Ivanti has issued a critical security advisory for its Endpoint Manager (EPM) product, urging users to patch immediately.
The update addresses three high-severity vulnerabilities that could enable local authenticated attackers to write arbitrary files anywhere on affected systems.
Disclosed on November 10, 2025, the...
SAP's November 2025 Security Patch Day, released on November 11, underscores the ongoing need for robust protection in enterprise environments, with 18 new security notes and two updates addressing flaws across key products.
Among these, several critical vulnerabilities involve code execution and injection risks,...
Devolutions has disclosed a pair of serious security flaws in its Server product, potentially exposing organizations to account impersonation and sensitive data leaks.
Published on November 6, 2025, under advisory DEVO-2025-0016, these issues affect versions 2025.3.5 and earlier.
The most critical vulnerability, rated 9.4...
WatchGuard Firebox appliances, widely used to protect small- to medium-sized business networks, ship with a critical flaw in their default configuration through versions up to September 10, 2025.
Specifically, the SSH service on port 4118 remains enabled and accessible remotely, accepting the factory credentials...
Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet's Triofox file-sharing and remote access platform.
This now-patched n-day vulnerability, assigned CVE-2025-12480, allowed an attacker to bypass authentication and access the application configuration pages, enabling the upload and execution of arbitrary...
The Open Web Application Security Project (OWASP) has unveiled its eighth edition of the Top 10, a cornerstone guide for developers, security pros, and organizations tackling web application risks.
This 2025 update reflects evolving threats in a landscape dominated by complex supply chains, cloud-native...