with a critical CVSS score of 9.8, allows remote attackers to hijack active...

Critical vulnerabilities in Google's Quick Share file transfer utility for Windows allowed attackers to achieve remote code execution (RCE) without user interaction.  The flaws exposed millions of Windows users to potential attacks through this peer-to-peer...

A newly disclosed vulnerability in WinRAR allows attackers to bypass a core Windows security mechanism, enabling arbitrary code execution on affected systems. Tracked as CVE-2025-31334, this flaw impacts all WinRAR versions before 7.11 and has...

Mozilla has officially released Firefox 137, addressing multiple high-severity security vulnerabilities that could potentially allow remote attackers to execute arbitrary code, trigger denial of service conditions, or elevate privileges on affected systems.  This critical security...

Google has rolled out a critical security update for Chrome 135 across all desktop platforms. The update addresses fourteen vulnerabilities, including high-severity flaws that could enable remote code execution. The stable channel update (135.0.7049.52...

VMware has issued a critical security advisory (VMSA-2025-0006) addressing a high-severity local privilege escalation vulnerability (CVE-2025-22231) in its Aria Operations platform. The flaw, rated 7.8 on the CVSSv3 scale, allows attackers with local administrative...

A critical security flaw in Kentico Xperience CMS, a widely used enterprise content management system (CMS), has been uncovered. By exploiting a Cross-Site Scripting (XSS) vulnerability, attackers can execute remote code.  This vulnerability, tracked as...

Canon has issued a critical security advisory regarding a severe vulnerability detected in several of its printer drivers that could allow attackers to execute arbitrary code on affected systems.  The flaw, identified as CVE-2025-1268, carries...

Security researchers have published a detailed technical analysis of a critical remote code execution (RCE) vulnerability (CVE-2023-38408) in OpenSSH's agent forwarding feature that was disclosed in July 2023. The Qualys Threat Research Unit discovered...