NVIDIA has issued a security bulletin warning about two high-severity vulnerabilities in its Triton Inference Server software.
These flaws allow remote attackers to cause denial-of-service conditions on Linux systems by injecting specially crafted inputs.
Vulnerability Details
Attackers can exploit CVE-2025-33211 by improperly validating a specified quantity...
A serious command injection vulnerability in Cacti, a popular open-source network monitoring tool, allows authenticated attackers to execute arbitrary commands remotely.
Dubbed a high-severity issue by security researcher TheWitness, the flaw (GHSA-c7rr-2h93-7gjf) affects versions up to 1.2.28.
Users should update to the patched 1.2.29...
Security firm Aikido Security uncovered PromptPwnd, a flaw in GitHub Actions and GitLab CI/CD pipelines linked to AI agents.
This issue allows attackers to inject harmful prompts via user input, including issues and pull requests. At least five Fortune 500 firms face risks, with...
Security researcher Lyra Rebane has uncovered a powerful new clickjacking technique using SVG filters.
This method, dubbed "SVG clickjacking," overlays interactive fake interfaces on cross-origin iframes to trick users into performing complex actions, such as filling out forms or entering data.
Traditional clickjacking hides buttons...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2021-26828 to its Known Exploited Vulnerabilities (KEV) catalog on December 3, 2025, confirming active exploitation in the wild.
This flaw affects OpenPLC ScadaBR, an open-source supervisory control and data acquisition (SCADA) platform used in industrial...
Security researchers chained three vulnerabilities in Synology BeeStation devices to enable unauthenticated attackers to remotely gain root access.
Demonstrated initially at Pwn2Own 2024 by DEVCORE, independent analyst kiddo-pwn published an N-day exploit highlighting a creative SQLite injection method targeting the cron task scheduler.
Vulnerability Chain
The...