Vulnerability

Threat actors are actively exploiting CVE-2025-54236 (CVSS 9.1), a critical improper input validation vulnerability in Adobe Commerce and Magento…

Maryland launched a Vulnerability Disclosure Program (VDP) to encourage ethical hackers to report security flaws in state systems before malicious…

A critical vulnerability (CVE-2025-9242, CVSS 9.3) in WatchGuard Firebox network security appliances exposes 75,835+ devices globally, primarily in…

Google’s Vulnerability Rewards Program (VRP) faced inefficiencies due to a flood of low-value bug reports, diverting security team resources…

A critical privilege escalation vulnerability (CVE-2025-10725, CVSS 9.9) was discovered in Red Hat OpenShift AI, a platform for managing…

Google Project Zero researcher Jann Horn uncovered a sophisticated vulnerability in Apple’s macOS and iOS that allows attackers to…

A critical vulnerability (CVE-2025-58434, CVSS 9.8) in FlowiseAI’s password reset mechanism exposes all versions before 3.0.5…

Audi has been identified as shipping vehicles (up to at least 2024) with outdated and vulnerable software components, such as…

Researchers from the University of Maryland uncovered systemic cybersecurity vulnerabilities across 3,095 U.S. county governments, exposing 42,735…

A critical security vulnerability (CVE-2025-7353, CVSS 9.8) was discovered in Rockwell Automation’s ControlLogix Ethernet communication modules, exposing industrial…

The AI-powered developer tool Cursor was found to have a critical vulnerability (CVE-2025-54136, dubbed MCPoison), allowing attackers to permanently inject…

A critical unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2025-52665, CVSS 9.8) was discovered in Ubiquiti’s UniFi OS, exposing…