A critical security vulnerability in the popular AI-powered code editor Cursor IDE has been disclosed that allows attackers to execute remote code without any user interaction.
The flaw, dubbed "CurXecute" and tracked as CVE-2025-54135, received a severity rating of 8.6 and has been patched...
A critical security vulnerability in the widely-used Squid proxy server has been discovered that could allow attackers to execute remote code and access sensitive system memory.
The vulnerability, tracked as CVE-2025-54574 and designated SQUID-2025:1, affects all Squid versions up to 6.3 and poses significant...
HashiCorp has issued a high-severity advisory (HCSEC-2025-14) detailing CVE-2025-6000, a vulnerability that allows a privileged Vault operator to achieve remote code execution on the host running Vault.
The weakness affects Vault Community Edition and Vault Enterprise versions 0.8.0 through 1.20.0, with fixes released in...
A critical Remote Code Execution (RCE) vulnerability has been discovered in the NestJS development tools package, allowing malicious websites to execute arbitrary commands on developers' local machines.
The vulnerability, tracked as CVE-2025-54782, affects the @nestjs/devtools-integration package and has been assigned a critical CVSS score....
A severe security vulnerability has been discovered in SUSE Manager that allows unauthenticated attackers to execute arbitrary commands with root privileges through an exposed websocket endpoint.
The vulnerability, tracked as CVE-2025-46811, has been assigned a critical CVSS score of 9.3 and affects multiple versions...
A critical zero-day vulnerability in CrushFTP has been disclosed, allowing attackers to achieve remote code execution without authentication.
The vulnerability, tracked as CVE-2025-54309, has received a maximum CVSS score of 9.8 and affects the software's DMZ proxy functionality.
Security researchers have released a proof-of-concept...