Aggregator

Currently trending CVE - Hype Score: 31 - A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and ...

Currently trending CVE - Hype Score: 31 - VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management ...

Currently trending CVE - Hype Score: 31 - A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series ...

Currently trending CVE - Hype Score: 26 - Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. ...

Currently trending CVE - Hype Score: 1 - Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Currently trending CVE - Hype Score: 26 - A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

Currently trending CVE - Hype Score: 36 - Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update ...

Currently trending CVE - Hype Score: 38 - An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized ...

Currently trending CVE - Hype Score: 27 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

A vulnerability marked as critical has been reported in Cisco IOS XE. This issue affects some unknown processing of the component IOx Application Hosting Environment. Performing manipulation results in improper access controls. This vulnerability is cataloged as CVE-2023-20065. The attack must be initiated from a local position. There is no exploit available. It is suggested to upgrade the affected component.

How Autonomous AI Systems Are Moving Beyond Hype and Why CIOs Can't Ignore Them
Agentic AI is moving from concept to capability, bridging the gap between reactive tools and enterprise-scale autonomy. With the stack maturing fast, CIOs face a choice: lead the shift or risk being left behind.

Maximum Validity of Public TLS Certificates Will Drop From 398 Days to Just 47 Days
The future of managing digital certificates is already here - it's just not evenly distributed yet. With the public TLS certificate validity period set to drop to just 47 days, as well as the need to migrate to quantum-safe encryption, experts see automation as key to achieving crypto agility.

Common Weaknesses Healthcare Providers Must Overcome to Avoid Regulators' Wrath
Regulators have long pushed HIPAA-regulated providers to ensure their enterprise-wide security risk analysis is comprehensive and timely, so they can identify security issues before they become data breaches. Why do so many organizations struggle with this top HIPAA priority?

CEO Matthew Prince: Unchecked Scraping Could Undermine the Internet's Economic Model
With 20% of the web behind its platform, Cloudflare will now block AI web crawlers from scraping monetized content by default. CEO Matthew Prince says the company's policy gives all users, even on the free plan, control over AI bot access and protects the incentives for content creation.

A vulnerability identified as problematic has been detected in Linux Kernel up to f133819e24e78f3aaaa00e9fa2b816d5f73fd172. This affects the function pnfs_update_layout of the component NFSv4/pNFS. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2025-38393. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.36/6.15.5/6.16-rc4. It has been classified as critical. The impacted element is the function in_atomic of the file kernel/locking/mutex.c of the component idpf. This manipulation causes stack-based buffer overflow. This vulnerability is registered as CVE-2025-38392. The physical device can be targeted for the attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.36/6.15.5/6.16-rc4. This affects an unknown function of the component arm_ffa. The manipulation leads to memory leak. This vulnerability is listed as CVE-2025-38390. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.