Alert

Oracle’s July 2025 Critical Patch Update includes 309 new security patches, with 127 addressing remotely exploitable vulnerabilities. SecurityWeek found about 200 unique CVEs in Oracle’s July 2025 CPU, with nine patches for critical flaws. In October, Oracle Communications issued 84 security patches, the highest this month, similar to April. Out …

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a crucial vulnerability in Fortinet FortiWeb in its Known Exploited Vulnerabilities (KEV) catalog, verifying that the SQL injection flaw is being actively exploited in cyberattacks across the globe. The vulnerability, tracked as CVE-2025-25257, affects Fortinet’s FortiWeb web application firewall and carries …

The OpenJS Foundation has updated Node.js 24.x, 22.x, and 20.x to fix two serious vulnerabilities—CVE-2025-27210 and CVE-2025-27209—that could endanger Windows applications and web services using JavaScript’s V8 engine. These issues, involving path traversal bypass and hash collision denial-of-service (HashDoS), impact millions of backend and full-stack applications globally. CVE-2025-27210: Path Traversal …

Broadcom has urgently alerted about four serious vulnerabilities in VMware ESXi, Workstation, Fusion, and Tools, with CVSS scores up to 9.3. Reported by leading security researchers at Pwn2Own, these flaws present major risks to organizations using virtual infrastructure. CVE-2025-41236 – Integer Overflow in VMXNET3 (CVSS 9.3) A vulnerability in the …

Oracle’s July 2025 Critical Patch Update was released fixing 309 security vulnerabilities across its products. The update impacts 34 key product families. Oracle Communications has the most patches at 112 vulnerabilities, followed by MySQL with 40 and Oracle Fusion Middleware. 145 remote vulnerabilities could be exploited without authentication, allowing attackers …

Four vulnerabilities in Gigabyte firmware were found by Binarly researchers and reported to Carnegie Mellon University’s CERT Coordination Center. The original firmware supplier, American Megatrends Inc. (AMI), fixed issues after being privately informed. However, some OEM firmware builds, like Gigabyte’s, did not implement the fixes initially. In Gigabyte firmware implementations, …

Security researchers warn that hackers are exploiting a critical vulnerability in Wing FTP Server to gain control of affected systems. The vulnerability identified as CVE-2025-47812 can allow remote code execution at the root level due to a null byte and Lua injection issue, according to Huntress researchers. Huntress researchers noticed …

A severe vulnerability (CVE-2025-7503) has been found in an IP camera from Shenzhen Liandian Communication Technology LTD. With a CVSSv4 score of 10, this issue allows attackers root access via an undocumented Telnet service, threatening privacy and security. The vulnerability lies in the camera’s firmware (AppFHE1_V1.0.6.0) and its associated kernel …

Proof of concept exploits for a serious SQLi vulnerability in Fortinet FortiWeb have been released, allowing pre-authenticated remote code execution on vulnerable servers. FortiWeb is a web application firewall (WAF) that protects web applications from harmful HTTP traffic and threats. The FortiWeb vulnerability, rated 9.8/10 in severity, is identified as …

GitLab has released security updates for its Community Edition (CE) and Enterprise Edition (EE) to fix vulnerabilities that could enable cross-site scripting (XSS) attacks and bypass group restrictions. CVE-2025-6948 is a critical cross-site scripting (XSS) vulnerability with a CVSS score of 8.7. It affects all versions prior to 17.11.6, 18.0.4, …