Latest Security News
Security Updates
Latest security news and articles covering recent vulnerabilities and their impacts.
Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188
2025-06-02 06:58
Securityaffairs.com
1 CVE
Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon. Details of a critical vulnerability, tracked as CVE-2025-20188, impacting Cisco IOS XE WLC are now public, raising t…
Critical Flaw in Fabio Load Balancer Allows HTTP Header Tampering & Access Bypass
2025-06-02 00:39
SecurityOnline.info
1 CVE
The post Critical Flaw in Fabio Load Balancer Allows HTTP Header Tampering & Access Bypass appeared first on Daily CyberSecurity.
Two flaws in vBulletin forum software are under attack
2025-06-01 13:50
Securityaffairs.com
2 CVEs
Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks. Two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, enable API abuse and remote code execution. The exper…
Jailbreak news of the week: Avoiding certain social media tweaks, PureKFD updates, CVE-2025-31200 PoC, & more…
2025-06-01 13:30
Idownloadblog.com
1 CVE
The iDownloadBlog team chases down the latest iPhone and iPad hacking and/or jailbreaking news every week and wraps it up on the weekend.
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
2025-05-31 23:33
Biztoc.com
2 CVEs
Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both …
Exploit details for max severity Cisco IOS XE flaw now public
2025-05-31 14:09
BleepingComputer
1 CVE
Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. [...]
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
2025-05-31 10:19
Internet
2 CVEs
Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both …
Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
2025-05-30 13:23
Seclists.org
3 CVEs
Posted by Matthias Gerstner on May 30Hi, I just checked this attack vector more closely. The resulting file receives the mode 0666, because bits missing in the `mode` argument passed to `openat()` are masked out. The strace of `kea-ctrl-agent` looks like th…
Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
2025-05-30 08:14
Seclists.org
3 CVEs
Posted by Matthias Gerstner on May 30Hi, very nice addition! We already felt like there was little left to succeed in the attack, but didn't think of ACLs. We will make an update to our blog post to reflect this. Cheers Matthias
Samsung blesses Galaxy M13 with May 2025 security update
2025-05-30 03:21
SamMobile
6 CVEs
Update: Samsung addressed five (CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076) of the eighteen 0-day vulnerabilities in Exynos Modems through the March 2023 security patch. One vulnerability identified as CVE-2023-24033, menti…
Local information disclosure in apport and systemd-coredump
2025-05-29 17:19
Seclists.org
2 CVEs
Posted by Qualys Security Advisory on May 29Qualys Security Advisory Local information disclosure in apport and systemd-coredump (CVE-2025-5054 and CVE-2025-4598) ======================================================================== Contents ============…
CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters
2025-05-29 15:15
Offsec.com
1 CVE
A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint. The post CVE-2025-0655 – Remote Code Execution in D-Tale via…
Chrome Stable Channel Update for Desktop (Google, 2025.05.27)
2025-05-29 15:00
Ryukoku.ac.jp
2 CVEs
Chrome 137.0.7151.55 (Linux) 137.0.7151.55/56 (Windows / Mac) stable 11 篁吟祉ュャ」篆③c [$4000][40058068] Medium CVE-2025-5064: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-11-29 [$2000][40059071] Medium CVE-2025-5065…
Re: CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort
2025-05-29 09:48
Seclists.org
1 CVE
Posted by Simon McVittie on May 29On Tue, 27 May 2025 at 14:43:44 -0700, Alan Coopersmith forwarded: How would an attacker trigger this? Is this only exploitable if the attacker has control over the sort key (equivalent of -k), *and* the key is passed in t…
Security researchers share PoC for CVE-2025-31200, a security vulnerability patched in iOS 18.4.1
2025-05-29 02:25
Idownloadblog.com
1 CVE
Security researchers have shared a poof-of-concept of CVE-2025-31200, a security vulnerability patched in iOS 18.4.1.
GreenboneOS: Attackers Advance on Two New Ivanti EPMM Flaws
2025-05-28 09:57
Greenbone.net
2 CVEs
Just last month, CVE-2025-22457 (CVSS 9.8) affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways was recognized as a vector for ransomware. Now, two new CVEs have been added to the growing list of high-risk Ivanti vulnerabilities; CVE-2025-4427 and…
[SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL
2025-05-28 05:54
Seclists.org
1 CVE
Posted by Daniel Stenberg on May 27No QUIC certificate pinning with wolfSSL ======================================== Project curl Security Advisory, May 28 2025 - [Permalink](https://curl.se/docs/CVE-2025-5025.html) VULNERABILITY ------------- libcurl supp…
[SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL
2025-05-28 05:51
Seclists.org
1 CVE
Posted by Daniel Stenberg on May 27QUIC certificate check skip with wolfSSL ======================================== Project curl Security Advisory, May 28 2025 - [Permalink](https://curl.se/docs/CVE-2025-4947.html) VULNERABILITY ------------- libcurl acci…
OpenSSL x509アプリケーションにおける、拒否設定の代わりに信頼設定を付加してしまう問題(OpenSSL Security Advisory [22nd May 2025])
2025-05-27 05:30
Jvn.jp
1 CVE
OpenSSL Projectより、OpenSSL Security Advisory [22nd May 2025]("The x509 application adds trusted use instead of rejected use (CVE-2025-4575)")が公開されました。
Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments
2025-05-26 15:29
HackRead
1 CVE
Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from…