Apache bRPC versions before 1.15.0 are vulnerable to a critical remote denial-of-service flaw that allows attackers to crash servers by exploiting uncontrolled recursion in the json2pb component.
The vulnerability, tracked as CVE-2025-59789 and discovered by Tyler Zars, affects all platforms running vulnerable versions of...
A proof-of-concept (PoC) exploit for CVE-2024-21413, a critical remote code execution (RCE) flaw in Microsoft Outlook dubbed "MonikerLink," has been released publicly on GitHub, enabling researchers to test the vulnerability in controlled lab environments.
This zero-click issue, with a CVSS v3.1 score of 9.8...
Apache SkyWalking, a popular open-source tool for application performance monitoring, faces a stored cross-site scripting vulnerability tracked as CVE-2025-54057.
This flaw affects versions up to 10.2.0 and allows attackers to inject malicious scripts into web interfaces, potentially compromising user sessions and data.
The Apache...
NVIDIA disclosed 14 vulnerabilities in its DGX Spark GB10 AI workstation on November 25, 2025, affecting all DGX OS versions before OTA0.
These flaws, mainly in the SROOT firmware and hardware resources, enable local attackers with privileged access to bypass protections, leading to remote...
A serious flaw in Angular's HTTP Client exposes users' XSRF tokens to attacker-controlled sites, enabling CSRF attacks that bypass built-in protections.
Tracked as CVE-2025-66035 with a CVSS score of 7.5 (High severity), this issue affects the @angular/standard package.
It stems from the mishandling of...
A serious denial-of-service (DoS) flaw in Next.js lets attackers crash self-hosted servers with a single HTTP request, using almost no resources on their end.
Security firm Harmony Intelligence found the issue while testing an AI tool, and it affects versions up to 15.5.4.
Next.js powers...