#security-vulnerability

#security-vulnerability

Critical security flaw in Apache Struts 2 allows file upload manipulation, posing severe risks of remote code execution; immediate updates are essential.

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.

A critical 9.9-rated unauthenticated RCE flaw is affecting GNU/Linux systems, with no fix yet despite disclosure to developers three weeks ago.

A high-severity vulnerability in Meta's Llama framework could allow remote code execution via deserialization of untrusted data.

A critical security vulnerability in Apache Parquet allows remote code execution, affecting versions up to 1.15.0.

Commvault's Command Center has a serious vulnerability (CVE-2025-34028) that allows remote code execution.

Organizations must ensure their systems are updated to version 11.38.20 to mitigate the risk.

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.

Next.js framework has a critical security flaw in its middleware that could affect millions of sites.

Wiz highlights a serious database vulnerability in DeepSeek, underscoring the AI industry's need for improved security measures.

AWS fixed a significant vulnerability in its Cloud Development Kit that could lead to account hijacking for a small percentage of users.

Apple patched a vulnerability allowing unauthorized access to sensitive data by bypassing the TCC framework, potentially compromising user privacy.

A recently patched macOS security flaw allowed potential exploitation to bypass System Integrity Protection, endangering system integrity and facilitating malicious activities.

Thousands of WordPress sites are unpatched against a critical vulnerability in the Hunk Companion plugin, exposing them to serious security risks.

A critical vulnerability in the Hunk Companion WordPress plugin allows attackers to install malicious plugins, which can lead to severe security breaches.

A security vulnerability in Styra's Open Policy Agent could leak NTLM hashes, allowing for credential theft and exploitation.

The flaw is linked to improper input validation leading to unauthorized access.

Google acted promptly to remove a potentially vulnerable software from Pixel smartphones to prevent hacking risks.

No evidence of exploitation was found, but concerns led to proactive security measures.

The Google Cloud Document AI service has a serious vulnerability that remains unaddressed, enabling potential data theft from Cloud Storage.

Mac users with versions before 8.10.36 of 1Password are vulnerable to a bug allowing theft of vault items.

YubiKey devices have a vulnerability that allows cloning, discovered in the Infineon cryptographic library, affecting many models and with moderate exploit difficulty.

YubiKey 5 has a vulnerability that allows cloning if an attacker has temporary physical access.

NinjaLab has revealed a vulnerability in YubiKey 5 Series that enables cloning of the devices, posing risks mainly to sensitive users.