Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added two significant Linux kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog yesterday, confirming both flaws are being actively weaponized in targeted attacks. Federal agencies have...

VMware has released critical security updates to address 47 vulnerabilities across multiple VMware Tanzu Greenplum products, including 29 issues in VMware Tanzu Greenplum Backup and Restore and 18 bugs in various components of VMware...

Microsoft has released a patch for a critical Windows Kerberos vulnerability (CVE-2025-29809) that allows attackers to bypass security features and potentially access sensitive authentication credentials.  The flaw, addressed in the April 2025 Patch Tuesday updates,...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.  The flaw in the Windows Common Log File System (CLFS) driver, tracked as...

A significant security vulnerability in Apache's mod_auth_openidc module has been discovered that could allow unauthorized access to protected web resources.  The flaw, tracked as CVE-2025-31492 and rated 8.2 on the CVSSv4 scale, affects widely deployed...

Over 5,113 Ivanti Connect Secure VPN appliances remain unpatched and vulnerable to the active exploitation of CVE-2025-22457, a critical stack-based buffer overflow vulnerability that enables remote code execution (RCE).  The Shadowserver Foundation's recent scans revealed...

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical authentication bypass vulnerability in CrushFTP file transfer software to its Known Exploited Vulnerabilities (KEV) Catalog.  Designated as CVE-2025-31161, this vulnerability is actively being exploited...

A critical vulnerability in the AWS Systems Manager (SSM) Agent that could allow attackers to execute arbitrary code with elevated privileges.  The vulnerability, stemming from improper input validation within the ValidatePluginId function, affects a core...

Fortinet has issued a critical advisory regarding a newly discovered vulnerability in its FortiSwitch product line. The vulnerability, identified as an unverified password change vulnerability (CWE-620), could allow remote, unauthenticated attackers to modify administrative...

The National Institute of Standards and Technology (NIST) announced on April 2, 2025, that all Common Vulnerabilities and Exposures (CVEs) with a published date prior to January 1, 2018, will be marked as "Deferred"...