Alert

The OpenJS Foundation has updated Node.js 24.x, 22.x, and 20.x to fix two serious vulnerabilities—CVE-2025-27210 and CVE-2025-27209—that could endanger Windows applications and web services using JavaScript’s V8 engine. These issues, involving path traversal bypass and hash collision denial-of-service (HashDoS), impact millions of backend and full-stack applications globally. CVE-2025-27210: Path Traversal …

Broadcom has urgently alerted about four serious vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools, with CVSS scores up to 9.3. Reported by leading security researchers at Pwn2Own, these flaws present major risks to organizations using virtual infrastructure. CVE-2025-41236 – Integer Overflow in VMXNET3 (CVSS 9.3) A vulnerability in the …

Oracle’s July 2025 Critical Patch Update was released fixing 309 security vulnerabilities across its products. The update impacts 34 key product families. Oracle Communications has the most patches at 112 vulnerabilities, followed by MySQL with 40 and Oracle Fusion Middleware. 145 remote vulnerabilities could be exploited without authentication, allowing attackers …

Four vulnerabilities in Gigabyte firmware were found by Binarly researchers and reported to Carnegie Mellon University’s CERT Coordination Center. The original firmware supplier, American Megatrends Inc. (AMI), fixed issues after being privately informed. However, some OEM firmware builds, like Gigabyte’s, did not implement the fixes initially. In Gigabyte firmware implementations, …

Security researchers warn that hackers are exploiting a critical vulnerability in Wing FTP Server to gain control of affected systems. The vulnerability identified as CVE-2025-47812 can allow remote code execution at the root level due to a null byte and Lua injection issue, according to Huntress researchers. Huntress researchers noticed …

A severe vulnerability (CVE-2025-7503) has been found in an IP camera from Shenzhen Liandian Communication Technology LTD. With a CVSSv4 score of 10, this issue allows attackers root access via an undocumented Telnet service, threatening privacy and security. The vulnerability lies in the camera’s firmware (AppFHE1_V1.0.6.0) and its associated kernel …

Proof of concept exploits for a serious SQLi vulnerability in Fortinet FortiWeb have been released, allowing pre-authenticated remote code execution on vulnerable servers. FortiWeb is a web application firewall (WAF) that protects web applications from harmful HTTP traffic and threats. The FortiWeb vulnerability, rated 9.8/10 in severity, is identified as …

GitLab has released security updates for its Community Edition (CE) and Enterprise Edition (EE) to fix vulnerabilities that could enable cross-site scripting (XSS) attacks and bypass group restrictions. CVE-2025-6948 is a critical cross-site scripting (XSS) vulnerability with a CVSS score of 8.7. It affects all versions prior to 17.11.6, 18.0.4, …

A newly found vulnerability (CVE-2025-7206) in the D-Link DIR-825 router firmware version 2.10 poses a significant risk to home and business networks. Discovered by security researcher iC0rner, it enables remote attackers to crash the router’s web interface without needing authentication, which could lead to remote code execution or denial-of-service attacks. …

Zoom released a security update addressing six newly discovered vulnerabilities in its Workplace, Rooms, and SDK products for Windows, macOS, Linux, iOS, and Android. These issues could result in denial of service, information leaks, cross-site scripting, and integrity breaches. CVE-2025-46788 (CVSS 7.4): Improper Certificate Validation in Zoom for Linux CVE-2025-49464 …