Vulnerabilities

In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild. The disclosure of known exploited vulnerabilities was from 50 different sources. “We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day …

The NVIDIA NeMo Framework has three vulnerabilities that could enable attackers to execute remote code, risking AI system compromise and data tampering. The security flaws CVE-2025-23249, CVE-2025-23250, and CVE-2025-23251 have a CVSS base score of 7.6, indicating a significant risk to users of the popular generative AI framework. On April …

Cisco issued a security advisory about a remote code execution (RCE) vulnerability (CVE-2025-32433) affecting multiple products in its portfolio due to issues in the Erlang/OTP SSH server. The flaw with a CVSSv3.1 score of 10.0 allows unauthenticated attackers to run arbitrary code on vulnerable systems by misusing SSH message handling …

SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances. Identified as CVE-2025-32818, this high-severity vulnerability has a CVSS score of 7.5, posing significant risks for enterprises using SonicWall Gen7 devices for secure network access. The official advisory states that …

GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7 are now available for both Community Edition (CE) and Enterprise Edition (EE) to fix important bugs and security issues. High-Severity XSS and Account Takeover Risks The advisory highlights several high-severity …

Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws could let attackers gain unauthorized access and escalate their privileges on the devices. On April 22, 2025, a security advisory was released outlining patches for CVE-2025-1731 and CVE-2025-1732, affecting various …

Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their web management interfaces. Security researcher “The Veteran” found vulnerabilities that let remote attackers bypass authentication and gain unauthorized control of devices without valid credentials. TP-Link Router Vulnerabilities: CVE-2025-29648: TP-Link EAP120 …

You copy a password from your manager, thinking it’s safe. Meanwhile, your phone is saving it in plain text. Samsung says, so far, there is no solution. Imagine you just copied a password or banking logins from a password manager. Then you think, “Wait, does this go away after I …

GitHub has released security updates for GitHub Enterprise Server to fix several vulnerabilities, including a high-severity flaw that could allow code execution by attackers. Organizations are urged to apply these patches quickly to ensure system protection. High-Risk Code Execution Vulnerability: A vulnerability (CVE-2025-3509) in the pre-receive hook feature of GitHub …

Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10, has prompted the company to advise users to update the firmware of Asus routers that use AiCloud. Asus AiCloud is a cloud storage and remote access service for ASUS routers, …