Grafana released emergency patches for a critical SCIM vulnerability (CVE-2025-41115) that allows attackers to escalate privileges or impersonate admins in Grafana Enterprise.
The flaw, scored CVSS 10.0, affects versions 12.0.0 through 12.2.1 when SCIM provisioning is enabled.
Grafana Labs disclosed it alongside the Enterprise...
Zscaler ThreatLabz uncovered CVE-2025-50165 in May 2025, a critical remote code execution flaw in the Windows Graphics Component with a CVSS score of 9.8.
This untrusted-pointer dereference in windowscodecs.dll affects apps like Microsoft Office that process images, enabling attackers to trigger it via a...
A critical authentication bypass flaw in Milvus Proxy (CVE-2025-64513) allows attackers to bypass all security checks.
Discovered by the HelixGuard Team on November 12, 2025, this issue affects popular versions of Milvus, an open-source vector database designed for AI workloads, including generative models.
Attackers...
N-able N-central, a popular remote monitoring and management (RMM) platform used by enterprises and managed service providers (MSPs), faces severe vulnerabilities that allow unauthenticated attackers to bypass authentication, write files, and disclose sensitive information via XML External Entity (XXE) injection.
These flaws, uncovered by...
Twonky Server version 8.5.2 contains two serious flaws that allow attackers to bypass authentication and steal admin credentials on Linux and Windows systems.
These issues, tracked as CVE-2025-13315 and CVE-2025-13316, allow remote attackers to extract encrypted admin passwords from logs and crack them using...
Ollama versions before 0.7.0 contain parsing flaws that allow attackers to execute arbitrary code by loading a crafted GGUF model through the API, and users should update immediately.
The issue stems from unsafe handling of untrusted metadata during model load, which enables an out-of-bounds...