-
Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks. The vulnerability, tracked as CVE-2025-49201, was i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has disclosed a security vulnerability affecting its FortiOS operating system that could allow attackers with administrative privileges to execute unauthorized system commands by bypassing command line interface restrictions. The flaw, tracked…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October 14, 2025, allows attackers with limited syste…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes by sending malformed SAP Logon or SAP Assertion Tickets. Rated Medium severity with a …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new proof-of-concept (PoC) exploit has been published for a critical flaw in the widely used sudo utility. This vulnerability enables any local user to escape a chroot jail and execute commands with root privileges. Organizations relying on…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ivanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and remote code execution, and eleven medium-severity SQL injection flaws. While there is no evidence of…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Happy DOM, a popular JavaScript library used for server-side rendering and testing frameworks. The flaw, tracked as CVE-2025-61927, enables attackers to escape the virtual machine context and exe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Oracle has issued a critical security alert for a severe vulnerability in its E-Business Suite platform that could allow attackers to execute remote code and steal sensitive data without requiring authentication. The flaw, identified as CVE-2025-6…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
