Apache SkyWalking, a popular open-source tool for application performance monitoring, faces a stored cross-site scripting vulnerability tracked as CVE-2025-54057.
This flaw affects versions up to 10.2.0 and allows attackers to inject malicious scripts into web interfaces, potentially compromising user sessions and data.
The Apache...
NVIDIA disclosed 14 vulnerabilities in its DGX Spark GB10 AI workstation on November 25, 2025, affecting all DGX OS versions before OTA0.
These flaws, mainly in the SROOT firmware and hardware resources, enable local attackers with privileged access to bypass protections, leading to remote...
A flaw in Microsoft's Update Health Tools exposed Windows devices to remote code execution by exploiting abandoned Azure Blob Storage accounts.
This tool, detailed in KB4023057, helps enterprises deploy updates faster via Intune. However, it also supports trusted unverified JSON configs from hijackable storage....
Security researchers released a proof-of-concept exploit for CVE-2025-9501, a critical unauthenticated remote code execution flaw in the W3 Total Cache WordPress plugin.
This vulnerability affects over 1 million sites and allows attackers to run arbitrary PHP code via simple comments.
Vulnerability Breakdown
The flaw affects versions...
Remote attackers can seize complete control of popular Tenda routers through serious command injection flaws, security researchers warn.
Affecting the Tenda N300 series and Tenda 4G03 Pro portable 4G LTE devices, these vulnerabilities let authenticated users run any command as the powerful "root" superuser....
Microsoft patched a severe flaw in Azure Bastion on November 20, 2025, tracked as CVE-2025-49752, that allows attackers to bypass authentication checks and gain admin rights on virtual machines.
This vulnerability carries a top CVSS v4.0 score of 10.0 due to its network-based attack...