Vulnerabilities

Oracle’s July 2025 Critical Patch Update was released fixing 309 security vulnerabilities across its products. The update impacts 34 key product families. Oracle Communications has the most patches at 112 vulnerabilities, followed by MySQL with 40 and Oracle Fusion Middleware. 145 remote vulnerabilities could be exploited without authentication, allowing attackers …

Four vulnerabilities in Gigabyte firmware were found by Binarly researchers and reported to Carnegie Mellon University’s CERT Coordination Center. The original firmware supplier, American Megatrends Inc. (AMI), fixed issues after being privately informed. However, some OEM firmware builds, like Gigabyte’s, did not implement the fixes initially. In Gigabyte firmware implementations, …

GitLab has released security updates for its Community Edition (CE) and Enterprise Edition (EE) to fix vulnerabilities that could enable cross-site scripting (XSS) attacks and bypass group restrictions. CVE-2025-6948 is a critical cross-site scripting (XSS) vulnerability with a CVSS score of 8.7. It affects all versions prior to 17.11.6, 18.0.4, …

Zoom released a security update addressing six newly discovered vulnerabilities in its Workplace, Rooms, and SDK products for Windows, macOS, Linux, iOS, and Android. These issues could result in denial of service, information leaks, cross-site scripting, and integrity breaches. CVE-2025-46788 (CVSS 7.4): Improper Certificate Validation in Zoom for Linux CVE-2025-49464 …

Splunk has issued critical security updates for SOAR versions 6.4.0 and 6.4 to fix several vulnerabilities in third-party packages. The comprehensive security update published on July 7, 2025, fixes several Common Vulnerabilities and Exposures (CVEs) with severity levels from medium to critical. Critical vulnerabilities impact core components like git, Django, …

Fortinet has issued a critical patch for a critical vulnerability in its FortiWeb product, a web application firewall commonly used in enterprises. Identified as CVE-2025-25257, this high-severity issue is an unauthenticated SQL injection flaw that lets remote attackers run unauthorized SQL commands through specially crafted HTTP or HTTPS requests. “An …

Microsoft’s Patch Tuesday in July 2025 is critical, featuring updates for 137 vulnerabilities, including a zero-day in Microsoft SQL Server. The extensive nature of these updates brings relief to defenders and anxiety to users needing to secure their operations. This analysis emphasizes key points, the associated risks, and the implications …

CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog on Monday due to evidence of active exploitation. The list of flaws is as follows: CVE-2014-3931 (CVSS score: 9.8) A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory …

IBM X-Force has analyzed Microsoft Azure Arc, revealing how this hybrid-cloud management tool can pose risks for code execution, privilege escalation, and stealthy persistence. This study began when IBM’s red team found a hardcoded Azure Service Principal secret in a PowerShell script, prompting a closer look at Azure Arc’s operations …

Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow unauthorized users to run commands as the root user. The vulnerabilities CVE-2025-20281 and CVE-2025-20282 both have a CVSS score of 10.0. CVE-2025-20281: An unauthenticated remote code execution …