Security News

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
2025-05-29 05:34

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload...

Why CVSS is failing us and what we can do about it
2025-05-14 18:15

How Adversarial Exposure Validation is changing the way we approach vulnerability management Partner content Two decades ago, CVSS revolutionized vulnerability management, enabling security teams...

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
2025-05-14 08:14

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of...

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
2025-05-08 04:57

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a...

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
2025-04-17 10:32

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication...

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
2025-04-15 13:44

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even...

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
2025-02-04 05:08

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges...

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
2025-01-23 06:21

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on...

Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
2024-12-27 06:46

The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution...

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
2024-12-25 13:30

The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute...