A critical security vulnerability affecting Django web applications has been discovered through a sophisticated exploit chain that combines directory traversal attacks with CSV parser manipulation.
Security researcher Jineesh AK, working on a bug bounty program, successfully demonstrated how seemingly innocuous file upload functionality could...
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Citrix NetScaler ADC and Gateway vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation by threat actors in the wild.
The buffer overflow vulnerability, tracked as CVE-2025-6543, poses significant risks to...
Google has released an emergency security update for its Chrome browser to address a critical zero-day vulnerability that is actively being exploited by threat actors in the wild.
The vulnerability, tracked as CVE-2025-6554, represents a significant security risk that could allow attackers to execute...
A single leaked client secret embedded in Synology’s “Active Backup for Microsoft 365” (ABM) has given would-be attackers unfettered read-only access to every Microsoft 365 tenant that deployed the add-on, exposing group and Microsoft Teams content across more than 1.2 million installations.
During a red-team...
IBM has disclosed a critical security vulnerability in its WebSphere Application Server that could allow remote attackers to execute arbitrary code on affected systems.
The vulnerability, designated as CVE-2025-36038, was initially published on June 25, 2025, with a corrected CVE identifier issued the same...
Hewlett Packard Enterprise has disclosed a critical security vulnerability in its OneView for VMware vCenter software that could allow attackers with limited access to escalate their privileges and perform unauthorized administrative actions.
The vulnerability, tracked as CVE-2025-37101, affects all versions of HPE OneView for...