Security researchers have uncovered a stored cross-site scripting (XSS) vulnerability in Angular's Template Compiler that lets attackers inject and execute malicious JavaScript via specially crafted SVG animations.
The flaw stems from an incomplete internal security schema that fails to properly sanitize specific URL-holding attributes,...
The Django project released security patches on December 2, 2025, addressing two vulnerabilities in versions 5.2.9, 5.1.15, and 4.2.27.
Posted by maintainer Natalia Bidart, these updates fix a high-severity SQL injection risk on PostgreSQL and a moderate-severity denial-of-service (DoS) flaw in the XML serializer....
Google has rolled out Chrome 143 to the stable channel for Windows, Mac, and Linux, addressing 13 security vulnerabilities in versions 143.0.7499.40 (Linux) and 143.0.7499.40/41 (Windows/Mac).
The update, announced on December 2, 2025, via the Chrome Releases blog, deploys gradually over days or weeks....
A critical flaw in the popular open-source eCommerce platform nopCommerce exposes users to session hijacking attacks.
Security researchers at CERT have issued Vulnerability Note VU#633103, detailing how the platform fails to invalidate session cookies after logout or session termination.
Tracked as CVE-2025-11699, this issue...
OpenVPN, a popular open-source VPN solution, has patched multiple flaws in its recent releases that expose users to denial-of-service (DoS) attacks and security bypasses.
Versions 2.6.17 and 2.7_rc3, released on November 28, 2025, address issues including a local DoS on Windows systems and remote...
A new denial-of-service vulnerability in Apache Struts exposes web applications to disk exhaustion attacks, in which hackers flood servers with temporary files until storage runs out.
Tracked as CVE-2025-64775, the flaw affects multiple versions of the popular Java web framework. It carries an "Important"...