The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent warnings about two critical vulnerabilities in SysAid On-Prem systems that are being actively exploited by threat actors in the wild.
The agency has added CVE-2025-2776 and CVE-2025-2775 to its Known Exploited Vulnerabilities (KEV) catalog,...
A Metasploit exploit module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server that are currently being exploited in the wild.
The module, developed by Principal Security Researcher Stephen Fewer, exploits a chained attack leveraging CVE-2025-53770 and CVE-2025-53771 to achieve unauthenticated remote code execution on...
TP-Link has disclosed critical security vulnerabilities in two of its VIGI network video recorder (NVR) models that could allow attackers to execute arbitrary commands on affected devices.
The vulnerabilities, designated as CVE-2025-7723 and CVE-2025-7724, affect the VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 systems,...
German industrial automation company Weidmueller Interface GmbH & Co. KG has disclosed multiple critical vulnerabilities affecting its IE-SR-2TX series of security routers that could allow attackers to execute arbitrary commands with root privileges on targeted devices.
The vulnerabilities, tracked under five separate CVE identifiers...
GitLab has released critical security patches for both Community Edition (CE) and Enterprise Edition (EE), addressing multiple vulnerabilities that could potentially compromise user data and system security.
The company strongly urges all self-managed GitLab installations to upgrade immediately to the newly released versions 18.2.1,...
SonicWall has disclosed multiple critical security vulnerabilities affecting its SMA 100 series products that could allow remote attackers to execute arbitrary code without authentication.
The security vulnerabilities, tracked as CVE-2025-40596, CVE-2025-40597, and CVE-2025-40598, impact the SMA 210, 410, and 500v models running firmware version...