A critical security vulnerability in mcp-remote, a widely-used proxy tool that enables Large Language Model applications to connect with remote Model Context Protocol servers.
Designated as CVE-2025-6514 with a CVSS score of 9.6, this vulnerability allows attackers to achieve arbitrary operating system command execution...
A new security vulnerability in Windows BitLocker that could allow attackers to bypass the encryption software's security features through a physical attack.
The vulnerability, designated CVE-2025-48818, was released on July 8, 2025, and has been classified as "Important" severity by Microsoft, with a CVSS...
A high-severity security vulnerability affecting Citrix Virtual Apps and Desktops and Citrix DaaS systems worldwide.
The vulnerability, designated as CVE-2025-6759, enables local attackers with low-level privileges to escalate their access to SYSTEM-level privileges on affected Windows Virtual Delivery Agent installations.
With a CVSS v4.0...
Fortinet has disclosed a critical SQL injection vulnerability affecting multiple versions of FortiWeb, their web application firewall solution.
The security vulnerability, classified as CWE-89, enables unauthenticated attackers to execute unauthorized SQL commands through specially crafted HTTP and HTTPS requests, potentially compromising entire database systems...
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a path traversal vulnerability in Rails Ruby on Rails framework that has been actively exploited in the wild.
This vulnerability, identified as CVE-2019-5418, poses significant risks to organizations using the popular...
A critical vulnerability in DNN (formerly DotNetNuke), one of the oldest open-source content management systems established in 2003.
The vulnerability, designated CVE-2025-52488, allows attackers to steal NTLM credentials through a sophisticated Unicode normalization bypass that exploits file system operations.
This authentication vulnerability affects the...