A critical vulnerabilities in Xerox FreeFlow Core that enable unauthenticated remote attackers to achieve remote code execution on vulnerable systems.
The vulnerabilities, discovered during investigation of an apparent false positive detection, affect the widely-deployed print orchestration platform used by commercial print shops, universities, and...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities affecting N-able N-Central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The addition of CVE-2025-8875 and CVE-2025-8876 to the catalog on August 13, 2025,...
GitLab has released critical security patches addressing 12 vulnerabilities across versions 18.2.2, 18.1.4, and 18.0.6 for both Community Edition (CE) and Enterprise Edition (EE).
The vulnerabilities include multiple high-severity cross-site scripting (XSS) vulnerabilities that could enable account takeover attacks and unauthorized code execution on...
Microsoft has released critical security updates addressing multiple use-after-free vulnerabilities in Office applications that could allow attackers to execute arbitrary code on victim systems.
The August 2025 Patch Tuesday includes fixes for three high-severity Office vulnerabilities, with two receiving critical CVSS scores of 8.4.
Three...
Google has released a critical security update for Chrome, addressing six vulnerabilities that pose serious threats to user security.
The update, Chrome version 139.0.7258.127/.128 for Windows and Mac, and 139.0.7258.127 for Linux, began rolling out on August 12, 2025, and will reach all users...
Fortinet has disclosed a critical authentication bypass vulnerability in its FortiWeb web application firewall that allows unauthenticated attackers to log in as any existing user on affected devices.
The vulnerability, tracked as CVE-2025-52970 and dubbed "Fort-Majeure" by security researcher Aviv Y, affects multiple versions...