6 liens privés
Discover the details of CVE-2025-21293, an elevation of privilege vulnerability in Active Directory that allows attackers to escalate privileges to SYSTEM.
Three critical vulnerabilities in PHP Voyager allow remote code execution, XSS, and file deletion, with no patches since disclosure on September 11, 2
Welcome to Monday, and what an excitingly fresh start to the week we're all having. Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling gesture 🥰) flagship SSLVPN appliance, the FortiGate. Imagine please that we inserted a
Cisco fixed a ClamAV denial-of-service (DoS) vulnerability, and experts warn of the availability of a proof-of-concept (PoC) exploit code.
Critical SonicWall zero-day (CVE-2025-23006) in SMA 1000 appliances fixed. Rated 9.8 CVSS; patch now to prevent active exploitation.
A new proof-of-concept (PoC) has been released for Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE), identified as CVE-2025-21298.
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives.
Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco
LDAPNightmare PoC exploit crashes Windows Servers via CVE-2024-49113. Patch or monitor CLDAP responses to prevent DoS.
vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest...
Critical flaws in CleanTalk’s WordPress plugin allow remote code execution; update to secure your site.
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04.
Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.
Discover how a new attack technique bypasses Microsoft’s security, enabling OS downgrade attacks on Windows.