A critical vulnerability in the AI-Bolit malware scanner, part of Imunify security products, could allow attackers to run arbitrary code and gain root access on Linux servers.
Discovered through responsible disclosure, the flaw affects widely used web hosting tools. It puts millions of sites...
Google has urgently patched a critical zero-day vulnerability in its Chrome browser after confirming active exploitation by threat actors.
The flaw, tracked as CVE-2025-13223, affects the V8 JavaScript engine and allows attackers to corrupt memory through malicious web pages, potentially leading to remote code...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical path traversal vulnerability in Fortinet's FortiWeb Web Application Firewall (WAF) to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation that allows unauthenticated attackers to gain administrative access through crafted HTTP or...
A subtle logic error in the popular mPDF PHP library allows attackers to trigger unauthorized web requests, potentially exposing internal networks even when user input is sanitized using standard PHP functions.
This flaw affects over 70 million installations on Packagist, a central PHP package...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory warning of multiple severe vulnerabilities in the General Industrial Controls Lynx+ Gateway, an industrial control system used in essential manufacturing sectors worldwide.
Issued on November 13, 2025, under alert code ICSA-25-317-08,...
IBM has disclosed critical vulnerabilities in its AIX operating system that enable remote attackers to execute arbitrary commands, steal sensitive keys, and manipulate files, posing severe risks to enterprise environments.
These flaws, tracked as CVE-2025-36251, CVE-2025-36250, CVE-2025-36096, and CVE-2025-36236, affect Network Installation Manager (NIM)...