Friday, February 14, 2025

CVE/vulnerability

NVIDIA Container Toolkit Vulnerable to Code Execution Attacks

NVIDIA has issued a critical security update to address a high-severity vulnerability discovered in the NVIDIA® Container Toolkit for Linux.The flaw, tracked as CVE-2025-23359, could allow attackers to exploit a...

Apache Fineract SQL Injection Vulnerability Allows Malicious Data Injection

The Apache Software Foundation has disclosed a critical SQL injection vulnerability in its widely utilized financial platform, Apache Fineract.The flaw, tracked as CVE-2024-32838, affects multiple...

AMD Ryzen Flaw Enables Code Execution Through DLL Hijacking

A security vulnerability has been identified in the AMD Ryzenâ„¢ Master Utility, a performance-tuning tool for AMD Ryzenâ„¢ processors.This flaw, discovered by a security researcher, allows for privilege escalation and arbitrary...

Hackers Exploiting Newly Discovered PAN-OS Authentication Bypass Vulnerability

Threat actors actively exploit a new high-severity vulnerability, CVE-2025-0108, in Palo Alto Networks' PAN-OS.This exploit allows attackers to bypass authentication, execute certain PHP scripts,...

WinZip Vulnerability Allows Remote Attackers to Execute Arbitrary Code

A newly discovered vulnerability in WinZip, a popular file compression and archiving utility, has raised alarms among cybersecurity experts.Identified as CVE-2025-1240, this critical flaw...

New Microsoft Windows GUI 0-Day Vulnerability Actively Exploited in the Wild

A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly being actively exploited by the Chinese state-sponsored Advanced Persistent Threat...

30,000 WordPress Sites Exposed to Exploitation via File Upload Vulnerability

A critical security vulnerability in the "Security & Malware scan by CleanTalk" plugin has left over 30,000 WordPress websites exposed to exploitation.The vulnerability, identified...

Crowdstrike Falcon Sensor for Linux Vulnerability Allows MiTM Attack

CrowdStrike has disclosed a vulnerability (CVE-2025-1146) in its Falcon Sensor for Linux, its Falcon Kubernetes Admission Controller, and its Falcon Container Sensor.This flaw stems...

Amazon Machine Image Vulnerability Allows Hackers to Publish Fake Resources

 A new security vulnerability targeting Amazon Machine Images (AMIs) has emerged, exposing organizations and users to potential exploitation.Dubbed the "whoAMI name confusion attack," this...

Critical Chrome Flaw Allows Attackers to Remotely Execute Code

Google has released an urgent update for its Chrome browser to address a critical security vulnerability that could allow attackers to remotely execute malicious...

Palo Alto PAN-OS Zero-Day Flaw Allows Attackers to Bypass Web Interface Authentication

Palo Alto Networks has disclosed a zero-day vulnerability in its PAN-OS software (CVE-2025-0108), allowing attackers to bypass authentication on the management web interface.With a...