Friday, May 23, 2025

CVE/vulnerability

Moodle Core vulnerabilities Allow Attackers to Evade Security Measures

A recent security audit has uncovered critical vulnerabilities within Moodle, the widely used open-source learning management system (LMS). These vulnerabilities allow attackers to evade...

TP-Link Router Vulnerabilities Allow Attackers to Execute Malicious SQL Commands

Cybersecurity researchers have uncovered critical SQL injection vulnerabilities in four TP-Link router models, enabling attackers to execute malicious commands, bypass authentication, and potentially hijack...

PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability

A critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH implementation (CVE-2025-32433) has now entered active exploit risk after researchers published a proof-of-concept (PoC)...

Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation

A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, has sent shockwaves through the cybersecurity community after researchers revealed it could...

HPE Performance Cluster Manager Vulnerability Enables Unauthorized Access

Hewlett Packard Enterprise (HPE) has disclosed a severe security flaw in its Performance Cluster Manager (HPCM) software that could allow attackers to bypass authentication...

Hackers Abuse Zoom’s Remote Control to Access Users’ Computers

A newly uncovered hacking campaign is targeting business leaders and cryptocurrency firms by abusing Zoom’s remote control feature, allowing attackers to take over victims’...

Speedify VPN Vulnerability on macOS Exposes Users to System Takeover

A major security flaw in the Speedify VPN application for macOS, tracked as CVE-2025-25364, has exposed millions of users to the risk of complete system...

Critical PyTorch Vulnerability Allows Hackers to Run Remote Code

A newly disclosed critical vulnerability (CVE-2025-32434) in PyTorch, the widely used open-source machine learning framework, allows attackers to execute arbitrary code on systems loading...