A serious flaw in Angular's HTTP Client exposes users' XSRF tokens to attacker-controlled sites, enabling CSRF attacks that bypass built-in…
A serious denial-of-service (DoS) flaw in Next.js lets attackers crash self-hosted servers with a single HTTP request, using almost no…
Security teams using Apache Syncope face a new risk. A flaw in this open-source identity management tool allows attackers to…
A flaw in Microsoft's Update Health Tools exposed Windows devices to remote code execution by exploiting abandoned Azure Blob Storage…
HashiCorp has disclosed a security flaw in its Vault Terraform Provider that allows attackers to bypass valid credentials and log…
NVIDIA has patched serious security flaws in its Isaac-GR00T platform, a key tool for building AI-powered humanoid robots. Released on…
Security researchers released a proof-of-concept exploit for CVE-2025-9501, a critical unauthenticated remote code execution flaw in the W3 Total Cache…
Remote attackers can seize complete control of popular Tenda routers through serious command injection flaws, security researchers warn. Affecting the…
A serious flaw in the popular vLLM library could let attackers crash servers or even run malicious code remotely. Security…
Wireshark, the leading open-source network protocol analyzer, released version 4.6.1 on November 19, 2025, to fix two security flaws in…